Weekly Vulnerabilities Reports > October 14 to 20, 2019
Overview
433 new vulnerabilities reported during this period, including 69 critical vulnerabilities and 155 high severity vulnerabilities. This weekly summary report vulnerabilities in 425 products from 116 vendors including Oracle, Adobe, Canonical, Netapp, and Cisco. Vulnerabilities are notably categorized as "Cross-site Scripting", "Use After Free", "Out-of-bounds Read", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Out-of-bounds Write".
- 361 reported vulnerabilities are remotely exploitables.
- 10 reported vulnerabilities have public exploit available.
- 94 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 259 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 139 reported vulnerabilities.
- Adobe has the most reported critical vulnerabilities, with 19 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
69 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-10-16 | CVE-2019-10458 | Jenkins | Unspecified vulnerability in Jenkins Puppet Enterprise Pipeline Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code. | 9.9 |
2019-10-15 | CVE-2019-10760 | Safer Eval Project | Unspecified vulnerability in Safer-Eval Project Safer-Eval safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. | 9.9 |
2019-10-15 | CVE-2019-10759 | Safer Eval Project | Unspecified vulnerability in Safer-Eval Project Safer-Eval safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. | 9.9 |
2019-10-18 | CVE-2019-17526 | Sagemath | OS Command Injection vulnerability in Sagemath Sagemathcell An issue was discovered in SageMath Sage Cell Server through 2019-10-05. | 9.8 |
2019-10-18 | CVE-2019-17393 | Tomedo | Insufficiently Protected Credentials vulnerability in Tomedo Server 1.7.3 The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. | 9.8 |
2019-10-18 | CVE-2019-15900 | Doas Project | Use of Uninitialized Resource vulnerability in Doas Project Doas An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. | 9.8 |
2019-10-17 | CVE-2019-8221 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 9.8 |
2019-10-17 | CVE-2019-8220 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions, 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 9.8 |
2019-10-17 | CVE-2019-8215 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 9.8 |
2019-10-17 | CVE-2019-8214 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 9.8 |
2019-10-17 | CVE-2019-8213 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 9.8 |
2019-10-17 | CVE-2019-8212 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 9.8 |
2019-10-17 | CVE-2019-8211 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 9.8 |
2019-10-17 | CVE-2019-8206 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. | 9.8 |
2019-10-17 | CVE-2019-8205 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. | 9.8 |
2019-10-17 | CVE-2019-8200 | Adobe | Type Confusion vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. | 9.8 |
2019-10-17 | CVE-2019-8199 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. | 9.8 |
2019-10-17 | CVE-2019-8197 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a heap overflow vulnerability. | 9.8 |
2019-10-17 | CVE-2019-8196 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. | 9.8 |
2019-10-17 | CVE-2019-8195 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. | 9.8 |
2019-10-17 | CVE-2019-8186 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. | 9.8 |
2019-10-17 | CVE-2019-8169 | Adobe | Type Confusion vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. | 9.8 |
2019-10-17 | CVE-2019-8167 | Adobe | Type Confusion vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. | 9.8 |
2019-10-17 | CVE-2019-8161 | Adobe | Type Confusion vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. | 9.8 |
2019-10-17 | CVE-2019-15066 | Hinet | Unspecified vulnerability in Hinet Gpon Firmware An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. | 9.8 |
2019-10-17 | CVE-2019-15064 | Hinet | Missing Authentication for Critical Function vulnerability in Hinet Gpon Firmware HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication. | 9.8 |
2019-10-17 | CVE-2019-13409 | Topmeeting | SQL Injection vulnerability in Topmeeting A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19). | 9.8 |
2019-10-17 | CVE-2019-8071 | Adobe | Incorrect Permission Assignment for Critical Resource vulnerability in Adobe Download Manager 2.0.0.363 Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. | 9.8 |
2019-10-17 | CVE-2019-10752 | Sequelizejs | SQL Injection vulnerability in Sequelizejs Sequelize Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite. | 9.8 |
2019-10-17 | CVE-2019-13411 | Hinet | Unspecified vulnerability in Hinet Gpon Firmware An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. | 9.8 |
2019-10-17 | CVE-2019-17670 | Wordpress Debian | Server-Side Request Forgery (SSRF) vulnerability in multiple products WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs. | 9.8 |
2019-10-17 | CVE-2019-17669 | Wordpress Debian | Server-Side Request Forgery (SSRF) vulnerability in multiple products WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters. | 9.8 |
2019-10-16 | CVE-2019-13116 | Mulesoft | Deserialization of Untrusted Data vulnerability in Mulesoft Mule Runtime 3.2.0 The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections | 9.8 |
2019-10-16 | CVE-2019-16700 | Slub Dresden | Unrestricted Upload of File with Dangerous Type vulnerability in Slub-Dresden Slub Events The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. | 9.8 |
2019-10-16 | CVE-2019-16699 | SR Freecap Project | Improper Input Validation vulnerability in SR Freecap Project SR Freecap The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code Execution. | 9.8 |
2019-10-16 | CVE-2019-15260 | Cisco | Unspecified vulnerability in Cisco products A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. | 9.8 |
2019-10-16 | CVE-2019-2904 | Oracle | Unspecified vulnerability in Oracle products Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). | 9.8 |
2019-10-16 | CVE-2019-17662 | Cybelsoft | Insufficiently Protected Credentials vulnerability in Cybelsoft Thinvnc 1.0 ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. | 9.8 |
2019-10-16 | CVE-2019-6334 | HP | Unspecified vulnerability in HP Futuresmart 3 and Futuresmart 4 HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check application signature that may allow potential execution of arbitrary code. | 9.8 |
2019-10-16 | CVE-2019-17626 | Reportlab | XML Injection (aka Blind XPath Injection) vulnerability in Reportlab ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code. | 9.8 |
2019-10-16 | CVE-2016-11014 | Netgear | Insufficient Session Expiration vulnerability in Netgear Jnr1010 Firmware NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case. | 9.8 |
2019-10-15 | CVE-2019-17613 | Qibosoft | Code Injection vulnerability in Qibosoft 7.0 qibosoft 7 allows remote code execution because do/jf.php makes eval calls. | 9.8 |
2019-10-15 | CVE-2019-17395 | Rapidgator | Information Exposure Through Log Files vulnerability in Rapidgator 0.7.1 In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | 9.8 |
2019-10-15 | CVE-2019-17602 | Zohocorp | SQL Injection vulnerability in Zohocorp Manageengine Opmanager An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. | 9.8 |
2019-10-15 | CVE-2019-17601 | Minishare Project | Out-of-bounds Write vulnerability in Minishare Project Minishare 1.4.1 In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP CONNECT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19862 and CVE-2018-19861. | 9.8 |
2019-10-15 | CVE-2019-17398 | Darkhorse | Information Exposure Through Log Files vulnerability in Darkhorse Dark Horse Comics 1.3.21 In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via logcat. | 9.8 |
2019-10-15 | CVE-2019-17396 | Powerschool | Information Exposure Through Log Files vulnerability in Powerschool Mobile In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | 9.8 |
2019-10-15 | CVE-2019-17394 | Seesaw | Information Exposure Through Log Files vulnerability in Seesaw Parent and Family 6.2.5 In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | 9.8 |
2019-10-15 | CVE-2019-17355 | Orbitz | Information Exposure Through Log Files vulnerability in Orbitz 19.31.1 In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | 9.8 |
2019-10-15 | CVE-2019-17397 | Doordash | Information Exposure Through Log Files vulnerability in Doordash 11.0.2/11.5.2 In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | 9.8 |
2019-10-15 | CVE-2019-17600 | Intelbras | Cross-Site Request Forgery (CSRF) vulnerability in Intelbras IWR 1000N Firmware 1.6.4 Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled. | 9.8 |
2019-10-15 | CVE-2019-17195 | Connect2Id Apache Oracle | Improper Handling of Exceptional Conditions vulnerability in multiple products Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass. | 9.8 |
2019-10-14 | CVE-2019-12941 | Autopi | Improper Restriction of Excessive Authentication Attempts vulnerability in Autopi 4G/Lte Firmware and Wi-Fi/Nb Firmware AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. | 9.8 |
2019-10-14 | CVE-2017-14948 | Dlink | Classic Buffer Overflow vulnerability in Dlink products Certain D-Link products are affected by: Buffer Overflow. | 9.8 |
2019-10-14 | CVE-2019-16278 | Nazgul | Path Traversal vulnerability in Nazgul Nostromo Nhttpd Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request. | 9.8 |
2019-10-14 | CVE-2019-17580 | Dormsystem Project | SQL Injection vulnerability in Dormsystem Project Dormsystem 1.1/1.2/1.3 tonyy dormsystem through 1.3 allows SQL Injection in admin.php. | 9.8 |
2019-10-14 | CVE-2019-17553 | Metinfo | SQL Injection vulnerability in Metinfo 7.0.0 An issue was discovered in MetInfo v7.0.0 beta. | 9.8 |
2019-10-14 | CVE-2019-17552 | Idreamsoft | SQL Injection vulnerability in Idreamsoft Icms 7.0.14 An issue was discovered in idreamsoft iCMS v7.0.14. | 9.8 |
2019-10-14 | CVE-2019-17408 | Zzzcms | Code Injection vulnerability in Zzzcms Zzzphp 1.7.3 parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr. | 9.8 |
2019-10-14 | CVE-2019-17545 | Osgeo Oracle Debian Fedoraproject Opensuse | Double Free vulnerability in multiple products GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. | 9.8 |
2019-10-14 | CVE-2019-17542 | Ffmpeg Canonical Debian | Out-of-bounds Write vulnerability in multiple products FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. | 9.8 |
2019-10-14 | CVE-2019-17539 | Ffmpeg Debian Canonical | NULL Pointer Dereference vulnerability in multiple products In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. | 9.8 |
2019-10-16 | CVE-2019-3020 | Oracle | Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). | 9.3 |
2019-10-17 | CVE-2019-17631 | Eclipse Redhat | Improper Privilege Management vulnerability in multiple products From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks. | 9.1 |
2019-10-16 | CVE-2019-17512 | Dlink | Missing Authentication for Critical Function vulnerability in Dlink Dir-412 Firmware A11.14Ww There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. | 9.1 |
2019-10-14 | CVE-2019-17574 | Code Atlantic | Authorization Bypass Through User-Controlled Key vulnerability in Code-Atlantic Popup Maker An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. | 9.1 |
2019-10-14 | CVE-2019-17544 | GNU Canonical | Out-of-bounds Read vulnerability in multiple products libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. | 9.1 |
2019-10-16 | CVE-2019-3025 | Oracle | Unspecified vulnerability in Oracle Hospitality RES 3700 5.7 Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. | 9.0 |
2019-10-16 | CVE-2019-17625 | Rambox | OS Command Injection vulnerability in Rambox 0.6.9 There is a stored XSS in Rambox 0.6.9 that can lead to code execution. | 9.0 |
155 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-10-18 | CVE-2019-17367 | Openwrt | Cross-Site Request Forgery (CSRF) vulnerability in Openwrt 18 OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/. | 8.8 |
2019-10-18 | CVE-2019-15901 | Doas Project | Improper Privilege Management vulnerability in Doas Project Doas An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. | 8.8 |
2019-10-17 | CVE-2019-8225 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8224 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8223 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8219 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8217 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8210 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8209 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8208 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8204 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8203 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8192 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8191 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8183 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a heap overflow vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8181 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8180 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8179 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8178 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8177 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8176 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8175 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8174 | Adobe | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8171 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8170 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a heap overflow vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8166 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a buffer overrun vulnerability. | 8.8 |
2019-10-17 | CVE-2019-8165 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. | 8.8 |
2019-10-17 | CVE-2019-17119 | Wikidsystems | SQL Injection vulnerability in Wikidsystems TWO Factor Authentication Enterprise Server Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter. | 8.8 |
2019-10-17 | CVE-2019-13657 | Broadcom | Use of Hard-coded Credentials vulnerability in Broadcom CA Performance Management and Network Operations CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. | 8.8 |
2019-10-17 | CVE-2019-17118 | Wikidsystems | Cross-Site Request Forgery (CSRF) vulnerability in Wikidsystems 2FA Enterprise Server A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as (1) create or delete admin users; (2) create or delete groups; or (3) create, delete, enable, or disable normal users or devices. | 8.8 |
2019-10-17 | CVE-2019-17117 | Wikidsystems | SQL Injection vulnerability in Wikidsystems 2FA Enterprise Server A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter. | 8.8 |
2019-10-17 | CVE-2019-16917 | Wikidsystems | SQL Injection vulnerability in Wikidsystems TWO Factor Authentication Enterprise Server WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. | 8.8 |
2019-10-17 | CVE-2019-14287 | Sudo Project Fedoraproject Debian Opensuse Canonical Netapp Redhat | Improper Handling of Exceptional Conditions vulnerability in multiple products In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. | 8.8 |
2019-10-17 | CVE-2019-15850 | EQ 3 | Missing Authorization vulnerability in Eq-3 Homematic Ccu3 Firmware 3.41.11 eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execution in the ReGa.runScript method. | 8.8 |
2019-10-17 | CVE-2019-14423 | EQ 3 | OS Command Injection vulnerability in Eq-3 Ccu2 Firmware and Cux-Daemon A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request. | 8.8 |
2019-10-17 | CVE-2019-17676 | Metinfo | Cross-Site Request Forgery (CSRF) vulnerability in Metinfo 7.0.0 app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI. | 8.8 |
2019-10-17 | CVE-2019-17675 | Wordpress Debian | Type Confusion vulnerability in multiple products WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF. | 8.8 |
2019-10-17 | CVE-2019-17666 | Linux Debian Canonical | Classic Buffer Overflow vulnerability in multiple products rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. | 8.8 |
2019-10-16 | CVE-2019-12636 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 8.8 |
2019-10-16 | CVE-2019-3028 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 8.8 |
2019-10-16 | CVE-2019-3010 | Oracle | Unspecified vulnerability in Oracle Solaris 11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). | 8.8 |
2019-10-16 | CVE-2019-10449 | Jenkins | Cleartext Storage of Sensitive Information vulnerability in Jenkins Fortify on Demand Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |
2019-10-16 | CVE-2019-10448 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Extensive Testing 1.4.3/1.4.4 Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |
2019-10-16 | CVE-2019-10443 | Jenkins | Cleartext Storage of Sensitive Information vulnerability in Jenkins Icescrum Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |
2019-10-16 | CVE-2019-10440 | Jenkins | Cleartext Storage of Sensitive Information vulnerability in Jenkins Neoload Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |
2019-10-16 | CVE-2019-10437 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins CRX Content Package Deployer A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
2019-10-14 | CVE-2019-17593 | Jizhicms | Cross-Site Request Forgery (CSRF) vulnerability in Jizhicms 1.5.1 JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator. | 8.8 |
2019-10-14 | CVE-2019-17547 | Imagemagick | Use After Free vulnerability in Imagemagick In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free. | 8.8 |
2019-10-14 | CVE-2019-17546 | Libtiff Osgeo | Integer Overflow or Wraparound vulnerability in multiple products tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. | 8.8 |
2019-10-14 | CVE-2019-17541 | Imagemagick | Use After Free vulnerability in Imagemagick ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. | 8.8 |
2019-10-14 | CVE-2019-17540 | Imagemagick Debian | Out-of-bounds Write vulnerability in multiple products ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c. | 8.8 |
2019-10-14 | CVE-2019-17501 | Centreon | OS Command Injection vulnerability in Centreon 19.04.0 Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen). | 8.8 |
2019-10-17 | CVE-2019-11284 | Pivotal | Insufficiently Protected Credentials vulnerability in Pivotal Reactor Netty Pivotal Reactor Netty, versions prior to 0.8.11, passes headers through redirects, including authorization ones. | 8.6 |
2019-10-16 | CVE-2019-15261 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the Point-to-Point Tunneling Protocol (PPTP) VPN packet processing functionality in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. | 8.6 |
2019-10-16 | CVE-2019-2905 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). | 8.6 |
2019-10-16 | CVE-2019-3017 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 8.2 |
2019-10-16 | CVE-2019-3000 | Oracle | Unspecified vulnerability in Oracle Marketing Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 8.2 |
2019-10-16 | CVE-2019-2995 | Oracle | Unspecified vulnerability in Oracle Marketing Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 8.2 |
2019-10-16 | CVE-2019-2994 | Oracle | Unspecified vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 8.2 |
2019-10-16 | CVE-2019-2990 | Oracle | Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Order Tracker). | 8.2 |
2019-10-16 | CVE-2019-2942 | Oracle | Unspecified vulnerability in Oracle Advanced Outbound Telephony Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). | 8.2 |
2019-10-16 | CVE-2019-2906 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Publisher 11.1.1.9.04/12.2.1.3.0/12.2.1.4.0 Vulnerability in the BI Publisher (formerly XML Publisher) product of Oracle Fusion Middleware (component: Mobile Service). | 8.2 |
2019-10-16 | CVE-2019-10446 | Jenkins | Improper Certificate Validation vulnerability in Jenkins Cadence Vmanager Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. | 8.2 |
2019-10-14 | CVE-2019-3767 | Dell | Cleartext Storage of Sensitive Information vulnerability in Dell Imageassist Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. | 8.2 |
2019-10-17 | CVE-2019-8162 | Adobe | Race Condition vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a race condition vulnerability. | 8.1 |
2019-10-16 | CVE-2019-2937 | Oracle | Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 9.1.0 Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. | 8.1 |
2019-10-16 | CVE-2019-2934 | Oracle | Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 9.1.0 Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. | 8.1 |
2019-10-16 | CVE-2019-2891 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 8.1 |
2019-10-14 | CVE-2019-14226 | Open Xchange | Improper Preservation of Permissions vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.2 has Insecure Permissions. | 8.1 |
2019-10-14 | CVE-2019-17543 | LZ4 Project | Out-of-bounds Write vulnerability in LZ4 Project LZ4 LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. | 8.1 |
2019-10-16 | CVE-2019-15252 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. | 8.0 |
2019-10-16 | CVE-2019-15251 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. | 8.0 |
2019-10-16 | CVE-2019-15250 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. | 8.0 |
2019-10-16 | CVE-2019-15249 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. | 8.0 |
2019-10-16 | CVE-2019-15248 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. | 8.0 |
2019-10-16 | CVE-2019-15247 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. | 8.0 |
2019-10-16 | CVE-2019-15246 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. | 8.0 |
2019-10-16 | CVE-2019-15245 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. | 8.0 |
2019-10-16 | CVE-2019-15244 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. | 8.0 |
2019-10-16 | CVE-2019-15243 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. | 8.0 |
2019-10-16 | CVE-2019-15242 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. | 8.0 |
2019-10-16 | CVE-2019-15241 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. | 8.0 |
2019-10-16 | CVE-2019-15240 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. | 8.0 |
2019-10-18 | CVE-2019-18198 | Linux Canonical | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753. | 7.8 |
2019-10-18 | CVE-2019-13545 | Hornerautomation | Out-of-bounds Write vulnerability in Hornerautomation Cscape In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution. | 7.8 |
2019-10-18 | CVE-2019-13541 | Hornerautomation | Out-of-bounds Write vulnerability in Hornerautomation Cscape In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. | 7.8 |
2019-10-17 | CVE-2019-18192 | GNU | Incorrect Permission Assignment for Critical Resource vulnerability in GNU Guix 1.0.1 GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365. | 7.8 |
2019-10-16 | CVE-2019-17665 | NSA | Uncontrolled Search Path Element vulnerability in NSA Ghidra 9.0/9.0.1/9.0.2 NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory. | 7.8 |
2019-10-16 | CVE-2019-17664 | NSA | Untrusted Search Path vulnerability in NSA Ghidra NSA Ghidra through 9.0.4 uses a potentially untrusted search path. | 7.8 |
2019-10-16 | CVE-2019-10453 | Jenkins | Cleartext Storage of Sensitive Information vulnerability in Jenkins Delphix Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 7.8 |
2019-10-16 | CVE-2019-4031 | IBM | Unspecified vulnerability in IBM Tivoli Workload Scheduler IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges. | 7.8 |
2019-10-16 | CVE-2019-17624 | X ORG | Out-of-bounds Write vulnerability in X.Org X Server "" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. | 7.8 |
2019-10-14 | CVE-2019-14737 | Ubisoft | Incorrect Default Permissions vulnerability in Ubisoft Uplay 92.0.0.6280 Ubisoft Uplay 92.0.0.6280 has Insecure Permissions. | 7.8 |
2019-10-14 | CVE-2019-17044 | BMC | Incorrect Default Permissions vulnerability in BMC Patrol Agent 9.0.10I An issue was discovered in BMC Patrol Agent 9.0.10i. | 7.8 |
2019-10-14 | CVE-2019-17043 | BMC | Incorrect Default Permissions vulnerability in BMC Patrol Agent 9.0.10I An issue was discovered in BMC Patrol Agent 9.0.10i. | 7.8 |
2019-10-14 | CVE-2019-16519 | Eset | Improper Privilege Management vulnerability in Eset products ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks. | 7.8 |
2019-10-14 | CVE-2019-9745 | Cloudcti | Improper Privilege Management vulnerability in Cloudcti HIP Integrator Recognition Configuration Tool CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. | 7.8 |
2019-10-19 | CVE-2019-18214 | Video Converter Project | Missing Release of Resource after Effective Lifetime vulnerability in Video Converter Project Video Converter 0.1.0 The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. | 7.7 |
2019-10-16 | CVE-2019-2986 | Oracle | Unspecified vulnerability in Oracle Graalvm 19.2.0 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). | 7.7 |
2019-10-16 | CVE-2019-2932 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Tree Manager). | 7.7 |
2019-10-18 | CVE-2019-18197 | Xmlsoft Debian Canonical | Use of Uninitialized Resource vulnerability in multiple products In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. | 7.5 |
2019-10-18 | CVE-2019-16919 | Linuxfoundation Vmware | Incorrect Default Permissions vulnerability in multiple products Harbor API has a Broken Access Control vulnerability. | 7.5 |
2019-10-18 | CVE-2019-17513 | Ratpack Project | Injection vulnerability in Ratpack Project Ratpack An issue was discovered in Ratpack before 1.7.5. | 7.5 |
2019-10-17 | CVE-2019-8226 | Adobe | Unspecified vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an incomplete implementation of security mechanism vulnerability. | 7.5 |
2019-10-17 | CVE-2019-8222 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. | 7.5 |
2019-10-17 | CVE-2019-8218 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. | 7.5 |
2019-10-17 | CVE-2019-8216 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. | 7.5 |
2019-10-17 | CVE-2019-8207 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. | 7.5 |
2019-10-17 | CVE-2019-8202 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. | 7.5 |
2019-10-17 | CVE-2019-8201 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. | 7.5 |
2019-10-17 | CVE-2019-8198 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. | 7.5 |
2019-10-17 | CVE-2019-8194 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. | 7.5 |
2019-10-17 | CVE-2019-8193 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. | 7.5 |
2019-10-17 | CVE-2019-8185 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. | 7.5 |
2019-10-17 | CVE-2019-8184 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. | 7.5 |
2019-10-17 | CVE-2019-8182 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. | 7.5 |
2019-10-17 | CVE-2019-8168 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. | 7.5 |
2019-10-17 | CVE-2019-8164 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. | 7.5 |
2019-10-17 | CVE-2019-6476 | ISC | Reachable Assertion vulnerability in ISC Bind A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. | 7.5 |
2019-10-17 | CVE-2019-6475 | ISC | Insufficient Verification of Data Authenticity vulnerability in ISC Bind Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. | 7.5 |
2019-10-17 | CVE-2019-15065 | Hinet | Unspecified vulnerability in Hinet Gpon Firmware A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. | 7.5 |
2019-10-17 | CVE-2019-13412 | Hinet | Unspecified vulnerability in Hinet Gpon Firmware A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. | 7.5 |
2019-10-17 | CVE-2019-13410 | Topmeeting | Information Exposure vulnerability in Topmeeting TOPMeeting before version 8.8 (2019/08/19) shows attendees account and password in front end page that allows an attacker to obtain sensitive information by browsing the source code of the page. | 7.5 |
2019-10-17 | CVE-2019-15626 | Trendmicro | Cleartext Transmission of Sensitive Information vulnerability in Trendmicro Deep Security 10.0/11.0/12.0 The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. | 7.5 |
2019-10-17 | CVE-2019-11253 | Kubernetes Redhat | XML Entity Expansion vulnerability in multiple products Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. | 7.5 |
2019-10-17 | CVE-2019-17673 | Wordpress Debian | WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header. | 7.5 |
2019-10-16 | CVE-2019-15262 | Cisco | Improper Resource Shutdown or Release vulnerability in Cisco products A vulnerability in the Secure Shell (SSH) session management for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
2019-10-16 | CVE-2019-2965 | Oracle | Unspecified vulnerability in Oracle Siebel CRM Vulnerability in the Siebel Core - DB Deployment and Configuration product of Oracle Siebel CRM (component: Install - Configuration). | 7.5 |
2019-10-16 | CVE-2019-2900 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). | 7.5 |
2019-10-16 | CVE-2019-2895 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Vulnerability in the Enterprise Manager for Exadata product of Oracle Enterprise Manager (component: Exadata Plug-In Deploy and Ins). | 7.5 |
2019-10-15 | CVE-2019-14832 | Redhat | Incorrect Authorization vulnerability in Redhat Keycloak A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. | 7.5 |
2019-10-15 | CVE-2019-12944 | Gluehome | Missing Authorization vulnerability in Gluehome Glue Smart Lock Firmware 2.7.8 Glue Smart Lock 2.7.8 devices do not properly block guest access in certain situations where the network connection is unavailable. | 7.5 |
2019-10-14 | CVE-2019-17592 | CSV Parse Project Fedoraproject | Resource Exhaustion vulnerability in multiple products The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. | 7.5 |
2019-10-14 | CVE-2019-16279 | Nazgul | Path Traversal vulnerability in Nazgul Nostromo Nhttpd A memory error in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request. | 7.5 |
2019-10-14 | CVE-2019-17583 | Idreamsoft | Allocation of Resources Without Limits or Throttling vulnerability in Idreamsoft Icms 7.0.15 idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive integer. | 7.5 |
2019-10-14 | CVE-2019-17511 | Dlink | Missing Authentication for Critical Function vulnerability in Dlink Dir-412 Firmware A11.14Ww There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. | 7.5 |
2019-10-14 | CVE-2019-14823 | JSS Cryptomanager Project Redhat | A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. | 7.4 |
2019-10-17 | CVE-2019-15849 | EQ 3 | Session Fixation vulnerability in Eq-3 Homematic Ccu3 Firmware 3.14.11 eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. | 7.3 |
2019-10-16 | CVE-2019-16682 | URL Redirect Project | SQL Injection vulnerability in URL Redirect Project URL Redirect The url_redirect (aka URL redirect) extension through 1.2.1 for TYPO3 fails to properly sanitize user input and is susceptible to SQL Injection. | 7.3 |
2019-10-16 | CVE-2019-2972 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.4 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 7.3 |
2019-10-16 | CVE-2019-2971 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.4 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 7.3 |
2019-10-16 | CVE-2019-2970 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.4 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 7.3 |
2019-10-16 | CVE-2019-2944 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 7.3 |
2019-10-16 | CVE-2019-2903 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.4 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 7.3 |
2019-10-16 | CVE-2019-2902 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.4 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 7.3 |
2019-10-16 | CVE-2019-2901 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.4 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 7.3 |
2019-10-16 | CVE-2019-2907 | Oracle | Unspecified vulnerability in Oracle web Services 12.2.1.3.0 Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware (component: SOAP with Attachments API for Java). | 7.2 |
2019-10-16 | CVE-2019-2890 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). | 7.2 |
2019-10-16 | CVE-2019-15893 | Sonatype | Unspecified vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution. | 7.2 |
2019-10-15 | CVE-2019-17612 | 74Cms | SQL Injection vulnerability in 74Cms 5.2.8 An issue was discovered in 74CMS v5.2.8. | 7.2 |
2019-10-14 | CVE-2019-17575 | Wbce | Use of Incorrectly-Resolved Name or Reference vulnerability in Wbce CMS A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. | 7.2 |
2019-10-17 | CVE-2019-15627 | Trendmicro | Link Following vulnerability in Trendmicro Deep Security 10.0/11.0/12.0 Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. | 7.1 |
2019-10-16 | CVE-2019-17436 | Paloaltonetworks | Unspecified vulnerability in Paloaltonetworks Globalprotect A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system. | 7.1 |
2019-10-16 | CVE-2019-2953 | Oracle | Unspecified vulnerability in Oracle Hospitality Cruise Dining Room Management 8.0.80 Vulnerability in the Oracle Hospitality Cruise Dining Room Management product of Oracle Hospitality Applications (component: Web Service). | 7.1 |
2019-10-16 | CVE-2019-2947 | Oracle | Unspecified vulnerability in Oracle Food and Beverage Applications 9.1.0 Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. | 7.1 |
186 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-10-20 | CVE-2019-18216 | Asus | Unspecified vulnerability in Asus ROG Zephyrus M Gm501Gs Firmware The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited. | 6.8 |
2019-10-17 | CVE-2019-17668 | Samsung | Unspecified vulnerability in Samsung Galaxy S10 Firmware and Note 10 Firmware Samsung Galaxy S10 and Note10 devices allow unlock operations via unregistered fingerprints in certain situations involving a third-party screen protector. | 6.8 |
2019-10-16 | CVE-2019-2989 | Oracle Redhat Netapp | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). | 6.8 |
2019-10-16 | CVE-2019-2976 | Oracle | Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). | 6.8 |
2019-10-16 | CVE-2019-2949 | Oracle Debian Netapp Redhat Canonical Opensuse Mcafee | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). | 6.8 |
2019-10-16 | CVE-2019-2936 | Oracle | Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 9.1.0 Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. | 6.8 |
2019-10-16 | CVE-2019-2909 | Oracle | Unspecified vulnerability in Oracle Database Server Vulnerability in the Java VM component of Oracle Database Server. | 6.8 |
2019-10-16 | CVE-2019-15277 | Cisco | OS Command Injection vulnerability in Cisco Telepresence Collaboration Endpoint A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges. | 6.7 |
2019-10-16 | CVE-2019-15275 | Cisco | OS Command Injection vulnerability in Cisco Telepresence Collaboration Endpoint A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. | 6.7 |
2019-10-16 | CVE-2019-15274 | Cisco | Improper Input Validation vulnerability in Cisco Telepresence Collaboration Endpoint A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to perform command injections. | 6.7 |
2019-10-17 | CVE-2019-14424 | EQ 3 | Path Traversal vulnerability in Eq-3 Ccu2 Firmware and Cux-Daemon A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request. | 6.5 |
2019-10-16 | CVE-2019-15265 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the bridge protocol data unit (BPDU) forwarding functionality of Cisco Aironet Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an AP port to go into an error disabled state. | 6.5 |
2019-10-16 | CVE-2019-15264 | Cisco | Resource Exhaustion vulnerability in Cisco products A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 6.5 |
2019-10-16 | CVE-2019-15258 | Cisco | NULL Pointer Dereference vulnerability in Cisco Spa112 Firmware and Spa122 Firmware A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to cause a denial of service condition on an affected device. | 6.5 |
2019-10-16 | CVE-2019-15257 | Cisco | Unspecified vulnerability in Cisco Spa112 Firmware and Spa122 Firmware A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device. | 6.5 |
2019-10-16 | CVE-2019-12708 | Cisco | Information Exposure vulnerability in Cisco Spa112 Firmware and Spa122 Firmware A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device. | 6.5 |
2019-10-16 | CVE-2019-12704 | Cisco | Path Traversal vulnerability in Cisco Spa112 Firmware and Spa122 Firmware A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to view the contents of arbitrary files on an affected device. | 6.5 |
2019-10-16 | CVE-2019-6474 | ISC | Missing Release of Resource after Effective Lifetime vulnerability in ISC KEA 1.4.0/1.5.0/1.6.0 A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. | 6.5 |
2019-10-16 | CVE-2019-6473 | ICS | Reachable Assertion vulnerability in ICS KEA 1.6.0 An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. | 6.5 |
2019-10-16 | CVE-2019-6472 | ISC | Reachable Assertion vulnerability in ISC KEA 1.4.0/1.5.0/1.6.0 A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. | 6.5 |
2019-10-16 | CVE-2019-3026 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.5 |
2019-10-16 | CVE-2019-3021 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.5 |
2019-10-16 | CVE-2019-3011 | Oracle Canonical Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). | 6.5 |
2019-10-16 | CVE-2019-3004 | Oracle Canonical Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). | 6.5 |
2019-10-16 | CVE-2019-2980 | Oracle | Unspecified vulnerability in Oracle Flexcube Direct Banking 12.0.2/12.0.3 Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: eMail). | 6.5 |
2019-10-16 | CVE-2019-2974 | Oracle Mariadb Canonical Fedoraproject Opensuse | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.5 |
2019-10-16 | CVE-2019-2967 | Oracle Canonical Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.5 |
2019-10-16 | CVE-2019-2966 | Oracle Canonical Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.5 |
2019-10-16 | CVE-2019-2946 | Oracle Canonical Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). | 6.5 |
2019-10-16 | CVE-2019-2943 | Oracle | Unspecified vulnerability in Oracle Data Integrator 12.2.1.3.0 Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Studio). | 6.5 |
2019-10-16 | CVE-2019-2914 | Oracle Canonical Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). | 6.5 |
2019-10-16 | CVE-2019-10444 | Jenkins | Improper Certificate Validation vulnerability in Jenkins Bumblebee HP ALM Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM. | 6.5 |
2019-10-16 | CVE-2019-10438 | Jenkins | Missing Authorization vulnerability in Jenkins CRX Content Package Deployer A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
2019-10-16 | CVE-2019-10436 | Jenkins | Unspecified vulnerability in Jenkins Google Oauth Credentials An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master. | 6.5 |
2019-10-16 | CVE-2019-17627 | Yalehome | Improper Authentication vulnerability in Yalehome Yale Bluetooth KEY The Yale Bluetooth Key application for mobile devices allows unauthorized unlock actions by sniffing Bluetooth Low Energy (BLE) traffic during one authorized unlock action, and then calculating the authentication key via simple computations on the hex digits of a valid authentication request. | 6.5 |
2019-10-16 | CVE-2016-11015 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Jnr1010 Firmware NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter. | 6.5 |
2019-10-15 | CVE-2019-17356 | Infinitestudio | Insufficiently Protected Credentials vulnerability in Infinitestudio Infinite Design 3.4.12 The Infinite Design application 3.4.12 for Android sends a username and password via TCP without any encryption during login, as demonstrated by sniffing of a public Wi-Fi network. | 6.5 |
2019-10-16 | CVE-2019-2927 | Oracle | Unspecified vulnerability in Oracle Hyperion Data Relationship Management 11.1.2.4 Vulnerability in the Hyperion Data Relationship Management product of Oracle Hyperion (component: Access and Security). | 6.4 |
2019-10-16 | CVE-2019-2897 | Oracle | Unspecified vulnerability in Oracle products Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). | 6.4 |
2019-10-16 | CVE-2019-2969 | Oracle Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). | 6.2 |
2019-10-19 | CVE-2019-18209 | Etherpad | Cross-site Scripting vulnerability in Etherpad 1.7.5 templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer. | 6.1 |
2019-10-17 | CVE-2019-8160 | Adobe | Cross-site Scripting vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a cross-site scripting vulnerability. | 6.1 |
2019-10-17 | CVE-2019-17120 | Wikidsystems | Cross-site Scripting vulnerability in Wikidsystems 2FA Enterprise Server A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/adm_usrs.jsp. | 6.1 |
2019-10-17 | CVE-2019-17116 | Wikidsystems | Cross-site Scripting vulnerability in Wikidsystems TWO Factor Authentication Enterprise Server A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. | 6.1 |
2019-10-17 | CVE-2019-17115 | Wikidsystems | Cross-site Scripting vulnerability in Wikidsystems TWO Factor Authentication Enterprise Server Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. | 6.1 |
2019-10-17 | CVE-2019-17114 | Wikidsystems | Cross-site Scripting vulnerability in Wikidsystems TWO Factor Authentication Enterprise Server A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. | 6.1 |
2019-10-17 | CVE-2019-17672 | Wordpress Debian | Cross-site Scripting vulnerability in multiple products WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements. | 6.1 |
2019-10-16 | CVE-2019-17611 | Hongcms Project | Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter. | 6.1 |
2019-10-16 | CVE-2019-17610 | Hongcms Project | Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter. | 6.1 |
2019-10-16 | CVE-2019-17609 | Hongcms Project | Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter. | 6.1 |
2019-10-16 | CVE-2019-17608 | Hongcms Project | Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 has XSS via the install/index.php dbname parameter. | 6.1 |
2019-10-16 | CVE-2019-17607 | Hongcms Project | Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 has XSS via the install/index.php servername parameter. | 6.1 |
2019-10-16 | CVE-2019-12718 | Cisco | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. | 6.1 |
2019-10-16 | CVE-2019-12705 | Cisco | Cross-site Scripting vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. | 6.1 |
2019-10-16 | CVE-2019-3014 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Performance Monitor). | 6.1 |
2019-10-16 | CVE-2019-2985 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Fluid Core). | 6.1 |
2019-10-16 | CVE-2019-2952 | Oracle | Unspecified vulnerability in Oracle Food and Beverage Applications 9.1.0 Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. | 6.1 |
2019-10-16 | CVE-2019-2931 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). | 6.1 |
2019-10-16 | CVE-2019-2929 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). | 6.1 |
2019-10-16 | CVE-2019-2915 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Fluid Core). | 6.1 |
2019-10-16 | CVE-2019-2889 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). | 6.1 |
2019-10-16 | CVE-2019-2886 | Oracle | Unspecified vulnerability in Oracle Forms 12.2.1.3.0 Vulnerability in the Oracle Forms product of Oracle Fusion Middleware (component: Services). | 6.1 |
2019-10-16 | CVE-2019-17663 | D Link | Cross-site Scripting vulnerability in D-Link Dir-866L Firmware 1.03B04 D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in the device common gateway interface, leading to common injection. | 6.1 |
2019-10-16 | CVE-2019-17660 | Limesurvey | Cross-site Scripting vulnerability in Limesurvey A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO. | 6.1 |
2019-10-16 | CVE-2019-16521 | Managewp | Cross-site Scripting vulnerability in Managewp Broken Link Checker The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. | 6.1 |
2019-10-16 | CVE-2016-11016 | Netgear | Cross-site Scripting vulnerability in Netgear Jnr1010 Firmware NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS. | 6.1 |
2019-10-16 | CVE-2019-13392 | Mindpalette | Cross-site Scripting vulnerability in Mindpalette Natemail 3.0.15 A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. | 6.1 |
2019-10-15 | CVE-2017-1002201 | Haml Debian | Cross-site Scripting vulnerability in multiple products In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. | 6.1 |
2019-10-15 | CVE-2019-17223 | Dolibarr | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.2 There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php. | 6.1 |
2019-10-14 | CVE-2019-14227 | Open Xchange | Cross-site Scripting vulnerability in Open-Xchange Appsuite 7.10.1/7.10.2 OX App Suite 7.10.1 and 7.10.2 allows XSS. | 6.1 |
2019-10-14 | CVE-2019-17579 | Sonarsource | Cross-site Scripting vulnerability in Sonarsource Sonarqube SonarSource SonarQube before 7.8 has XSS in project links on account/projects. | 6.1 |
2019-10-14 | CVE-2019-16344 | Scadabr | Cross-site Scripting vulnerability in Scadabr 1.0Ce A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR/login.htm) in ScadaBR 1.0CE allows a remote attacker to inject arbitrary web script or HTML via the username or password parameter. | 6.1 |
2019-10-16 | CVE-2019-3031 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.0 |
2019-10-16 | CVE-2019-3005 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.0 |
2019-10-16 | CVE-2019-3002 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.0 |
2019-10-16 | CVE-2019-2984 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.0 |
2019-10-16 | CVE-2019-2958 | Oracle Netapp Opensuse Debian | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). | 5.9 |
2019-10-16 | CVE-2019-2896 | Oracle | Unspecified vulnerability in Oracle Micros Relate Customer Relationship Management Software Vulnerability in the MICROS Relate CRM Software product of Oracle Retail Applications (component: Internal Operations). | 5.9 |
2019-10-16 | CVE-2019-2884 | Oracle | Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 17.0 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). | 5.9 |
2019-10-16 | CVE-2019-3022 | Oracle | Unspecified vulnerability in Oracle Content Manager Vulnerability in the Oracle Content Manager product of Oracle E-Business Suite (component: Content). | 5.8 |
2019-10-16 | CVE-2019-2979 | Oracle | Unspecified vulnerability in Oracle Flexcube Direct Banking 12.0.2/12.0.3 Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Payments). | 5.7 |
2019-10-16 | CVE-2019-2956 | Oracle | Unspecified vulnerability in Oracle Database Server Vulnerability in the Core RDBMS (jackson-databind) component of Oracle Database Server. | 5.7 |
2019-10-16 | CVE-2019-17435 | Paloaltonetworks | Unspecified vulnerability in Paloaltonetworks Globalprotect A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation. | 5.5 |
2019-10-16 | CVE-2019-2991 | Oracle Canonical Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 5.5 |
2019-10-14 | CVE-2019-14858 | Redhat | Information Exposure Through Log Files vulnerability in Redhat Ansible Engine A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. | 5.5 |
2019-10-18 | CVE-2019-4409 | Hcltech | Cross-site Scripting vulnerability in Hcltech Traveler HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. | 5.4 |
2019-10-18 | CVE-2019-17207 | Managewp | Cross-site Scripting vulnerability in Managewp Broken Link Checker A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker (aka Broken Link Checker) plugin 1.11.8 for WordPress. | 5.4 |
2019-10-17 | CVE-2019-16330 | Nchsoftware | Cross-site Scripting vulnerability in Nchsoftware Express Accounts Accounting 7.02 In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. | 5.4 |
2019-10-17 | CVE-2019-17674 | Wordpress Debian | Cross-site Scripting vulnerability in multiple products WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. | 5.4 |
2019-10-17 | CVE-2019-17667 | Comtechtel | Cross-site Scripting vulnerability in Comtechtel H8 Heights Remote Gateway Firmware 2.5.1 Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name (aka SiteName) field. | 5.4 |
2019-10-16 | CVE-2019-15270 | Cisco | Cross-site Scripting vulnerability in Cisco Firepower Management Center Firmware A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. | 5.4 |
2019-10-16 | CVE-2019-12702 | Cisco | Cross-site Scripting vulnerability in Cisco Spa112 Firmware and Spa122 Firmware A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to conduct cross-site scripting attacks. | 5.4 |
2019-10-16 | CVE-2019-12638 | Cisco | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web-based management interface. | 5.4 |
2019-10-16 | CVE-2019-12637 | Cisco | Cross-site Scripting vulnerability in Cisco Identity Services Engine Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web-based management interface. | 5.4 |
2019-10-16 | CVE-2019-3019 | Oracle | Unspecified vulnerability in Oracle Banking Digital Experience Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: Loan Calculator). | 5.4 |
2019-10-16 | CVE-2019-17578 | Dolibarr | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.2 An issue was discovered in Dolibarr 10.0.2. | 5.4 |
2019-10-16 | CVE-2019-17577 | Dolibarr | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.2 An issue was discovered in Dolibarr 10.0.2. | 5.4 |
2019-10-16 | CVE-2019-17576 | Dolibarr | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.2 An issue was discovered in Dolibarr 10.0.2. | 5.4 |
2019-10-16 | CVE-2018-3300 | Oracle | Unspecified vulnerability in Oracle Retail Xstore Office 7.1 Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Internal Operations). | 5.4 |
2019-10-16 | CVE-2019-16523 | Pixelite | Cross-site Scripting vulnerability in Pixelite Events Manager The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin. | 5.4 |
2019-10-16 | CVE-2019-16520 | Semperplugins | Cross-site Scripting vulnerability in Semperplugins ALL in ONE SEO Pack The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement. | 5.4 |
2019-10-14 | CVE-2019-17595 | GNU Opensuse | Out-of-bounds Read vulnerability in multiple products There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. | 5.4 |
2019-10-14 | CVE-2019-16282 | Nchsoftware | Cross-site Scripting vulnerability in Nchsoftware Express Invoice 7.12 In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. | 5.4 |
2019-10-14 | CVE-2019-14225 | Open Xchange | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite 7.10.1/7.10.2 OX App Suite 7.10.1 and 7.10.2 allows SSRF. | 5.4 |
2019-10-19 | CVE-2019-18202 | Wago | Unspecified vulnerability in Wago PFC Firmware Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. | 5.3 |
2019-10-17 | CVE-2019-17671 | Wordpress Debian | Information Exposure vulnerability in multiple products In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. | 5.3 |
2019-10-16 | CVE-2019-15282 | Cisco | Missing Authentication for Critical Function vulnerability in Cisco Identity Services Engine Software A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. | 5.3 |
2019-10-16 | CVE-2019-3027 | Oracle | Unspecified vulnerability in Oracle Application Object Library Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login Help). | 5.3 |
2019-10-16 | CVE-2019-3012 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). | 5.3 |
2019-10-16 | CVE-2019-3001 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise SCM Eprocurement 9.2 Vulnerability in the PeopleSoft Enterprise SCM eProcurement product of Oracle PeopleSoft (component: eProcurement). | 5.3 |
2019-10-16 | CVE-2019-2993 | Oracle Canonical Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). | 5.3 |
2019-10-16 | CVE-2019-2935 | Oracle | Unspecified vulnerability in Oracle Siebel UI Framework Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). | 5.3 |
2019-10-16 | CVE-2019-2924 | Oracle Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). | 5.3 |
2019-10-16 | CVE-2019-2923 | Oracle Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). | 5.3 |
2019-10-16 | CVE-2019-2922 | Oracle Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). | 5.3 |
2019-10-16 | CVE-2019-2920 | Oracle Canonical | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). | 5.3 |
2019-10-16 | CVE-2019-2888 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: EJB Container). | 5.3 |
2019-10-16 | CVE-2019-2765 | Oracle | Unspecified vulnerability in Oracle Solaris 10/11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). | 5.3 |
2019-10-14 | CVE-2019-17594 | GNU Opensuse | Out-of-bounds Read vulnerability in multiple products There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. | 5.3 |
2019-10-16 | CVE-2019-12703 | Cisco | Cross-site Scripting vulnerability in Cisco Spa122 Firmware 1.4.1 A vulnerability in the web-based management interface of Cisco SPA122 ATA with Router Devices could allow an unauthenticated, adjacent attacker to conduct cross-site scripting attacks. | 5.2 |
2019-10-16 | CVE-2019-2939 | Oracle | Unspecified vulnerability in Oracle Database Server 12.2.0.1/18C/19C Vulnerability in the Core RDBMS component of Oracle Database Server. | 5.0 |
2019-10-16 | CVE-2019-2913 | Oracle | Unspecified vulnerability in Oracle Database Server 12.2.0.1/18C/19C Vulnerability in the Core RDBMS component of Oracle Database Server. | 5.0 |
2019-10-16 | CVE-2018-2875 | Oracle | Unspecified vulnerability in Oracle Database Server 12.2.0.1/18C/19C Vulnerability in the Core RDBMS component of Oracle Database Server. | 5.0 |
2019-10-16 | CVE-2019-3003 | Oracle Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.9 |
2019-10-16 | CVE-2019-2998 | Oracle Canonical Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2019-10-16 | CVE-2019-2997 | Oracle Canonical Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). | 4.9 |
2019-10-16 | CVE-2019-2982 | Oracle Canonical Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2019-10-16 | CVE-2019-2968 | Oracle Canonical Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.9 |
2019-10-16 | CVE-2019-2963 | Oracle Canonical Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.9 |
2019-10-16 | CVE-2019-2960 | Oracle Canonical Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). | 4.9 |
2019-10-16 | CVE-2019-2957 | Oracle Canonical Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). | 4.9 |
2019-10-16 | CVE-2019-2950 | Oracle Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2019-10-16 | CVE-2019-2948 | Oracle Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2019-10-14 | CVE-2019-14838 | Redhat | Improper Privilege Management vulnerability in Redhat products A flaw was found in wildfly-core before 7.2.5.GA. | 4.9 |
2019-10-16 | CVE-2019-15281 | Cisco | Cross-site Scripting vulnerability in Cisco Identity Services Engine Software A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.8 |
2019-10-16 | CVE-2019-15280 | Cisco | Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. | 4.8 |
2019-10-16 | CVE-2019-15269 | Cisco | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. | 4.8 |
2019-10-16 | CVE-2019-15268 | Cisco | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. | 4.8 |
2019-10-16 | CVE-2019-2977 | Oracle Netapp Debian | Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). | 4.8 |
2019-10-16 | CVE-2019-2975 | Oracle Redhat Netapp Debian Opensuse Mcafee Canonical | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). | 4.8 |
2019-10-16 | CVE-2019-11281 | Pivotal Software Debian Fedoraproject Redhat | Cross-site Scripting vulnerability in multiple products Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. | 4.8 |
2019-10-16 | CVE-2019-16522 | EU Cookie LAW Project | Cross-site Scripting vulnerability in EU Cookie LAW Project EU Cookie LAW The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. | 4.8 |
2019-10-16 | CVE-2019-17630 | Cmsmadesimple | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.11 CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen. | 4.8 |
2019-10-16 | CVE-2019-17629 | Cmsmadesimple | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.11 CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen. | 4.8 |
2019-10-16 | CVE-2019-3024 | Oracle | Unspecified vulnerability in Oracle Installed Base Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). | 4.7 |
2019-10-16 | CVE-2019-3023 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Stylesheet). | 4.7 |
2019-10-16 | CVE-2019-2999 | Oracle Redhat Netapp Debian Opensuse Canonical | Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). | 4.7 |
2019-10-16 | CVE-2019-2930 | Oracle | Unspecified vulnerability in Oracle Field Service Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Wireless). | 4.7 |
2019-10-16 | CVE-2019-2883 | Oracle | Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 17.0 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). | 4.6 |
2019-10-17 | CVE-2019-12611 | Bitdefender | Allocation of Resources Without Limits or Throttling vulnerability in Bitdefender BOX Firmware An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. | 4.4 |
2019-10-16 | CVE-2019-15962 | Cisco | Incorrect Default Permissions vulnerability in Cisco Telepresence Collaboration Endpoint A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. | 4.4 |
2019-10-16 | CVE-2019-15273 | Cisco | Unspecified vulnerability in Cisco Telepresence Collaboration Endpoint Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to overwrite arbitrary files. | 4.4 |
2019-10-16 | CVE-2019-15266 | Cisco | Path Traversal vulnerability in Cisco Wireless LAN Controller Software A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to view system files that should be restricted. | 4.4 |
2019-10-16 | CVE-2019-3018 | Oracle Canonical Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.4 |
2019-10-16 | CVE-2019-3009 | Oracle Canonical Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). | 4.4 |
2019-10-16 | CVE-2019-2938 | Oracle Mariadb Fedoraproject Canonical Opensuse Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.4 |
2019-10-14 | CVE-2019-4572 | IBM | Information Exposure Through Log Files vulnerability in IBM Filenet Content Manager 5.5.2/5.5.3 IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations, could log the web service user credentials into a log file that could be accessed by an administrator on the local machine. | 4.4 |
2019-10-17 | CVE-2019-8190 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. | 4.3 |
2019-10-17 | CVE-2019-8189 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. | 4.3 |
2019-10-17 | CVE-2019-8188 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 4.3 |
2019-10-17 | CVE-2019-8187 | Adobe | Use After Free vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. | 4.3 |
2019-10-17 | CVE-2019-8173 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. | 4.3 |
2019-10-17 | CVE-2019-8172 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. | 4.3 |
2019-10-17 | CVE-2019-8163 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. | 4.3 |
2019-10-17 | CVE-2019-8064 | Adobe | Out-of-bounds Read vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. | 4.3 |
2019-10-16 | CVE-2019-16698 | DKD | Missing Authorization vulnerability in DKD Direct Mail The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 has a missing access check in the backend module, allowing a user (with restricted permissions to the fe_users table) to view and export data of frontend users who are subscribed to a newsletter. | 4.3 |
2019-10-16 | CVE-2019-3015 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). | 4.3 |
2019-10-16 | CVE-2019-2951 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Human Resources 9.2 Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: US Federal Specific). | 4.3 |
2019-10-16 | CVE-2019-2925 | Oracle | Unspecified vulnerability in Oracle Workflow 12.1.3/12.2.3/12.2.8 Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). | 4.3 |
2019-10-16 | CVE-2019-2898 | Oracle | Unspecified vulnerability in Oracle BI Publisher 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Vulnerability in the BI Publisher (formerly XML Publisher) product of Oracle Fusion Middleware (component: BI Publisher Security). | 4.3 |
2019-10-16 | CVE-2019-2887 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). | 4.3 |
2019-10-16 | CVE-2019-2734 | Oracle | Unspecified vulnerability in Oracle Database Server 12.2.0.1/18C/19C Vulnerability in the Core RDBMS component of Oracle Database Server. | 4.3 |
2019-10-16 | CVE-2019-10457 | Jenkins | Missing Authorization vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic 1.0.0 A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 |
2019-10-16 | CVE-2019-10456 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic 1.0.0 A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 |
2019-10-16 | CVE-2019-10455 | Jenkins | Missing Authorization vulnerability in Jenkins Rundeck A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 |
2019-10-16 | CVE-2019-10454 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Rundeck A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 |
2019-10-16 | CVE-2019-10452 | Jenkins | Cleartext Storage of Sensitive Information vulnerability in Jenkins View26 Test-Reporting Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 4.3 |
2019-10-16 | CVE-2019-10451 | Jenkins | Cleartext Storage of Sensitive Information vulnerability in Jenkins Soasta Cloudtest Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 4.3 |
2019-10-16 | CVE-2019-10447 | Jenkins | Cleartext Storage of Sensitive Information vulnerability in Jenkins Sofy.Ai 1.0.0/1.0.1/1.0.3 Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 4.3 |
2019-10-16 | CVE-2019-10445 | Jenkins | Missing Authorization vulnerability in Jenkins Google Kubernetes Engine A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID. | 4.3 |
2019-10-16 | CVE-2019-10442 | Jenkins | Missing Authorization vulnerability in Jenkins Icescrum A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 |
2019-10-16 | CVE-2019-10441 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Icescrum A cross-site request forgery vulnerability in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 |
2019-10-16 | CVE-2019-10439 | Jenkins | Missing Authorization vulnerability in Jenkins CRX Content Package Deployer A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 4.3 |
2019-10-16 | CVE-2019-2996 | Oracle Netapp Redhat | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). | 4.2 |
2019-10-16 | CVE-2019-2959 | Oracle | Unspecified vulnerability in Oracle Hyperion Financial Reporting 11.1.2.4 Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Security Models). | 4.2 |
2019-10-16 | CVE-2019-2941 | Oracle | Unspecified vulnerability in Oracle Hyperion Enterprise Performance Management Architect 11.1.2.4 Vulnerability in the Hyperion Profitability and Cost Management product of Oracle Hyperion (component: Modeling). | 4.0 |