Weekly Vulnerabilities Reports > October 14 to 20, 2019

Overview

433 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 60 high severity vulnerabilities. This weekly summary report vulnerabilities in 388 products from 112 vendors including Oracle, Adobe, Cisco, Jenkins, and Redhat. Vulnerabilities are notably categorized as "Cross-site Scripting", "Use After Free", "Out-of-bounds Read", "Out-of-bounds Write", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 363 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities have public exploit available.
  • 93 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 302 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 137 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

15 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-10-18 CVE-2019-17526 Sagemath Code Injection vulnerability in Sagemath Sagemathcell

** DISPUTED ** An issue was discovered in SageMath Sage Cell Server through 2019-10-05.

10.0
2019-10-18 CVE-2019-15900 Doas Project USE of Uninitialized Resource vulnerability in Doas Project Doas

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD.

10.0
2019-10-17 CVE-2019-8196 Adobe Null Pointer Dereference vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability.

10.0
2019-10-17 CVE-2019-8195 Adobe Null Pointer Dereference vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability.

10.0
2019-10-17 CVE-2019-8186 Adobe Out-Of-Bounds Write vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability.

10.0
2019-10-17 CVE-2019-15066 Hinet Unspecified vulnerability in Hinet Gpon Firmware

An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731.

10.0
2019-10-16 CVE-2019-15260 Cisco Improper Privilege Management vulnerability in Cisco products

A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges.

10.0
2019-10-15 CVE-2019-17600 Intelbras Cross-Site Request Forgery (CSRF) vulnerability in Intelbras IWR 1000N Firmware 1.6.4

Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled.

10.0
2019-10-14 CVE-2019-12941 Autopi Improper Restriction of Excessive Authentication Attempts vulnerability in Autopi 4G/Lte Firmware and Wi-Fi/Nb Firmware

AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device.

10.0
2019-10-17 CVE-2019-8183 Adobe Out-Of-Bounds Write vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a heap overflow vulnerability.

9.3
2019-10-18 CVE-2019-15901 Doas Project Improper Privilege Management vulnerability in Doas Project Doas

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD.

9.0
2019-10-17 CVE-2019-14287 Sudo Project
Fedoraproject
Debian
Opensuse
Canonical
Netapp
Improper Handling of Exceptional Conditions vulnerability in multiple products

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID.

9.0
2019-10-17 CVE-2019-15850 EQ 3 Missing Authorization vulnerability in Eq-3 Homematic Ccu3 Firmware 3.41.11

eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execution in the ReGa.runScript method.

9.0
2019-10-17 CVE-2019-14423 EQ 3 Code Injection vulnerability in Eq-3 Ccu2 Firmware and Cux-Daemon

A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request.

9.0
2019-10-14 CVE-2019-17501 Centreon OS Command Injection vulnerability in Centreon 19.04.0

Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen).

9.0

60 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-10-16 CVE-2019-17625 Rambox Cross-Site Scripting vulnerability in Rambox 0.6.9

There is a stored XSS in Rambox 0.6.9 that can lead to code execution.

8.5
2019-10-17 CVE-2019-17666 Linux Classic Buffer Overflow vulnerability in Linux Kernel

rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.

8.3
2019-10-16 CVE-2019-15262 Cisco Improper Resource Shutdown OR Release vulnerability in Cisco products

A vulnerability in the Secure Shell (SSH) session management for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

7.8
2019-10-16 CVE-2019-15261 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in the Point-to-Point Tunneling Protocol (PPTP) VPN packet processing functionality in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

7.8
2019-10-17 CVE-2019-8221 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

7.5
2019-10-17 CVE-2019-8220 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions, 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

7.5
2019-10-17 CVE-2019-8215 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

7.5
2019-10-17 CVE-2019-8214 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

7.5
2019-10-17 CVE-2019-8213 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

7.5
2019-10-17 CVE-2019-8212 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

7.5
2019-10-17 CVE-2019-8211 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

7.5
2019-10-17 CVE-2019-8206 Adobe Out-Of-Bounds Write vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability.

7.5
2019-10-17 CVE-2019-8205 Adobe Null Pointer Dereference vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability.

7.5
2019-10-17 CVE-2019-8200 Adobe Type Confusion vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability.

7.5
2019-10-17 CVE-2019-8199 Adobe Out-Of-Bounds Write vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability.

7.5
2019-10-17 CVE-2019-8197 Adobe Out-Of-Bounds Write vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a heap overflow vulnerability.

7.5
2019-10-17 CVE-2019-8169 Adobe Type Confusion vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability.

7.5
2019-10-17 CVE-2019-8167 Adobe Type Confusion vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability.

7.5
2019-10-17 CVE-2019-8161 Adobe Type Confusion vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability.

7.5
2019-10-17 CVE-2019-15064 Hinet Missing Authentication FOR Critical Function vulnerability in Hinet Gpon Firmware

HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication.

7.5
2019-10-17 CVE-2019-8071 Adobe Incorrect Permission Assignment FOR Critical Resource vulnerability in Adobe Download Manager 2.0.0.363

Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability.

7.5
2019-10-17 CVE-2019-10752 Sequelizejs SQL Injection vulnerability in Sequelizejs Sequelize

Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite.

7.5
2019-10-17 CVE-2019-13411 Hinet Unspecified vulnerability in Hinet Gpon Firmware

An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731.

7.5
2019-10-17 CVE-2019-17670 Wordpress Server-Side Request Forgery (SSRF) vulnerability in Wordpress

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.

7.5
2019-10-17 CVE-2019-17669 Wordpress Server-Side Request Forgery (SSRF) vulnerability in Wordpress

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.

7.5
2019-10-16 CVE-2019-13116 Mulesoft Deserialization of Untrusted Data vulnerability in Mulesoft Mule Runtime 3.2.0

The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections

7.5
2019-10-16 CVE-2019-16700 Slub Dresden Unrestricted Upload of File With Dangerous Type vulnerability in Slub-Dresden Slub Events

The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver.

7.5
2019-10-16 CVE-2019-16699 SR Freecap Project Improper Input Validation vulnerability in SR Freecap Project SR Freecap

The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code Execution.

7.5
2019-10-16 CVE-2019-16682 URL Redirect Project SQL Injection vulnerability in URL Redirect Project URL Redirect

The url_redirect (aka URL redirect) extension through 1.2.1 for TYPO3 fails to properly sanitize user input and is susceptible to SQL Injection.

7.5
2019-10-16 CVE-2019-2972 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

7.5
2019-10-16 CVE-2019-2971 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

7.5
2019-10-16 CVE-2019-2970 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

7.5
2019-10-16 CVE-2019-2904 Oracle Unspecified vulnerability in Oracle Application Development Framework and Jdeveloper

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces).

7.5
2019-10-16 CVE-2019-2903 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

7.5
2019-10-16 CVE-2019-2902 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

7.5
2019-10-16 CVE-2019-2901 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

7.5
2019-10-16 CVE-2019-6334 HP Unspecified vulnerability in HP Futuresmart 3 and Futuresmart 4

HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check application signature that may allow potential execution of arbitrary code.

7.5
2019-10-16 CVE-2019-17626 Reportlab XML Injection (Aka Blind Xpath Injection) vulnerability in Reportlab 3.5.26

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.

7.5
2019-10-16 CVE-2016-11014 Netgear Insufficient Session Expiration vulnerability in Netgear Jnr1010 Firmware

NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.

7.5
2019-10-15 CVE-2019-17613 Qibosoft Code Injection vulnerability in Qibosoft 7.0

qibosoft 7 allows remote code execution because do/jf.php makes eval calls.

7.5
2019-10-15 CVE-2019-17602 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Opmanager

An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089.

7.5
2019-10-15 CVE-2019-17601 Minishare Project Out-Of-Bounds Write vulnerability in Minishare Project Minishare 1.4.1

In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP CONNECT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19862 and CVE-2018-19861.

7.5
2019-10-14 CVE-2017-14948 Dlink Classic Buffer Overflow vulnerability in Dlink products

Certain D-Link products are affected by: Buffer Overflow.

7.5
2019-10-14 CVE-2019-16278 Nazgul Path Traversal vulnerability in Nazgul Nostromo Nhttpd

Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.

7.5
2019-10-14 CVE-2019-17580 Dormsystem Project SQL Injection vulnerability in Dormsystem Project Dormsystem 1.1/1.2/1.3

tonyy dormsystem through 1.3 allows SQL Injection in admin.php.

7.5
2019-10-14 CVE-2019-17553 Metinfo SQL Injection vulnerability in Metinfo 7.0.0

An issue was discovered in MetInfo v7.0.0 beta.

7.5
2019-10-14 CVE-2019-17552 Idreamsoft SQL Injection vulnerability in Idreamsoft Icms 7.0.14

An issue was discovered in idreamsoft iCMS v7.0.14.

7.5
2019-10-14 CVE-2019-17408 Zzzcms Improper Input Validation vulnerability in Zzzcms Zzzphp 1.7.3

parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr.

7.5
2019-10-14 CVE-2019-17545 Osgeo Double Free vulnerability in Osgeo Gdal

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.

7.5
2019-10-14 CVE-2019-17542 Ffmpeg Improper Validation of Array Index vulnerability in Ffmpeg

FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.

7.5
2019-10-14 CVE-2019-17539 Ffmpeg
Debian
Canonical
Null Pointer Dereference vulnerability in multiple products

In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.

7.5
2019-10-20 CVE-2019-18216 Asus Improper Input Validation vulnerability in Asus ROG Zephyrus M Gm501Gs Firmware

** DISPUTED ** The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited.

7.2
2019-10-18 CVE-2019-18198 Linux
Canonical
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.

7.2
2019-10-16 CVE-2019-15277 Cisco OS Command Injection vulnerability in Cisco Telepresence Collaboration Endpoint

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges.

7.2
2019-10-16 CVE-2019-15275 Cisco OS Command Injection vulnerability in Cisco Telepresence Collaboration Endpoint

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges.

7.2
2019-10-16 CVE-2019-15274 Cisco OS Command Injection vulnerability in Cisco Telepresence Collaboration Endpoint

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to perform command injections.

7.2
2019-10-16 CVE-2019-4031 IBM Unspecified vulnerability in IBM Tivoli Workload Scheduler

IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges.

7.2
2019-10-14 CVE-2019-17044 BMC Incorrect Default Permissions vulnerability in BMC Patrol Agent 9.0.10I

An issue was discovered in BMC Patrol Agent 9.0.10i.

7.2
2019-10-14 CVE-2019-16519 Eset Improper Input Validation vulnerability in Eset products

ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks.

7.2
2019-10-14 CVE-2019-9745 Cloudcti Improper Privilege Management vulnerability in Cloudcti HIP Integrator Recognition Configuration Tool

CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration.

7.2

298 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-10-19 CVE-2019-18214 Video Converter Project Missing Release of Resource After Effective Lifetime vulnerability in Video Converter Project Video Converter 0.1.0

The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once.

6.8
2019-10-18 CVE-2019-13545 Hornerautomation Out-Of-Bounds Write vulnerability in Hornerautomation Cscape

In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution.

6.8
2019-10-18 CVE-2019-13541 Hornerautomation Out-Of-Bounds Write vulnerability in Hornerautomation Cscape

In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation.

6.8
2019-10-18 CVE-2019-17367 Openwrt Cross-Site Request Forgery (CSRF) vulnerability in Openwrt 18

OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.

6.8
2019-10-17 CVE-2019-8225 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

6.8
2019-10-17 CVE-2019-8224 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

6.8
2019-10-17 CVE-2019-8223 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

6.8
2019-10-17 CVE-2019-8219 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

6.8
2019-10-17 CVE-2019-8217 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

6.8
2019-10-17 CVE-2019-8210 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

6.8
2019-10-17 CVE-2019-8209 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

6.8
2019-10-17 CVE-2019-8208 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

6.8
2019-10-17 CVE-2019-8204 Adobe Out-Of-Bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability.

6.8
2019-10-17 CVE-2019-8203 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

6.8
2019-10-17 CVE-2019-8192 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

6.8
2019-10-17 CVE-2019-8191 Adobe Out-Of-Bounds Write vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability.

6.8
2019-10-17 CVE-2019-8181 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

6.8
2019-10-17 CVE-2019-8180 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

6.8
2019-10-17 CVE-2019-8179 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

6.8
2019-10-17 CVE-2019-8178 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

6.8
2019-10-17 CVE-2019-8177 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

6.8
2019-10-17 CVE-2019-8176 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

6.8
2019-10-17 CVE-2019-8175 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

6.8
2019-10-17 CVE-2019-8174 Adobe Null Pointer Dereference vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability.

6.8
2019-10-17 CVE-2019-8171 Adobe Out-Of-Bounds Write vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability.

6.8
2019-10-17 CVE-2019-8170 Adobe Out-Of-Bounds Write vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a heap overflow vulnerability.

6.8
2019-10-17 CVE-2019-8166 Adobe Out-Of-Bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a buffer overrun vulnerability.

6.8
2019-10-17 CVE-2019-8165 Adobe Out-Of-Bounds Write vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability.

6.8
2019-10-17 CVE-2019-8162 Adobe Race Condition vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a race condition vulnerability.

6.8
2019-10-17 CVE-2019-17118 Wikidsystems Cross-Site Request Forgery (CSRF) vulnerability in Wikidsystems 2FA Enterprise Server

A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as (1) create or delete admin users; (2) create or delete groups; or (3) create, delete, enable, or disable normal users or devices.

6.8
2019-10-17 CVE-2019-17676 Metinfo Cross-Site Request Forgery (CSRF) vulnerability in Metinfo 7.0.0

app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI.

6.8
2019-10-17 CVE-2019-17675 Wordpress Cross-Site Request Forgery (CSRF) vulnerability in Wordpress

WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.

6.8
2019-10-16 CVE-2019-15258 Cisco Null Pointer Dereference vulnerability in Cisco Spa112 Firmware and Spa122 Firmware

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to cause a denial of service condition on an affected device.

6.8
2019-10-16 CVE-2019-12636 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco products

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.

6.8
2019-10-16 CVE-2019-3025 Oracle Unspecified vulnerability in Oracle Hospitality RES 3700 5.7

Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications.

6.8
2019-10-16 CVE-2019-2980 Oracle Unspecified vulnerability in Oracle Flexcube Direct Banking 12.0.2/12.0.3

Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: eMail).

6.8
2019-10-16 CVE-2019-2891 Oracle Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).

6.8
2019-10-16 CVE-2019-10437 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins CRX Content Package Deployer

A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

6.8
2019-10-15 CVE-2019-17195 Connect2Id Improper Check for Unusual OR Exceptional Conditions vulnerability in Connect2Id Nimbus Jose+Jwt

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

6.8
2019-10-14 CVE-2019-17593 Jizhicms Cross-Site Request Forgery (CSRF) vulnerability in Jizhicms 1.5.1

JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.

6.8
2019-10-14 CVE-2019-17547 Imagemagick USE After Free vulnerability in Imagemagick

In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.

6.8
2019-10-14 CVE-2019-17546 Libtiff
Osgeo
Integer Overflow OR Wraparound vulnerability in multiple products

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.

6.8
2019-10-14 CVE-2019-17543 LZ4 Project Classic Buffer Overflow vulnerability in LZ4 Project LZ4

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input.

6.8
2019-10-14 CVE-2019-17541 Imagemagick USE After Free vulnerability in Imagemagick

ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.

6.8
2019-10-14 CVE-2019-17540 Imagemagick Classic Buffer Overflow vulnerability in Imagemagick

ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.

6.8
2019-10-17 CVE-2019-15627 Trendmicro Link Following vulnerability in Trendmicro Deep Security 10.0/11.0/12.0

Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact.

6.6
2019-10-16 CVE-2019-17436 Paloaltonetworks Unspecified vulnerability in Paloaltonetworks Globalprotect

A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system.

6.6
2019-10-16 CVE-2019-15962 Cisco Incorrect Default Permissions vulnerability in Cisco Telepresence Collaboration Endpoint

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device.

6.6
2019-10-16 CVE-2019-15273 Cisco Unspecified vulnerability in Cisco Telepresence Collaboration Endpoint

Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to overwrite arbitrary files.

6.6
2019-10-17 CVE-2019-17119 Wikidsystems SQL Injection vulnerability in Wikidsystems TWO Factor Authentication Enterprise Server

Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter.

6.5
2019-10-17 CVE-2019-13657 Broadcom USE of Hard-Coded Credentials vulnerability in Broadcom CA Performance Management and Network Operations

CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.

6.5
2019-10-17 CVE-2019-17117 Wikidsystems SQL Injection vulnerability in Wikidsystems 2FA Enterprise Server

A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter.

6.5
2019-10-17 CVE-2019-16917 Wikidsystems SQL Injection vulnerability in Wikidsystems TWO Factor Authentication Enterprise Server

WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint.

6.5
2019-10-16 CVE-2019-2890 Oracle Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services).

6.5
2019-10-16 CVE-2019-15893 Sonatype Unspecified vulnerability in Sonatype Nexus Repository Manager

Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution.

6.5
2019-10-16 CVE-2019-10458 Jenkins Improper Input Validation vulnerability in Jenkins Puppet Enterprise Pipeline

Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.

6.5
2019-10-15 CVE-2019-17612 74Cms SQL Injection vulnerability in 74Cms 5.2.8

An issue was discovered in 74CMS v5.2.8.

6.5
2019-10-15 CVE-2019-10760 Safer Eval Project Code Injection vulnerability in Safer-Eval Project Safer-Eval

safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution.

6.5
2019-10-15 CVE-2019-10759 Safer Eval Project Code Injection vulnerability in Safer-Eval Project Safer-Eval

safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution.

6.5
2019-10-14 CVE-2019-17575 Wbce Code Injection vulnerability in Wbce CMS

A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier.

6.5
2019-10-17 CVE-2019-17631 Eclipse
Redhat
Improper Privilege Management vulnerability in multiple products

From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.

6.4
2019-10-16 CVE-2019-17512 Dlink Missing Authentication FOR Critical Function vulnerability in Dlink Dir-412 Firmware A11.14Ww

There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers.

6.4
2019-10-16 CVE-2019-2907 Oracle Unspecified vulnerability in Oracle web Services 12.2.1.3.0

Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware (component: SOAP with Attachments API for Java).

6.4
2019-10-16 CVE-2019-10446 Jenkins Improper Certificate Validation vulnerability in Jenkins Cadence Vmanager

Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM.

6.4
2019-10-16 CVE-2019-10444 Jenkins Improper Certificate Validation vulnerability in Jenkins Bumblebee HP ALM

Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM.

6.4
2019-10-14 CVE-2019-17574 Code Atlantic Authorization Bypass Through User-Controlled KEY vulnerability in Code-Atlantic Popup Maker

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress.

6.4
2019-10-14 CVE-2019-17544 GNU
Canonical
Out-Of-Bounds Read vulnerability in multiple products

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.

6.4
2019-10-16 CVE-2019-15264 Cisco Resource Exhaustion vulnerability in Cisco products

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.

6.1
2019-10-16 CVE-2019-6474 ISC Missing Release of Resource After Effective Lifetime vulnerability in ISC KEA 1.4.0/1.5.0/1.6.0

A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart.

6.1
2019-10-16 CVE-2019-2895 Oracle Unspecified vulnerability in Oracle Enterprise Manager

Vulnerability in the Enterprise Manager for Exadata product of Oracle Enterprise Manager (component: Exadata Plug-In Deploy and Ins).

6.0
2019-10-15 CVE-2019-14832 Redhat Incorrect Authorization vulnerability in Redhat Keycloak

A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured.

6.0
2019-10-16 CVE-2019-3020 Oracle Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access).

5.8
2019-10-16 CVE-2019-3014 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Performance Monitor).

5.8
2019-10-16 CVE-2019-3000 Oracle Unspecified vulnerability in Oracle Marketing

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

5.8
2019-10-16 CVE-2019-2995 Oracle Unspecified vulnerability in Oracle Marketing

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

5.8
2019-10-16 CVE-2019-2994 Oracle Unspecified vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

5.8
2019-10-16 CVE-2019-2990 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Order Tracker).

5.8
2019-10-16 CVE-2019-2985 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Fluid Core).

5.8
2019-10-16 CVE-2019-2977 Oracle
Netapp
Debian
Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot).
5.8
2019-10-16 CVE-2019-2975 Oracle
Debian
Redhat
Netapp
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting).
5.8
2019-10-16 CVE-2019-2952 Oracle Unspecified vulnerability in Oracle Food and Beverage Applications 9.1.0

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications.

5.8
2019-10-16 CVE-2019-2942 Oracle Unspecified vulnerability in Oracle Advanced Outbound Telephony

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface).

5.8
2019-10-16 CVE-2019-2931 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal).

5.8
2019-10-16 CVE-2019-2929 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal).

5.8
2019-10-16 CVE-2019-2915 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Fluid Core).

5.8
2019-10-16 CVE-2019-2906 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher 11.1.1.9.04/12.2.1.3.0/12.2.1.4.0

Vulnerability in the BI Publisher (formerly XML Publisher) product of Oracle Fusion Middleware (component: Mobile Service).

5.8
2019-10-16 CVE-2019-2889 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps).

5.8
2019-10-16 CVE-2019-2886 Oracle Unspecified vulnerability in Oracle Forms 12.2.1.3.0

Vulnerability in the Oracle Forms product of Oracle Fusion Middleware (component: Services).

5.8
2019-10-14 CVE-2019-17595 GNU
Opensuse
Out-Of-Bounds Read vulnerability in multiple products

There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.

5.8
2019-10-14 CVE-2019-14823 JSS Cryptomanager Project
Redhat
Improper Certificate Validation vulnerability in multiple products

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain.

5.8
2019-10-16 CVE-2019-2991 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

5.5
2019-10-16 CVE-2019-2953 Oracle Unspecified vulnerability in Oracle Hospitality Cruise Dining Room Management 8.0.80

Vulnerability in the Oracle Hospitality Cruise Dining Room Management product of Oracle Hospitality Applications (component: Web Service).

5.5
2019-10-16 CVE-2019-2947 Oracle Unspecified vulnerability in Oracle Food and Beverage Applications 9.1.0

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications.

5.5
2019-10-16 CVE-2019-2937 Oracle Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 9.1.0

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications.

5.5
2019-10-16 CVE-2019-2934 Oracle Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 9.1.0

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications.

5.5
2019-10-16 CVE-2019-2897 Oracle Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions).

5.5
2019-10-16 CVE-2018-3300 Oracle Unspecified vulnerability in Oracle Retail Xstore Office 7.1

Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Internal Operations).

5.5
2019-10-14 CVE-2019-14226 Open Xchange Improper Preservation of Permissions vulnerability in Open-Xchange Appsuite

OX App Suite through 7.10.2 has Insecure Permissions.

5.5
2019-10-14 CVE-2019-14225 Open Xchange Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite 7.10.1/7.10.2

OX App Suite 7.10.1 and 7.10.2 allows SSRF.

5.5
2019-10-16 CVE-2019-15252 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges.

5.2
2019-10-16 CVE-2019-15251 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges.

5.2
2019-10-16 CVE-2019-15250 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges.

5.2
2019-10-16 CVE-2019-15249 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges.

5.2
2019-10-16 CVE-2019-15248 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges.

5.2
2019-10-16 CVE-2019-15247 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges.

5.2
2019-10-16 CVE-2019-15246 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges.

5.2
2019-10-16 CVE-2019-15245 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges.

5.2
2019-10-16 CVE-2019-15244 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges.

5.2
2019-10-16 CVE-2019-15243 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges.

5.2
2019-10-16 CVE-2019-15242 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges.

5.2
2019-10-16 CVE-2019-15241 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges.

5.2
2019-10-16 CVE-2019-15240 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Spa112 Firmware and Spa122 Firmware

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges.

5.2
2019-10-18 CVE-2019-18197 Xmlsoft
Canonical
Debian
USE After Free vulnerability in multiple products

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances.

5.1
2019-10-19 CVE-2019-18202 Wago Externally Controlled Reference TO A Resource in Another Sphere vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware

Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control.

5.0
2019-10-18 CVE-2019-17393 Tomedo Insufficiently Protected Credentials vulnerability in Tomedo Server 1.7.3

The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors.

5.0
2019-10-18 CVE-2019-16919 Linuxfoundation
Vmware
Incorrect Default Permissions vulnerability in multiple products

Harbor API has a Broken Access Control vulnerability.

5.0
2019-10-18 CVE-2019-17513 Ratpack Project Injection vulnerability in Ratpack Project Ratpack

An issue was discovered in Ratpack before 1.7.5.

5.0
2019-10-17 CVE-2019-8226 Adobe Information Exposure vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an incomplete implementation of security mechanism vulnerability.

5.0
2019-10-17 CVE-2019-8222 Adobe Out-Of-Bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability.

5.0
2019-10-17 CVE-2019-8218 Adobe Out-Of-Bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability.

5.0
2019-10-17 CVE-2019-8216 Adobe Out-Of-Bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability.

5.0
2019-10-17 CVE-2019-8207 Adobe Out-Of-Bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability.

5.0
2019-10-17 CVE-2019-8202 Adobe Out-Of-Bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability.

5.0
2019-10-17 CVE-2019-8201 Adobe Out-Of-Bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability.

5.0
2019-10-17 CVE-2019-8198 Adobe Out-Of-Bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability.

5.0
2019-10-17 CVE-2019-8194 Adobe Out-Of-Bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability.

5.0
2019-10-17 CVE-2019-8193 Adobe Out-Of-Bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability.

5.0
2019-10-17 CVE-2019-8185 Adobe Out-Of-Bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability.

5.0
2019-10-17 CVE-2019-8184 Adobe Out-Of-Bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability.

5.0
2019-10-17 CVE-2019-8182 Adobe Out-Of-Bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability.

5.0
2019-10-17 CVE-2019-8168 Adobe Out-Of-Bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability.

5.0
2019-10-17 CVE-2019-8164 Adobe Out-Of-Bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability.

5.0
2019-10-17 CVE-2019-6476 ISC Reachable Assertion vulnerability in ISC Bind

A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query.

5.0
2019-10-17 CVE-2019-6475 ISC Insufficient Verification of Data Authenticity vulnerability in ISC Bind

Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers.

5.0
2019-10-17 CVE-2019-15065 Hinet Information Exposure vulnerability in Hinet Gpon Firmware

A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files.

5.0
2019-10-17 CVE-2019-13412 Hinet Information Exposure vulnerability in Hinet Gpon Firmware

A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files.

5.0
2019-10-17 CVE-2019-13410 Topmeeting Information Exposure vulnerability in Topmeeting

TOPMeeting before version 8.8 (2019/08/19) shows attendees account and password in front end page that allows an attacker to obtain sensitive information by browsing the source code of the page.

5.0
2019-10-17 CVE-2019-13409 Topmeeting SQL Injection vulnerability in Topmeeting

A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19).

5.0
2019-10-17 CVE-2019-11284 Pivotal Insufficiently Protected Credentials vulnerability in Pivotal Reactor Netty

Pivotal Reactor Netty, versions prior to 0.8.11, passes headers through redirects, including authorization ones.

5.0
2019-10-17 CVE-2019-11253 Kubernetes
Redhat
XML Entity Expansion vulnerability in multiple products

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable.

5.0
2019-10-17 CVE-2019-17673 Wordpress Improper Input Validation vulnerability in Wordpress

WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.

5.0
2019-10-17 CVE-2019-17671 Wordpress Information Exposure vulnerability in Wordpress

In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.

5.0
2019-10-16 CVE-2019-15282 Cisco Missing Authentication FOR Critical Function vulnerability in Cisco Identity Services Engine Software

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device.

5.0
2019-10-16 CVE-2019-3027 Oracle Unspecified vulnerability in Oracle Application Object Library

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login Help).

5.0
2019-10-16 CVE-2019-3022 Oracle Unspecified vulnerability in Oracle Content Manager

Vulnerability in the Oracle Content Manager product of Oracle E-Business Suite (component: Content).

5.0
2019-10-16 CVE-2019-3012 Oracle Unspecified vulnerability in Oracle Business Intelligence 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security).

5.0
2019-10-16 CVE-2019-3001 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise SCM Eprocurement 9.2

Vulnerability in the PeopleSoft Enterprise SCM eProcurement product of Oracle PeopleSoft (component: eProcurement).

5.0
2019-10-16 CVE-2019-2965 Oracle Unspecified vulnerability in Oracle Siebel CRM

Vulnerability in the Siebel Core - DB Deployment and Configuration product of Oracle Siebel CRM (component: Install - Configuration).

5.0
2019-10-16 CVE-2019-2935 Oracle Unspecified vulnerability in Oracle Siebel UI Framework

Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI).

5.0
2019-10-16 CVE-2019-2924 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
5.0
2019-10-16 CVE-2019-2923 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).

5.0
2019-10-16 CVE-2019-2922 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
5.0
2019-10-16 CVE-2019-2920 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC).

5.0
2019-10-16 CVE-2019-2905 Oracle Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation).

5.0
2019-10-16 CVE-2019-2900 Oracle Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions).

5.0
2019-10-16 CVE-2019-2888 Oracle Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: EJB Container).

5.0
2019-10-16 CVE-2019-17662 Cybelsoft Path Traversal vulnerability in Cybelsoft Thinvnc 1.0

ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server.

5.0
2019-10-15 CVE-2019-17395 Rapidgator Information Exposure Through LOG Files vulnerability in Rapidgator 0.7.1

In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.

5.0
2019-10-15 CVE-2019-17398 Darkhorse Information Exposure Through LOG Files vulnerability in Darkhorse Dark Horse Comics 1.3.21

In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via logcat.

5.0
2019-10-15 CVE-2019-17396 Powerschool Information Exposure Through LOG Files vulnerability in Powerschool Mobile

In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.

5.0
2019-10-15 CVE-2019-17394 Seesaw Information Exposure Through LOG Files vulnerability in Seesaw Parent and Family 6.2.5

In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.

5.0
2019-10-15 CVE-2019-17355 Orbitz Information Exposure Through LOG Files vulnerability in Orbitz 19.31.1

In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.

5.0
2019-10-15 CVE-2019-17397 Doordash Information Exposure Through LOG Files vulnerability in Doordash 11.0.2/11.5.2

In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.

5.0
2019-10-14 CVE-2019-17592 CSV Parse Project Improper Input Validation vulnerability in Csv-Parse Project Csv-Parse

The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service.

5.0
2019-10-14 CVE-2019-16279 Nazgul Path Traversal vulnerability in Nazgul Nostromo Nhttpd

A memory error in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request.

5.0
2019-10-14 CVE-2019-17583 Idreamsoft Allocation of Resources Without Limits OR Throttling vulnerability in Idreamsoft Icms 7.0.15

idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive integer.

5.0
2019-10-14 CVE-2019-17511 Dlink Missing Authentication FOR Critical Function vulnerability in Dlink Dir-412 Firmware A11.14Ww

There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers.

5.0
2019-10-17 CVE-2019-12611 Bitdefender Allocation of Resources Without Limits OR Throttling vulnerability in Bitdefender BOX Firmware

An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product.

4.9
2019-10-17 CVE-2019-15849 EQ 3 Session Fixation vulnerability in Eq-3 Homematic Ccu3 Firmware 3.14.11

eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation.

4.9
2019-10-16 CVE-2019-3019 Oracle Unspecified vulnerability in Oracle Banking Digital Experience

Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: Loan Calculator).

4.9
2019-10-16 CVE-2019-2936 Oracle Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 9.1.0

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications.

4.9
2019-10-16 CVE-2019-2883 Oracle Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 17.0

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment).

4.9
2019-10-17 CVE-2019-18192 GNU Incorrect Permission Assignment FOR Critical Resource vulnerability in GNU Guix 1.0.1

GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365.

4.6
2019-10-16 CVE-2019-3028 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.6
2019-10-16 CVE-2019-3017 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.6
2019-10-16 CVE-2019-3010 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver).

4.6
2019-10-16 CVE-2019-2944 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.6
2019-10-16 CVE-2019-2927 Oracle Unspecified vulnerability in Oracle Hyperion Data Relationship Management 11.1.2.4

Vulnerability in the Hyperion Data Relationship Management product of Oracle Hyperion (component: Access and Security).

4.6
2019-10-16 CVE-2019-17624 X ORG Out-Of-Bounds Write vulnerability in X.Org X Server

"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap.

4.6
2019-10-14 CVE-2019-17594 GNU
Opensuse
Out-Of-Bounds Read vulnerability in multiple products

There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.

4.6
2019-10-14 CVE-2019-14737 Ubisoft Incorrect Default Permissions vulnerability in Ubisoft Uplay 92.0.0.6280

Ubisoft Uplay 92.0.0.6280 has Insecure Permissions.

4.6
2019-10-14 CVE-2019-17043 BMC Incorrect Default Permissions vulnerability in BMC Patrol Agent 9.0.10I

An issue was discovered in BMC Patrol Agent 9.0.10i.

4.6
2019-10-17 CVE-2019-17668 Samsung Improper Input Validation vulnerability in Samsung Galaxy S10 Firmware and Note 10 Firmware

Samsung Galaxy S10 and Note10 devices allow unlock operations via unregistered fingerprints in certain situations involving a third-party screen protector.

4.4
2019-10-16 CVE-2019-17665 NSA Untrusted Search Path vulnerability in NSA Ghidra 9.0/9.0.1/9.0.2

NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory.

4.4
2019-10-16 CVE-2019-17664 NSA Untrusted Search Path vulnerability in NSA Ghidra

NSA Ghidra through 9.0.4 uses a potentially untrusted search path.

4.4
2019-10-16 CVE-2019-2765 Oracle Unspecified vulnerability in Oracle Solaris 10/11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem).

4.4
2019-10-19 CVE-2019-18209 Etherpad Cross-Site Scripting vulnerability in Etherpad 1.7.5

templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.

4.3
2019-10-17 CVE-2019-8190 Adobe Out-Of-Bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability.

4.3
2019-10-17 CVE-2019-8189 Adobe Out-Of-Bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability.

4.3
2019-10-17 CVE-2019-8188 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

4.3
2019-10-17 CVE-2019-8187 Adobe USE After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability.

4.3
2019-10-17 CVE-2019-8173 Adobe Out-Of-Bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability.

4.3
2019-10-17 CVE-2019-8172 Adobe Out-Of-Bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability.

4.3
2019-10-17 CVE-2019-8163 Adobe Out-Of-Bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability.

4.3
2019-10-17 CVE-2019-8160 Adobe Cross-Site Scripting vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a cross-site scripting vulnerability.

4.3
2019-10-17 CVE-2019-8064 Adobe Out-Of-Bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability.

4.3
2019-10-17 CVE-2019-17120 Wikidsystems Cross-Site Scripting vulnerability in Wikidsystems 2FA Enterprise Server

A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/adm_usrs.jsp.

4.3
2019-10-17 CVE-2019-15626 Trendmicro Cleartext Transmission of Sensitive Information vulnerability in Trendmicro Deep Security 10.0/11.0/12.0

The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text.

4.3
2019-10-17 CVE-2019-17116 Wikidsystems Cross-Site Scripting vulnerability in Wikidsystems TWO Factor Authentication Enterprise Server

A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp.

4.3
2019-10-17 CVE-2019-17115 Wikidsystems Cross-Site Scripting vulnerability in Wikidsystems TWO Factor Authentication Enterprise Server

Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited.

4.3
2019-10-17 CVE-2019-17114 Wikidsystems Cross-Site Scripting vulnerability in Wikidsystems TWO Factor Authentication Enterprise Server

A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp.

4.3
2019-10-17 CVE-2019-17672 Wordpress Cross-Site Scripting vulnerability in Wordpress

WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.

4.3
2019-10-16 CVE-2019-17611 Hongcms Project Cross-Site Scripting vulnerability in Hongcms Project Hongcms 3.0.0

HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter.

4.3
2019-10-16 CVE-2019-17610 Hongcms Project Cross-Site Scripting vulnerability in Hongcms Project Hongcms 3.0.0

HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.

4.3
2019-10-16 CVE-2019-17609 Hongcms Project Cross-Site Scripting vulnerability in Hongcms Project Hongcms 3.0.0

HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.

4.3
2019-10-16 CVE-2019-17608 Hongcms Project Cross-Site Scripting vulnerability in Hongcms Project Hongcms 3.0.0

HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.

4.3
2019-10-16 CVE-2019-17607 Hongcms Project Cross-Site Scripting vulnerability in Hongcms Project Hongcms 3.0.0

HongCMS 3.0.0 has XSS via the install/index.php servername parameter.

4.3
2019-10-16 CVE-2019-12718 Cisco Cross-Site Scripting vulnerability in Cisco products

A vulnerability in the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface.

4.3
2019-10-16 CVE-2019-12705 Cisco Cross-Site Scripting vulnerability in Cisco Telepresence Video Communication Server

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system.

4.3
2019-10-16 CVE-2019-3024 Oracle Unspecified vulnerability in Oracle Installed Base

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order).

4.3
2019-10-16 CVE-2019-3023 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Stylesheet).

4.3
2019-10-16 CVE-2019-2992 Oracle
Redhat
Netapp
Debian
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D).
4.3
2019-10-16 CVE-2019-2989 Oracle
Redhat
Netapp
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).
4.3
2019-10-16 CVE-2019-2988 Oracle
Redhat
Netapp
Debian
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D).
4.3
2019-10-16 CVE-2019-2987 Oracle
Redhat
Netapp
Debian
Vulnerability in the Java SE product of Oracle Java SE (component: 2D).
4.3
2019-10-16 CVE-2019-2983 Oracle
Redhat
Netapp
Debian
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
4.3
2019-10-16 CVE-2019-2981 Oracle
Redhat
Netapp
Debian
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP).
4.3
2019-10-16 CVE-2019-2978 Oracle
Redhat
Netapp
Debian
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).
4.3
2019-10-16 CVE-2019-2973 Oracle
Redhat
Netapp
Debian
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP).
4.3
2019-10-16 CVE-2019-2964 Oracle
Redhat
Netapp
Debian
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency).
4.3
2019-10-16 CVE-2019-2962 Oracle
Redhat
Netapp
Debian
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D).
4.3
2019-10-16 CVE-2019-2958 Oracle
Netapp
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries).
4.3
2019-10-16 CVE-2019-2949 Oracle
Debian
Redhat
Netapp
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos).
4.3
2019-10-16 CVE-2019-2933 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries).

4.3
2019-10-16 CVE-2019-2930 Oracle Unspecified vulnerability in Oracle Field Service

Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Wireless).

4.3
2019-10-16 CVE-2019-2925 Oracle Unspecified vulnerability in Oracle Workflow 12.1.3/12.2.3/12.2.8

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist).

4.3
2019-10-16 CVE-2019-2910 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).

4.3
2019-10-16 CVE-2019-2909 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Java VM component of Oracle Database Server.

4.3
2019-10-16 CVE-2019-2896 Oracle Unspecified vulnerability in Oracle Micros Relate Customer Relationship Management Software

Vulnerability in the MICROS Relate CRM Software product of Oracle Retail Applications (component: Internal Operations).

4.3
2019-10-16 CVE-2019-2894 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security).

4.3
2019-10-16 CVE-2019-2884 Oracle Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 17.0

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment).

4.3
2019-10-16 CVE-2019-17663 Dlink Cross-Site Scripting vulnerability in Dlink Dir-866L Firmware 1.03B04

D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in the device common gateway interface, leading to common injection.

4.3
2019-10-16 CVE-2019-17660 Limesurvey Cross-Site Scripting vulnerability in Limesurvey

A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO.

4.3
2019-10-16 CVE-2019-16521 Managewp Cross-Site Scripting vulnerability in Managewp Broken Link Checker

The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML.

4.3
2019-10-16 CVE-2019-10456 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic 1.0.0

A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials.

4.3
2019-10-16 CVE-2019-10454 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Rundeck

A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials.

4.3
2019-10-16 CVE-2019-10441 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Icescrum

A cross-site request forgery vulnerability in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials.

4.3
2019-10-16 CVE-2016-11016 Netgear Cross-Site Scripting vulnerability in Netgear Jnr1010 Firmware

NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS.

4.3
2019-10-16 CVE-2016-11015 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear Jnr1010 Firmware

NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter.

4.3
2019-10-16 CVE-2019-13392 Mindpalette Cross-Site Scripting vulnerability in Mindpalette Natemail 3.0.15

A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request.

4.3
2019-10-15 CVE-2017-1002201 Haml Cross-Site Scripting vulnerability in Haml

In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly.

4.3
2019-10-15 CVE-2019-12944 Gluehome Missing Authorization vulnerability in Gluehome Glue Smart Lock Firmware 2.7.8

Glue Smart Lock 2.7.8 devices do not properly block guest access in certain situations where the network connection is unavailable.

4.3
2019-10-15 CVE-2019-17223 Dolibarr Cross-Site Scripting vulnerability in Dolibarr 10.0.2

There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php.

4.3
2019-10-14 CVE-2019-14227 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite 7.10.1/7.10.2

OX App Suite 7.10.1 and 7.10.2 allows XSS.

4.3
2019-10-14 CVE-2019-17579 Sonarsource Cross-Site Scripting vulnerability in Sonarsource Sonarqube

SonarSource SonarQube before 7.8 has XSS in project links on account/projects.

4.3
2019-10-14 CVE-2019-16344 Scadabr Cross-Site Scripting vulnerability in Scadabr 1.0Ce

A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR/login.htm) in ScadaBR 1.0CE allows a remote attacker to inject arbitrary web script or HTML via the username or password parameter.

4.3
2019-10-17 CVE-2019-14424 EQ 3 Information Exposure vulnerability in Eq-3 Ccu2 Firmware and Cux-Daemon

A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request.

4.0
2019-10-16 CVE-2019-16698 DKD Information Exposure vulnerability in DKD Direct Mail

The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 has a missing access check in the backend module, allowing a user (with restricted permissions to the fe_users table) to view and export data of frontend users who are subscribed to a newsletter.

4.0
2019-10-16 CVE-2019-15257 Cisco Unspecified vulnerability in Cisco Spa112 Firmware and Spa122 Firmware

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device.

4.0
2019-10-16 CVE-2019-12708 Cisco Information Exposure vulnerability in Cisco Spa112 Firmware and Spa122 Firmware

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device.

4.0
2019-10-16 CVE-2019-12704 Cisco Path Traversal vulnerability in Cisco Spa112 Firmware and Spa122 Firmware

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to view the contents of arbitrary files on an affected device.

4.0
2019-10-16 CVE-2019-3015 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker).

4.0
2019-10-16 CVE-2019-3011 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API).

4.0
2019-10-16 CVE-2019-3009 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection).

4.0
2019-10-16 CVE-2019-3004 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser).

4.0
2019-10-16 CVE-2019-3003 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).

4.0
2019-10-16 CVE-2019-2999 Oracle
Redhat
Netapp
Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc).
4.0
2019-10-16 CVE-2019-2998 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

4.0
2019-10-16 CVE-2019-2997 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).

4.0
2019-10-16 CVE-2019-2996 Oracle
Netapp
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment).
4.0
2019-10-16 CVE-2019-2986 Oracle Unspecified vulnerability in Oracle Graalvm 19.2.0

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter).

4.0
2019-10-16 CVE-2019-2982 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

4.0
2019-10-16 CVE-2019-2974 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

4.0
2019-10-16 CVE-2019-2968 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).

4.0
2019-10-16 CVE-2019-2967 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

4.0
2019-10-16 CVE-2019-2966 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

4.0
2019-10-16 CVE-2019-2963 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).

4.0
2019-10-16 CVE-2019-2960 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).

4.0
2019-10-16 CVE-2019-2957 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).

4.0
2019-10-16 CVE-2019-2951 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Human Resources 9.2

Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: US Federal Specific).

4.0
2019-10-16 CVE-2019-2950 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

4.0
2019-10-16 CVE-2019-2948 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

4.0
2019-10-16 CVE-2019-2946 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS).

4.0
2019-10-16 CVE-2019-2943 Oracle Unspecified vulnerability in Oracle Data Integrator 12.2.1.3.0

Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Studio).

4.0
2019-10-16 CVE-2019-2939 Oracle Unspecified vulnerability in Oracle Database Server 12.2.0.1/18C/19C

Vulnerability in the Core RDBMS component of Oracle Database Server.

4.0
2019-10-16 CVE-2019-2932 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Tree Manager).

4.0
2019-10-16 CVE-2019-2914 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).

4.0
2019-10-16 CVE-2019-2913 Oracle Unspecified vulnerability in Oracle Database Server 12.2.0.1/18C/19C

Vulnerability in the Core RDBMS component of Oracle Database Server.

4.0
2019-10-16 CVE-2019-2911 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema).

4.0
2019-10-16 CVE-2019-2898 Oracle Unspecified vulnerability in Oracle BI Publisher 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0

Vulnerability in the BI Publisher (formerly XML Publisher) product of Oracle Fusion Middleware (component: BI Publisher Security).

4.0
2019-10-16 CVE-2019-2887 Oracle Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services).

4.0
2019-10-16 CVE-2019-2734 Oracle Unspecified vulnerability in Oracle Database Server 12.2.0.1/18C/19C

Vulnerability in the Core RDBMS component of Oracle Database Server.

4.0
2019-10-16 CVE-2018-2875 Oracle Unspecified vulnerability in Oracle Database Server 12.2.0.1/18C/19C

Vulnerability in the Core RDBMS component of Oracle Database Server.

4.0
2019-10-16 CVE-2019-10457 Jenkins Missing Authorization vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic 1.0.0

A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

4.0
2019-10-16 CVE-2019-10455 Jenkins Missing Authorization vulnerability in Jenkins Rundeck

A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

4.0
2019-10-16 CVE-2019-10452 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins View26 Test-Reporting

Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

4.0
2019-10-16 CVE-2019-10451 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Soasta Cloudtest

Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

4.0
2019-10-16 CVE-2019-10449 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Fortify ON Demand

Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

4.0
2019-10-16 CVE-2019-10448 Jenkins Insufficiently Protected Credentials vulnerability in Jenkins Extensive Testing 1.4.3/1.4.4

Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

4.0
2019-10-16 CVE-2019-10447 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Sofy.Ai 1.0.0/1.0.1/1.0.3

Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

4.0
2019-10-16 CVE-2019-10445 Jenkins Missing Authorization vulnerability in Jenkins Google Kubernetes Engine

A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID.

4.0
2019-10-16 CVE-2019-10443 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Icescrum

Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.

4.0
2019-10-16 CVE-2019-10442 Jenkins Missing Authorization vulnerability in Jenkins Icescrum

A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

4.0
2019-10-16 CVE-2019-10440 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Neoload

Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.

4.0
2019-10-16 CVE-2019-10439 Jenkins Missing Authorization vulnerability in Jenkins CRX Content Package Deployer

A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

4.0
2019-10-16 CVE-2019-10438 Jenkins Missing Authorization vulnerability in Jenkins CRX Content Package Deployer

A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

4.0
2019-10-16 CVE-2019-10436 Jenkins Unspecified vulnerability in Jenkins Google Oauth Credentials

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.

4.0
2019-10-14 CVE-2019-14838 Redhat Improper Privilege Management vulnerability in Redhat products

A flaw was found in wildfly-core before 7.2.5.GA.

4.0

60 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-10-16 CVE-2019-2941 Oracle Unspecified vulnerability in Oracle Hyperion Enterprise Performance Management Architect 11.1.2.4

Vulnerability in the Hyperion Profitability and Cost Management product of Oracle Hyperion (component: Modeling).

3.6
2019-10-18 CVE-2019-4409 Hcltech Cross-Site Scripting vulnerability in Hcltech Traveler

HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks.

3.5
2019-10-18 CVE-2019-17207 Managewp Cross-Site Scripting vulnerability in Managewp Broken Link Checker

A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker (aka Broken Link Checker) plugin 1.11.8 for WordPress.

3.5
2019-10-17 CVE-2019-16330 Nchsoftware Cross-Site Scripting vulnerability in Nchsoftware Express Accounts Accounting 7.02

In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field.

3.5
2019-10-17 CVE-2019-17674 Wordpress Cross-Site Scripting vulnerability in Wordpress

WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer.

3.5
2019-10-17 CVE-2019-17667 Comtechtel Cross-Site Scripting vulnerability in Comtechtel H8 Heights Remote Gateway Firmware 2.5.1

Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name (aka SiteName) field.

3.5
2019-10-16 CVE-2019-15281 Cisco Cross-Site Scripting vulnerability in Cisco Identity Services Engine Software

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

3.5
2019-10-16 CVE-2019-15280 Cisco Cross-Site Scripting vulnerability in Cisco Firepower Management Center

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface.

3.5
2019-10-16 CVE-2019-15270 Cisco Cross-Site Scripting vulnerability in Cisco Firepower Management Center Firmware

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface.

3.5
2019-10-16 CVE-2019-15269 Cisco Cross-Site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface.

3.5
2019-10-16 CVE-2019-15268 Cisco Cross-Site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface.

3.5
2019-10-16 CVE-2019-12702 Cisco Cross-Site Scripting vulnerability in Cisco Spa112 Firmware and Spa122 Firmware

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to conduct cross-site scripting attacks.

3.5
2019-10-16 CVE-2019-12638 Cisco Cross-Site Scripting vulnerability in Cisco Identity Services Engine

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web-based management interface.

3.5
2019-10-16 CVE-2019-12637 Cisco Cross-Site Scripting vulnerability in Cisco Identity Services Engine

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web-based management interface.

3.5
2019-10-16 CVE-2019-3018 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).

3.5
2019-10-16 CVE-2019-2993 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API).

3.5
2019-10-16 CVE-2019-2979 Oracle Unspecified vulnerability in Oracle Flexcube Direct Banking 12.0.2/12.0.3

Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Payments).

3.5
2019-10-16 CVE-2019-2976 Oracle Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access).

3.5
2019-10-16 CVE-2019-2956 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Core RDBMS (jackson-databind) component of Oracle Database Server.

3.5
2019-10-16 CVE-2019-2938 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).

3.5
2019-10-16 CVE-2019-2899 Oracle Unspecified vulnerability in Oracle Application Development Framework and Jdeveloper

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: OAM).

3.5
2019-10-16 CVE-2019-17578 Dolibarr Cross-Site Scripting vulnerability in Dolibarr 10.0.2

An issue was discovered in Dolibarr 10.0.2.

3.5
2019-10-16 CVE-2019-17577 Dolibarr Cross-Site Scripting vulnerability in Dolibarr 10.0.2

An issue was discovered in Dolibarr 10.0.2.

3.5
2019-10-16 CVE-2019-17576 Dolibarr Cross-Site Scripting vulnerability in Dolibarr 10.0.2

An issue was discovered in Dolibarr 10.0.2.

3.5
2019-10-16 CVE-2019-11281 Pivotal Software Cross-Site Scripting vulnerability in Pivotal Software Rabbitmq

Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input.

3.5
2019-10-16 CVE-2019-16523 WP Events Plugin Cross-Site Scripting vulnerability in Wp-Events-Plugin Events Manager

The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.

3.5
2019-10-16 CVE-2019-16522 EU Cookie LAW Project Cross-Site Scripting vulnerability in EU Cookie LAW Project EU Cookie LAW

The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message.

3.5
2019-10-16 CVE-2019-17630 Cmsmadesimple Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.11

CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen.

3.5
2019-10-16 CVE-2019-17629 Cmsmadesimple Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.11

CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen.

3.5
2019-10-16 CVE-2019-16520 Semperplugins Cross-Site Scripting vulnerability in Semperplugins ALL in ONE SEO Pack

The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement.

3.5
2019-10-14 CVE-2019-16282 Nchsoftware Cross-Site Scripting vulnerability in Nchsoftware Express Invoice 7.12

In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field.

3.5
2019-10-16 CVE-2019-6473 ICS Reachable Assertion vulnerability in ICS KEA 1.6.0

An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit.

3.3
2019-10-16 CVE-2019-6472 ISC Reachable Assertion vulnerability in ISC KEA 1.4.0/1.5.0/1.6.0

A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure.

3.3
2019-10-16 CVE-2019-2961 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: SMF services & legacy daemons).

3.3
2019-10-16 CVE-2019-2955 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Core RDBMS component of Oracle Database Server.

3.3
2019-10-16 CVE-2019-2954 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Core RDBMS component of Oracle Database Server.

3.3
2019-10-16 CVE-2019-17627 Yalehome Improper Authentication vulnerability in Yalehome Yale Bluetooth KEY

The Yale Bluetooth Key application for mobile devices allows unauthorized unlock actions by sniffing Bluetooth Low Energy (BLE) traffic during one authorized unlock action, and then calculating the authentication key via simple computations on the hex digits of a valid authentication request.

3.3
2019-10-15 CVE-2019-17356 Infinitestudio Inadequate Encryption Strength vulnerability in Infinitestudio Infinite Design 3.4.12

The Infinite Design application 3.4.12 for Android sends a username and password via TCP without any encryption during login, as demonstrated by sniffing of a public Wi-Fi network.

3.3
2019-10-16 CVE-2019-12703 Cisco Cross-Site Scripting vulnerability in Cisco Spa122 Firmware 1.4.1

A vulnerability in the web-based management interface of Cisco SPA122 ATA with Router Devices could allow an unauthenticated, adjacent attacker to conduct cross-site scripting attacks.

2.9
2019-10-16 CVE-2019-2945 Oracle
Debian
Redhat
Netapp
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).
2.6
2019-10-16 CVE-2019-2872 Oracle Unspecified vulnerability in Oracle Retail Xstore Point of Service 17.0.3/18.0.1/19.0.0

Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Point of Sale).

2.6
2019-10-16 CVE-2019-17435 Paloaltonetworks Unspecified vulnerability in Paloaltonetworks Globalprotect

A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation.

2.1
2019-10-16 CVE-2019-15266 Cisco Path Traversal vulnerability in Cisco Wireless LAN Controller Software

A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to view system files that should be restricted.

2.1
2019-10-16 CVE-2019-15265 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in the bridge protocol data unit (BPDU) forwarding functionality of Cisco Aironet Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an AP port to go into an error disabled state.

2.1
2019-10-16 CVE-2019-3031 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2019-10-16 CVE-2019-3026 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2019-10-16 CVE-2019-3021 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2019-10-16 CVE-2019-3005 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2019-10-16 CVE-2019-3002 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2019-10-16 CVE-2019-2984 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2019-10-16 CVE-2019-2969 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs).

2.1
2019-10-16 CVE-2019-2959 Oracle Unspecified vulnerability in Oracle Hyperion Financial Reporting 11.1.2.4

Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Security Models).

2.1
2019-10-16 CVE-2019-2940 Oracle Unspecified vulnerability in Oracle Database Server 12.1.0.2/12.2.0.1/18C

Vulnerability in the Core RDBMS component of Oracle Database Server.

2.1
2019-10-16 CVE-2019-2926 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2019-10-16 CVE-2019-10453 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Delphix

Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

2.1
2019-10-16 CVE-2019-10450 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Elasticbox CI

Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

2.1
2019-10-14 CVE-2019-14858 Redhat Information Exposure Through LOG Files vulnerability in Redhat Ansible Engine

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5.

2.1
2019-10-14 CVE-2019-4572 IBM Information Exposure Through LOG Files vulnerability in IBM Filenet Content Manager 5.5.2/5.5.3

IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations, could log the web service user credentials into a log file that could be accessed by an administrator on the local machine.

2.1
2019-10-14 CVE-2019-3767 Dell Cleartext Storage of Sensitive Information vulnerability in Dell Imageassist

Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability.

1.9
2019-10-16 CVE-2019-3008 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: LDAP Library).

1.2