Weekly Vulnerabilities Reports > December 2 to 8, 2019

Overview

246 new vulnerabilities reported during this period, including 51 critical vulnerabilities and 92 high severity vulnerabilities. This weekly summary report vulnerabilities in 313 products from 128 vendors including Debian, Linux, Fedoraproject, Google, and Opensuse. Vulnerabilities are notably categorized as "Cross-site Scripting", "Use After Free", "Out-of-bounds Write", "Improper Privilege Management", and "Out-of-bounds Read".

  • 168 reported vulnerabilities are remotely exploitables.
  • 10 reported vulnerabilities have public exploit available.
  • 72 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 153 reported vulnerabilities are exploitable by an anonymous user.
  • Debian has the most reported vulnerabilities, with 28 reported vulnerabilities.
  • Qnap has the most reported critical vulnerabilities, with 7 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

51 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-12-08 CVE-2019-19638 Libsixel Project Integer Overflow or Wraparound vulnerability in Libsixel Project Libsixel 1.8.2

An issue was discovered in libsixel 1.8.2.

9.8
2019-12-08 CVE-2019-19637 Libsixel Project Integer Overflow or Wraparound vulnerability in Libsixel Project Libsixel 1.8.2

An issue was discovered in libsixel 1.8.2.

9.8
2019-12-08 CVE-2019-19636 Libsixel Project Integer Overflow or Wraparound vulnerability in Libsixel Project Libsixel 1.8.2

An issue was discovered in libsixel 1.8.2.

9.8
2019-12-08 CVE-2019-19635 Libsixel Project Out-of-bounds Write vulnerability in Libsixel Project Libsixel 1.8.2

An issue was discovered in libsixel 1.8.2.

9.8
2019-12-06 CVE-2019-10769 Safer Eval Project Code Injection vulnerability in Safer-Eval Project Safer-Eval

safer-eval is a npm package to sandbox the he evaluation of code used within the eval function.

9.8
2019-12-06 CVE-2019-18671 Keepkey Out-of-bounds Write vulnerability in Keepkey Firmware

Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages.

9.8
2019-12-06 CVE-2019-16674 Weidmueller Use of Insufficiently Random Values vulnerability in Weidmueller products

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices.

9.8
2019-12-06 CVE-2019-16672 Weidmueller Insufficiently Protected Credentials vulnerability in Weidmueller products

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices.

9.8
2019-12-06 CVE-2019-16670 Weidmueller Improper Restriction of Excessive Authentication Attempts vulnerability in Weidmueller products

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices.

9.8
2019-12-06 CVE-2018-7282 Titool SQL Injection vulnerability in Titool Printmonitor

The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi.

9.8
2019-12-06 CVE-2019-5544 Vmware
Redhat
Openslp
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue.

9.8
2019-12-06 CVE-2019-19334 Cesnet
Redhat
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref".

9.8
2019-12-06 CVE-2019-19333 Cesnet
Redhat
Out-of-bounds Write vulnerability in multiple products

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits".

9.8
2019-12-06 CVE-2019-19617 Phpmyadmin
Debian
phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.
9.8
2019-12-05 CVE-2019-7195 Qnap Path Traversal vulnerability in Qnap Photo Station

This external control of file name or path vulnerability allows remote attackers to access or modify system files.

9.8
2019-12-05 CVE-2019-7194 Qnap Path Traversal vulnerability in Qnap Photo Station

This external control of file name or path vulnerability allows remote attackers to access or modify system files.

9.8
2019-12-05 CVE-2019-7193 Qnap Improper Input Validation vulnerability in Qnap QTS

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system.

9.8
2019-12-05 CVE-2019-7192 Qnap Incorrect Authorization vulnerability in Qnap Photo Station

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system.

9.8
2019-12-05 CVE-2019-7183 Qnap Link Following vulnerability in Qnap QTS

This improper link resolution vulnerability allows remote attackers to access system files.

9.8
2019-12-05 CVE-2019-19595 Adobe
Prestashop
Unrestricted Upload of File with Dangerous Type vulnerability in multiple products

reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file.

9.8
2019-12-05 CVE-2019-19594 Adobe
Prestashop
Unrestricted Upload of File with Dangerous Type vulnerability in multiple products

reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file.

9.8
2019-12-05 CVE-2019-14910 Redhat Improper Certificate Validation vulnerability in Redhat Keycloak 7.0.0/7.0.1

A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered.

9.8
2019-12-05 CVE-2019-19317 Sqlite
Netapp
Oracle
Siemens
Incorrect Conversion between Numeric Types vulnerability in multiple products

lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.

9.8
2019-12-05 CVE-2019-19589 WP PDF Interpretation Conflict vulnerability in Wp-Pdf PDF Embedder 4.4

The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives.

9.8
2019-12-05 CVE-2019-19521 Openbsd Improper Authentication vulnerability in Openbsd 6.6

libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd.

9.8
2019-12-04 CVE-2013-2745 Minidlna Project
Debian
SQL Injection vulnerability in multiple products

An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0

9.8
2019-12-04 CVE-2019-19228 Fronius Cleartext Storage of Sensitive Information vulnerability in Fronius products

Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file.

9.8
2019-12-04 CVE-2019-19576 Verot Project
Getk2
Unrestricted Upload of File with Dangerous Type vulnerability in multiple products

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.

9.8
2019-12-04 CVE-2019-17556 Apache Deserialization of Untrusted Data vulnerability in Apache Olingo

Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized.

9.8
2019-12-04 CVE-2019-11940 Facebook Use After Free vulnerability in Facebook Proxygen

In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free condition and undefined behavior.

9.8
2019-12-04 CVE-2019-11936 Facebook Unspecified vulnerability in Facebook Hhvm

Various APC functions accept keys containing null bytes as input, leading to premature truncation of input.

9.8
2019-12-04 CVE-2019-11935 Facebook Classic Buffer Overflow vulnerability in Facebook Hhvm

Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory.

9.8
2019-12-04 CVE-2019-11934 Facebook Out-of-bounds Read vulnerability in Facebook Folly

Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket.

9.8
2019-12-04 CVE-2019-11930 Facebook Release of Invalid Pointer or Reference vulnerability in Facebook Hhvm

An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution.

9.8
2019-12-04 CVE-2018-0730 Qnap Command Injection vulnerability in Qnap QTS

This command injection vulnerability in File Station allows attackers to execute commands on the affected device.

9.8
2019-12-04 CVE-2018-0729 Qnap Command Injection vulnerability in Qnap Music Station

This command injection vulnerability in Music Station allows attackers to execute commands on the affected device.

9.8
2019-12-03 CVE-2019-5096 Embedthis Use After Free vulnerability in Embedthis Goahead 3.6.5/4.1.1/5.0.1

An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5.

9.8
2019-12-03 CVE-2019-19459 Saltosystem Path Traversal vulnerability in Saltosystem Proaccess Space 5.4.3.0/5.5

An issue was discovered in SALTO ProAccess SPACE 5.4.3.0.

9.8
2019-12-03 CVE-2019-16885 Okay CMS Code Injection vulnerability in Okay-Cms Okaycms

In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie.

9.8
2019-12-03 CVE-2013-4486 Redhat Injection vulnerability in Redhat Zanata

Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging

9.8
2019-12-02 CVE-2019-19021 Titanhq Use of Hard-coded Credentials vulnerability in Titanhq Webtitan

An issue was discovered in TitanHQ WebTitan before 5.18.

9.8
2019-12-02 CVE-2019-19015 Titanhq Exposure of Resource to Wrong Sphere vulnerability in Titanhq Webtitan

An issue was discovered in TitanHQ WebTitan before 5.18.

9.8
2019-12-02 CVE-2019-12518 Anviz Classic Buffer Overflow vulnerability in Anviz Crosschex 4.3.12/4.3.8.0

Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.

9.8
2019-12-02 CVE-2019-12503 Inateck Cleartext Transmission of Sensitive Information vulnerability in Inateck Bcst-60 Firmware

Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks.

9.8
2019-12-02 CVE-2019-12394 Anviz Improper Authentication vulnerability in Anviz Management System

Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication.

9.8
2019-12-02 CVE-2019-12392 Anviz Missing Authentication for Critical Function vulnerability in Anviz Firmware

Anviz access control devices allow remote attackers to issue commands without a password.

9.8
2019-12-02 CVE-2019-19502 Maleck Code Injection vulnerability in Maleck Image Uploader and Browser for Ckeditor

Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code.

9.8
2019-12-02 CVE-2019-19245 Napc SQL Injection vulnerability in Napc Xinet Elegant 6 Asset Library 6.1.655

NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used.

9.8
2019-12-02 CVE-2019-19492 Freeswitch Use of Hard-coded Credentials vulnerability in Freeswitch

FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.

9.8
2019-12-02 CVE-2019-15631 Mulesoft Unspecified vulnerability in Mulesoft API Gateway and Mule Runtime

Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.

9.8
2019-12-05 CVE-2019-15897 Thinkparq Improper Authentication vulnerability in Thinkparq Beegfs 7.1.3

beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows Authentication Bypass via communication with a BeeGFS metadata server (which is typically not exposed to external networks).

9.6

92 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-12-08 CVE-2019-19642 Supermicro OS Command Injection vulnerability in Supermicro X8Sti-F Bios and X8Sti-F Firmware

On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address.

8.8
2019-12-06 CVE-2019-2225 Google Improper Privilege Management vulnerability in Google Android

When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone.

8.8
2019-12-06 CVE-2019-12734 Sitevision Missing Authorization vulnerability in Sitevision 4.0/5.0

SiteVision 4 has Incorrect Access Control.

8.8
2019-12-06 CVE-2019-12733 Sitevision Unspecified vulnerability in Sitevision 4.0/5.0

SiteVision 4 allows Remote Code Execution.

8.8
2019-12-05 CVE-2012-1592 Apache Unrestricted Upload of File with Dangerous Type vulnerability in Apache Struts 2.0.0

A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.

8.8
2019-12-05 CVE-2019-19598 Dlink Improper Authentication vulnerability in Dlink Dap-1860 Firmware 1.01B06/1.02B01/1.04B01

D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value.

8.8
2019-12-05 CVE-2019-19597 Dlink Incorrect Authorization vulnerability in Dlink Dap-1860 Firmware 1.01B06/1.02B01/1.04B01

D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.

8.8
2019-12-04 CVE-2019-18346 Davical Cross-Site Request Forgery (CSRF) vulnerability in Davical

A CSRF issue was discovered in DAViCal through 1.1.8.

8.8
2019-12-03 CVE-2013-7325 Debian Unspecified vulnerability in Debian Linux and Devscripts

An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.

8.8
2019-12-03 CVE-2019-5133 Accusoft Out-of-bounds Write vulnerability in Accusoft Imagegear 19.3.0

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll BMP parser of the ImageGear 19.3.0 library.

8.8
2019-12-03 CVE-2019-5132 Accusoft Out-of-bounds Write vulnerability in Accusoft Imagegear 19.3.0

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll GEM Raster parser of the Accusoft ImageGear 19.3.0 library.

8.8
2019-12-03 CVE-2019-5112 Formalms SQL Injection vulnerability in Formalms 2.2.1

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1.

8.8
2019-12-03 CVE-2019-5111 Formalms SQL Injection vulnerability in Formalms 2.2.1

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1.

8.8
2019-12-03 CVE-2019-5110 Formalms SQL Injection vulnerability in Formalms 2.2.1

Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1.

8.8
2019-12-03 CVE-2019-5109 Formalms SQL Injection vulnerability in Formalms 2.2.1

Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1.

8.8
2019-12-03 CVE-2019-5083 Accusoft Out-of-bounds Write vulnerability in Accusoft Imagegear 19.3.0

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFdecodethunderscan function of Accusoft ImageGear 19.3.0 library.

8.8
2019-12-03 CVE-2019-5076 Accusoft Out-of-bounds Write vulnerability in Accusoft Imagegear 19.3.0

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG header-parser of the Accusoft ImageGear 19.3.0 library.

8.8
2019-12-03 CVE-2016-1000104 Apache
Opensuse
Improper Input Validation vulnerability in multiple products

A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.

8.8
2019-12-03 CVE-2019-19383 Freeftpd Classic Buffer Overflow vulnerability in Freeftpd 1.0.8

freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command (this is exploitable even if logging is disabled).

8.8
2019-12-03 CVE-2019-4130 IBM Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cloud PAK System 2.3/2.3.0.1

IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.

8.8
2019-12-05 CVE-2019-5098 Vmware
AMD
Out-of-bounds Read vulnerability in multiple products

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010.

8.6
2019-12-03 CVE-2019-19458 Saltosystem Path Traversal vulnerability in Saltosystem Proaccess Space 5.4.3.0/5.5

SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature.

8.6
2019-12-02 CVE-2014-9356 Docker Path Traversal vulnerability in Docker

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.

8.6
2019-12-04 CVE-2019-14909 Redhat Improper Authentication vulnerability in Redhat Keycloak 7.0.0/7.0.1

A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.

8.3
2019-12-03 CVE-2013-2228 Saltstack Improper Restriction of Excessive Authentication Attempts vulnerability in Saltstack 0.14.0/0.14.1/0.15.0

SaltStack RSA Key Generation allows remote users to decrypt communications

8.1
2019-12-03 CVE-2013-2103 Redhat Improper Input Validation vulnerability in Redhat Openshift 1.0

OpenShift cartridge allows remote URL retrieval

8.1
2019-12-02 CVE-2019-19017 Titanhq Use of Hard-coded Credentials vulnerability in Titanhq Webtitan

An issue was discovered in TitanHQ WebTitan before 5.18.

8.1
2019-12-08 CVE-2019-19630 Htmldoc Project
Debian
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document.

7.8
2019-12-08 CVE-2019-19449 Linux Out-of-bounds Read vulnerability in Linux Kernel 5.0.21

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated).

7.8
2019-12-08 CVE-2019-19448 Linux
Debian
Canonical
Netapp
Use After Free vulnerability in multiple products

In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.

7.8
2019-12-08 CVE-2019-19447 Linux
Netapp
Use After Free vulnerability in multiple products

In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.

7.8
2019-12-06 CVE-2019-2223 Google Out-of-bounds Write vulnerability in Google Android

In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check.

7.8
2019-12-06 CVE-2019-2222 Google Out-of-bounds Write vulnerability in Google Android

n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check.

7.8
2019-12-06 CVE-2019-2221 Google Unspecified vulnerability in Google Android 10.0

In hasActivityInVisibleTask of WindowProcessController.java there’s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state.

7.8
2019-12-06 CVE-2019-2218 Google Missing Authorization vulnerability in Google Android 10.0

In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check.

7.8
2019-12-06 CVE-2019-2217 Google Use After Free vulnerability in Google Android 10.0

In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free.

7.8
2019-12-06 CVE-2012-1615 Fedoraproject Improper Privilege Management vulnerability in Fedoraproject Fedora and Sectool

A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file.

7.8
2019-12-05 CVE-2019-17388 Aviatrix Incorrect Permission Assignment for Critical Resource vulnerability in Aviatrix VPN Client

Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges through file modifications.

7.8
2019-12-05 CVE-2019-17387 Aviatrix Unspecified vulnerability in Aviatrix VPN Client

An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client through 2.2.10 allows an attacker to gain elevated privileges through arbitrary code execution on Windows, Linux, and macOS.

7.8
2019-12-05 CVE-2019-3690 Opensuse Unspecified vulnerability in Opensuse Leap 15.1

The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix).

7.8
2019-12-05 CVE-2019-17437 Paloaltonetworks Improper Authentication vulnerability in Paloaltonetworks Pan-Os

An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser.

7.8
2019-12-05 CVE-2019-19601 Opendetex Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Opendetex Project Opendetex 2.8.5

OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of an incorrect sprintf.

7.8
2019-12-05 CVE-2019-19590 Radare Use After Free vulnerability in Radare Radare2

In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c.

7.8
2019-12-05 CVE-2019-19522 Openbsd Incorrect Permission Assignment for Critical Resource vulnerability in Openbsd 6.6

OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group.

7.8
2019-12-05 CVE-2019-19520 Openbsd Incorrect Authorization vulnerability in Openbsd 6.6

xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.

7.8
2019-12-05 CVE-2019-19519 Openbsd Improper Authentication vulnerability in Openbsd 6.6

In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c.

7.8
2019-12-04 CVE-2019-19364 Sony Uncontrolled Search Path Element vulnerability in Sony Catalyst Browse and Catalyst Production Suite

A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run.

7.8
2019-12-04 CVE-2019-7201 Qnap Unquoted Search Path or Element vulnerability in Qnap Netbak Replicator 4.5.11.816

An unquoted service path vulnerability is reported to affect the service QVssService in QNAP NetBak Replicator.

7.8
2019-12-04 CVE-2019-15638 Copadata Uncontrolled Search Path Element vulnerability in Copadata Zenon 8.10

COPA-DATA zenone32 zenon Editor through 8.10 has an Uncontrolled Search Path Element.

7.8
2019-12-03 CVE-2019-5164 Shadowsocks
Opensuse
Missing Authentication for Critical Function vulnerability in multiple products

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2.

7.8
2019-12-03 CVE-2019-19543 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.

7.8
2019-12-03 CVE-2019-19382 Maxpcsecure Incorrect Permission Assignment for Critical Resource vulnerability in Maxpcsecure Anti Virus Plus 19.0.4.020

Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory.

7.8
2019-12-03 CVE-2019-7366 Autodesk Classic Buffer Overflow vulnerability in Autodesk FBX Software Development KIT 2019.5

Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5.

7.8
2019-12-03 CVE-2019-7365 Autodesk Uncontrolled Search Path Element vulnerability in Autodesk Desktop 7.0.16.29

DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier.

7.8
2019-12-02 CVE-2012-4576 Freebsd
Debian
Improper Input Validation vulnerability in multiple products

FreeBSD: Input Validation Flaw allows local users to gain elevated privileges

7.8
2019-12-02 CVE-2012-4480 Ovirt
Fedoraproject
Improper Privilege Management vulnerability in multiple products

mom creates world-writable pid files in /var/run

7.8
2019-12-02 CVE-2019-19014 Titanhq Improper Privilege Management vulnerability in Titanhq Webtitan

An issue was discovered in TitanHQ WebTitan before 5.18.

7.8
2019-12-02 CVE-2019-15628 Trendmicro Untrusted Search Path vulnerability in Trendmicro products

Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started.

7.8
2019-12-06 CVE-2019-2232 Google Incorrect Calculation vulnerability in Google Android

In handleRun of TextLine.java, there is a possible application crash due to improper input validation.

7.5
2019-12-06 CVE-2019-2230 Google Use After Free vulnerability in Google Android 10.0

In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free.

7.5
2019-12-06 CVE-2019-18672 Shapeshift Improper Validation of Integrity Check Value vulnerability in Shapeshift Keepkey Firmware

Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages.

7.5
2019-12-05 CVE-2019-16770 Puma
Debian
In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack.
7.5
2019-12-05 CVE-2019-18180 Otrs Infinite Loop vulnerability in Otrs

Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g.

7.5
2019-12-05 CVE-2019-19588 Validators Project Infinite Loop vulnerability in Validators Project Validators

The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string.

7.5
2019-12-05 CVE-2019-19553 Wireshark
Opensuse
Oracle
Debian
Missing Initialization of Resource vulnerability in multiple products

In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash.

7.5
2019-12-04 CVE-2019-16753 Pivx
Decentralized Anonymous Payment System Project
Improper Verification of Cryptographic Signature vulnerability in multiple products

An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26.

7.5
2019-12-04 CVE-2019-17555 Apache Improper Input Validation vulnerability in Apache Olingo

The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0 reads the Retry-After header and passes it to the Thread.sleep() method without any check.

7.5
2019-12-04 CVE-2018-0728 Qnap Improper Privilege Management vulnerability in Qnap Helpdesk

This improper access control vulnerability in Helpdesk allows attackers to access the system logs.

7.5
2019-12-04 CVE-2019-11937 Facebook Uncontrolled Recursion vulnerability in Facebook Mcrouter

In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could result in stack exhaustion and denial of service.

7.5
2019-12-04 CVE-2019-11923 Facebook Allocation of Resources Without Limits or Throttling vulnerability in Facebook Mcrouter

In Mcrouter prior to v0.41.0, the deprecated ASCII parser would allocate a buffer to a user-specified length with no maximum length enforced, allowing for resource exhaustion or denial of service.

7.5
2019-12-04 CVE-2019-18850 Trustedsec Information Exposure Through Discrepancy vulnerability in Trustedsec Trevorc2 1.1/1.2

TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and interacting with the "SITE_PATH_QUERY".

7.5
2019-12-03 CVE-2019-5163 Shadowsocks
Opensuse
Missing Authentication for Critical Function vulnerability in multiple products

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2.

7.5
2019-12-03 CVE-2019-5097 Embedthis Infinite Loop vulnerability in Embedthis Goahead 3.6.5/4.1.1/5.0.1

A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5.

7.5
2019-12-03 CVE-2019-9689 Axtls Project Classic Buffer Overflow vulnerability in Axtls Project Axtls

process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with zero certificates.

7.5
2019-12-03 CVE-2019-10013 Axtls Project Classic Buffer Overflow vulnerability in Axtls Project Axtls

The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow that allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted certificate in the TLS certificate handshake message, because the result of get_asn1_length() is not checked for a minimum or maximum size.

7.5
2019-12-03 CVE-2013-2106 Stanford
Debian
Insufficiently Protected Credentials vulnerability in multiple products

webauth before 4.6.1 has authentication credential disclosure

7.5
2019-12-02 CVE-2019-19316 Hashicorp Cleartext Transmission of Sensitive Information vulnerability in Hashicorp Terraform

When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.

7.5
2019-12-02 CVE-2013-4410 Reviewboard
Fedoraproject
Incorrect Authorization vulnerability in multiple products

ReviewBoard: has an access-control problem in REST API

7.5
2019-12-02 CVE-2012-4428 Openslp
Debian
Fedoraproject
Canonical
Out-of-bounds Read vulnerability in multiple products

openslp: SLPIntersectStringList()' Function has a DoS vulnerability

7.5
2019-12-02 CVE-2019-19019 Titanhq Origin Validation Error vulnerability in Titanhq Webtitan

An issue was discovered in TitanHQ WebTitan before 5.18.

7.5
2019-12-02 CVE-2019-19016 Titanhq SQL Injection vulnerability in Titanhq Webtitan

An issue was discovered in TitanHQ WebTitan before 5.18.

7.5
2019-12-02 CVE-2019-12393 Anviz Authentication Bypass by Capture-replay vulnerability in Anviz Management System

Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests.

7.5
2019-12-02 CVE-2019-12391 Anviz Unspecified vulnerability in Anviz Management System

The Anviz Management System for access control has insufficient logging for device events such as door open requests.

7.5
2019-12-02 CVE-2019-12389 Anviz Missing Authentication for Critical Function vulnerability in Anviz Firmware

Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010.

7.5
2019-12-02 CVE-2019-12388 Anviz Cleartext Transmission of Sensitive Information vulnerability in Anviz Firmware

Anviz access control devices perform cleartext transmission of sensitive information (passwords/pins and names) when replying to query on port tcp/5010.

7.5
2019-12-06 CVE-2012-2130 Polarssl
Debian
Fedoraproject
Inadequate Encryption Strength vulnerability in multiple products

A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys.

7.4
2019-12-05 CVE-2013-0243 Haskell Improper Input Validation vulnerability in Haskell Hs-Tls

haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections

7.4
2019-12-02 CVE-2019-19490 Litemanager Incorrect Default Permissions vulnerability in Litemanager 4.5.0

LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe.

7.3
2019-12-05 CVE-2019-19609 Strapi OS Command Injection vulnerability in Strapi

The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.

7.2
2019-12-05 CVE-2019-19007 Intelbras Information Exposure vulnerability in Intelbras IWR 3000N Firmware 1.8.7

Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled, a related issue to CVE-2019-17600.

7.2
2019-12-02 CVE-2019-19020 Titanhq Unrestricted Upload of File with Dangerous Type vulnerability in Titanhq Webtitan

An issue was discovered in TitanHQ WebTitan before 5.18.

7.2
2019-12-06 CVE-2019-18575 Dell Uncontrolled Search Path Element vulnerability in Dell Command|Configure

Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability.

7.1

96 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-12-04 CVE-2019-19579 XEN
Fedoraproject
Improper Input Validation vulnerability in multiple products

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424.

6.8
2019-12-03 CVE-2019-19532 Linux Out-of-bounds Write vulnerability in Linux Kernel

In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95.

6.8
2019-12-03 CVE-2019-19531 Linux
Debian
Opensuse
Use After Free vulnerability in multiple products

In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca.

6.8
2019-12-03 CVE-2019-19527 Linux
Debian
Opensuse
Use After Free vulnerability in multiple products

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.

6.8
2019-12-02 CVE-2019-15689 Kaspersky Exposure of Resource to Wrong Sphere vulnerability in Kaspersky products

Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights.

6.7
2019-12-06 CVE-2019-2227 Google Out-of-bounds Read vulnerability in Google Android 10.0/9.0

In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting.

6.5
2019-12-06 CVE-2019-11293 Cloudfoundry Information Exposure Through Log Files vulnerability in Cloudfoundry Cf-Deployment

Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter.

6.5
2019-12-06 CVE-2019-16771 Linecorp Injection vulnerability in Linecorp Armeria

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response.

6.5
2019-12-06 CVE-2019-16673 Weidmueller Insufficiently Protected Credentials vulnerability in Weidmueller products

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices.

6.5
2019-12-06 CVE-2019-16671 Weidmueller Resource Exhaustion vulnerability in Weidmueller products

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices.

6.5
2019-12-06 CVE-2019-19624 Opencv
Redhat
Out-of-bounds Read vulnerability in multiple products

An out-of-bounds read was discovered in OpenCV before 4.1.1.

6.5
2019-12-05 CVE-2019-19546 Norton Unspecified vulnerability in Norton Password Manager

Norton Password Manager, prior to 6.6.2.5, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.

6.5
2019-12-05 CVE-2019-11255 Kubernetes
Redhat
Improper Input Validation vulnerability in multiple products

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.

6.5
2019-12-04 CVE-2019-11216 BMC Unrestricted Upload of File with Dangerous Type vulnerability in BMC Remedy Smart Reporting

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality.

6.5
2019-12-04 CVE-2019-19229 Fronius Path Traversal vulnerability in Fronius products

admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=download&filename= Directory Traversal.

6.5
2019-12-03 CVE-2019-13456 Freeradius
Redhat
Opensuse
Information Exposure Through Discrepancy vulnerability in multiple products

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop.

6.5
2019-12-03 CVE-2019-3666 Mcafee Unspecified vulnerability in Mcafee Webadvisor

API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a carefully crafted web site.

6.5
2019-12-03 CVE-2019-3665 Mcafee Code Injection vulnerability in Mcafee Webadvisor

Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would normally have blocked via a carefully crafted web site.

6.5
2019-12-02 CVE-2019-19516 Intelbras Cross-Site Request Forgery (CSRF) vulnerability in Intelbras WRN 150 Firmware 1.0.18

Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password.

6.5
2019-12-02 CVE-2012-5562 Redhat Cleartext Transmission of Sensitive Information vulnerability in Redhat Satellite

rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite

6.5
2019-12-02 CVE-2019-19118 Djangoproject
Fedoraproject
Incorrect Default Permissions vulnerability in multiple products

Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing.

6.5
2019-12-02 CVE-2019-19362 Teamviewer Improper Cross-boundary Removal of Sensitive Data vulnerability in Teamviewer 14.3.4730

An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows.

6.5
2019-12-05 CVE-2019-19545 Norton Origin Validation Error vulnerability in Norton Password Manager

Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.

6.3
2019-12-05 CVE-2019-18381 Norton Origin Validation Error vulnerability in Norton Password Manager

Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.

6.3
2019-12-03 CVE-2019-19529 Linux
Canonical
Use After Free vulnerability in multiple products

In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41.

6.3
2019-12-07 CVE-2019-16772 Serialize TO JS Project Cross-site Scripting vulnerability in Serialize-To-Js Project Serialize-To-Js

The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS).

6.1
2019-12-06 CVE-2019-19619 Documize Cross-site Scripting vulnerability in Documize

domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content.

6.1
2019-12-05 CVE-2012-1115 Ldap Account Manager
Fedoraproject
Debian
Cross-site Scripting vulnerability in multiple products

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.

6.1
2019-12-05 CVE-2012-1114 Ldap Account Manager
Fedoraproject
Debian
Cross-site Scripting vulnerability in multiple products

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action.

6.1
2019-12-05 CVE-2019-19466 Sceditor Cross-site Scripting vulnerability in Sceditor 2.1.3

SCEditor 2.1.3 allows XSS.

6.1
2019-12-05 CVE-2019-19602 Linux
Canonical
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc.

6.1
2019-12-05 CVE-2019-19587 Wso2 Cross-site Scripting vulnerability in Wso2 Enterprise Integrator 6.5.0

In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor configuration from the source view in the Management Console.

6.1
2019-12-04 CVE-2019-19133 Csshero Cross-site Scripting vulnerability in Csshero 4.0.3

The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a csshero_action=edit_page request because it fails to sufficiently sanitize user-supplied input.

6.1
2019-12-03 CVE-2019-19528 Linux Use After Free vulnerability in Linux Kernel

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d.

6.1
2019-12-02 CVE-2012-4526 Piwigo Cross-site Scripting vulnerability in Piwigo

piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)

6.1
2019-12-02 CVE-2012-4525 Piwigo Cross-site Scripting vulnerability in Piwigo

piwigo has XSS in password.php

6.1
2019-12-02 CVE-2019-19491 Testlink Cross-site Scripting vulnerability in Testlink 1.9.19

TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request.

6.1
2019-12-06 CVE-2012-2092 Canonical Improper Verification of Cryptographic Signature vulnerability in Canonical Ubuntu Cobbler

A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature.

5.9
2019-12-06 CVE-2019-11554 Amazon Improper Certificate Validation vulnerability in Amazon Audible 2.34.0

The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service.

5.9
2019-12-06 CVE-2019-9464 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 10.0

In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location.

5.5
2019-12-06 CVE-2019-2229 Google Missing Authorization vulnerability in Google Android

In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check.

5.5
2019-12-06 CVE-2019-2228 Google Out-of-bounds Read vulnerability in Google Android

In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check.

5.5
2019-12-06 CVE-2019-2226 Google Out-of-bounds Read vulnerability in Google Android

In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting.

5.5
2019-12-06 CVE-2019-2220 Google Unspecified vulnerability in Google Android 10.0/9.0

In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend.

5.5
2019-12-05 CVE-2012-1105 Apereo
Fedoraproject
Debian
Information Exposure vulnerability in multiple products

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory.

5.5
2019-12-05 CVE-2013-0326 Openstack
Debian
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products

OpenStack nova base images permissions are world readable

5.5
2019-12-05 CVE-2013-0163 Redhat Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift 1.0/2.0

OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS

5.5
2019-12-04 CVE-2019-19555 Xfig Project Out-of-bounds Write vulnerability in Xfig Project Xfig 3.2.7

read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.

5.5
2019-12-04 CVE-2019-17554 Apache XXE vulnerability in Apache Olingo

The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities.

5.5
2019-12-03 CVE-2019-3750 Dell Link Following vulnerability in Dell Command Update

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability.

5.5
2019-12-03 CVE-2019-3749 Dell Link Following vulnerability in Dell Command Update

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability.

5.5
2019-12-03 CVE-2019-19460 Saltosystem Incorrect Default Permissions vulnerability in Saltosystem Proaccess Space 5.4.3.0/5.5

An issue was discovered in SALTO ProAccess SPACE 5.4.3.0.

5.5
2019-12-02 CVE-2019-19489 Smplayer Classic Buffer Overflow vulnerability in Smplayer 19.5.0

SMPlayer 19.5.0 has a buffer overflow via a long .m3u file.

5.5
2019-12-05 CVE-2019-16769 Verizon Cross-site Scripting vulnerability in Verizon Serialize-Javascript

The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS).

5.4
2019-12-05 CVE-2013-0283 Theforeman Cross-site Scripting vulnerability in Theforeman Katello

Katello: Username in Notification page has cross site scripting

5.4
2019-12-05 CVE-2019-19596 Gitbook Cross-site Scripting vulnerability in Gitbook

GitBook through 2.6.9 allows XSS via a local .md file.

5.4
2019-12-04 CVE-2019-18347 Davical Cross-site Scripting vulnerability in Davical

A stored XSS issue was discovered in DAViCal through 1.1.8.

5.4
2019-12-03 CVE-2019-19457 Saltosystem Cross-site Scripting vulnerability in Saltosystem Proaccess Space 5.4.3.0/5.5

SALTO ProAccess SPACE 5.4.3.0 allows XSS.

5.4
2019-12-03 CVE-2019-18993 Openwrt Cross-site Scripting vulnerability in Openwrt 18.06.4

OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device).

5.4
2019-12-03 CVE-2019-18992 Openwrt Cross-site Scripting vulnerability in Openwrt 18.06.4

OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, on a TP-Link Archer C7 device).

5.4
2019-12-03 CVE-2019-4468 IBM Cross-site Scripting vulnerability in IBM Cloud PAK System 2.3/2.3.0.1

IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting.

5.4
2019-12-03 CVE-2019-4467 IBM Cross-site Scripting vulnerability in IBM Cloud PAK System 2.3/2.3.0.1

IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting.

5.4
2019-12-03 CVE-2019-4226 IBM Cross-site Scripting vulnerability in IBM Cloud PAK System 2.3/2.3.0.1

IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting.

5.4
2019-12-03 CVE-2019-4098 IBM Cross-site Scripting vulnerability in IBM Cloud PAK System 2.3/2.3.0.1

IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting.

5.4
2019-12-03 CVE-2013-2101 Theforeman
Redhat
Cross-site Scripting vulnerability in multiple products

Katello has multiple XSS issues in various entities

5.4
2019-12-02 CVE-2019-19496 Alfresco Cross-site Scripting vulnerability in Alfresco

Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document.

5.4
2019-12-02 CVE-2019-19493 Kentico Use of Incorrectly-Resolved Name or Reference vulnerability in Kentico

Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.

5.4
2019-12-06 CVE-2019-1551 Openssl
Opensuse
Oracle
Canonical
Fedoraproject
Debian
Tenable
Integer Overflow or Wraparound vulnerability in multiple products

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli.

5.3
2019-12-06 CVE-2019-19627 ROS Information Exposure vulnerability in ROS Sros2 0.8.1

SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration.

5.3
2019-12-06 CVE-2019-19625 ROS Information Exposure vulnerability in ROS Sros2 0.8.1

SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document.

5.3
2019-12-05 CVE-2012-1104 Apereo
Debian
Improper Privilege Management vulnerability in multiple products

A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.

5.3
2019-12-03 CVE-2015-7542 Aquamaniac
Debian
Opensuse
Cleartext Transmission of Sensitive Information vulnerability in multiple products

A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates.

5.3
2019-12-02 CVE-2019-19507 Json Pattern Validator Project Improper Authentication vulnerability in Json Pattern Validator Project Json Pattern Validator

In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'name':'Array'}.

5.3
2019-12-02 CVE-2019-12390 Anviz Missing Authentication for Critical Function vulnerability in Anviz Firmware

Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials via port tcp/5010.

5.3
2019-12-06 CVE-2019-19552 Sangoma Cross-site Scripting vulnerability in Sangoma Freepbx

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI.

4.8
2019-12-06 CVE-2019-19551 Sangoma Cross-site Scripting vulnerability in Sangoma Freepbx

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site.

4.8
2019-12-05 CVE-2019-7185 Qnap Cross-site Scripting vulnerability in Qnap Music Station

This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console.

4.8
2019-12-05 CVE-2019-7184 Qnap Cross-site Scripting vulnerability in Qnap Video Station

This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator’s management console.

4.8
2019-12-04 CVE-2019-7197 Qnap Cross-site Scripting vulnerability in Qnap QTS

A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS.

4.8
2019-12-03 CVE-2019-18574 RSA
EMC
Cross-site Scripting vulnerability in multiple products

RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console.

4.8
2019-12-06 CVE-2019-2219 Google Race Condition vulnerability in Google Android 10.0/9.0

In several functions of NotificationManagerService.java and related files, there is a possible way to record audio from the background without notification to the user due to a permission bypass.

4.7
2019-12-03 CVE-2013-4235 Debian
Fedoraproject
Redhat
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

4.7
2019-12-03 CVE-2019-19536 Linux
Debian
Opensuse
Missing Initialization of Resource vulnerability in multiple products

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.

4.6
2019-12-03 CVE-2019-19535 Linux
Debian
Opensuse
Oracle
Missing Initialization of Resource vulnerability in multiple products

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.

4.6
2019-12-03 CVE-2019-19530 Linux
Debian
Opensuse
Use After Free vulnerability in multiple products

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.

4.6
2019-12-03 CVE-2019-19526 Linux
Canonical
Opensuse
Use After Free vulnerability in multiple products

In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098.

4.6
2019-12-03 CVE-2019-19525 Linux
Debian
Opensuse
Use After Free vulnerability in multiple products

In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035.

4.6
2019-12-03 CVE-2019-19524 Linux
Debian
Canonical
Use After Free vulnerability in multiple products

In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.

4.6
2019-12-03 CVE-2019-19523 Linux
Debian
Opensuse
Use After Free vulnerability in multiple products

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.

4.6
2019-12-06 CVE-2019-2231 Google Missing Encryption of Sensitive Data vulnerability in Google Android 10.0/9.0

In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation.

4.4
2019-12-06 CVE-2019-19616 Xtivia Authorization Bypass Through User-Controlled Key vulnerability in Xtivia web Time and Expense 2016

An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment function.

4.3
2019-12-05 CVE-2019-16768 Sylius Information Exposure Through an Error Message vulnerability in Sylius

In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI.

4.3
2019-12-04 CVE-2019-16752 Pivx
Dash
Officialdapscoin
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26.

4.3
2019-12-03 CVE-2019-3990 Linuxfoundation Improper Privilege Management vulnerability in Linuxfoundation Harbor

A User Enumeration flaw exists in Harbor.

4.3
2019-12-03 CVE-2013-4411 Reviewboard
Fedoraproject
Incorrect Authorization vulnerability in multiple products

Review Board: URL processing gives unauthorized users access to review lists

4.3
2019-12-03 CVE-2019-19537 Linux Race Condition vulnerability in Linux Kernel

In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9.

4.2

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-12-06 CVE-2012-2148 Redhat Improper Privilege Management vulnerability in Redhat products

An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies

3.3
2019-12-06 CVE-2019-19620 Dell Improper Preservation of Permissions vulnerability in Dell RED Cloak Windows Agent

In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file.

3.3
2019-12-03 CVE-2019-4465 IBM Improper Privilege Management vulnerability in IBM Cloud PAK System 2.3/2.3.0.1

IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system.

3.3
2019-12-02 CVE-2019-19018 Titanhq Files or Directories Accessible to External Parties vulnerability in Titanhq Webtitan

An issue was discovered in TitanHQ WebTitan before 5.18.

2.7
2019-12-05 CVE-2018-1002102 Kubernetes
Fedoraproject
Open Redirect vulnerability in multiple products

Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts.

2.6
2019-12-03 CVE-2019-19534 Linux
Debian
Canonical
Missing Initialization of Resource vulnerability in multiple products

In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.

2.4
2019-12-03 CVE-2019-19533 Linux Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel

In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.

2.4