Weekly Vulnerabilities Reports > December 9 to 15, 2019
Overview
392 new vulnerabilities reported during this period, including 37 critical vulnerabilities and 113 high severity vulnerabilities. This weekly summary report vulnerabilities in 491 products from 128 vendors including Siemens, Debian, Fedoraproject, Redhat, and Google. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Cross-site Scripting", "Information Exposure", "Improper Authentication", and "Out-of-bounds Read".
- 310 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities have public exploit available.
- 106 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 331 reported vulnerabilities are exploitable by an anonymous user.
- Siemens has the most reported vulnerabilities, with 71 reported vulnerabilities.
- Skymee has the most reported critical vulnerabilities, with 8 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
37 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-12-13 | CVE-2019-17364 | Skymee Petwant | OS Command Injection vulnerability in multiple products The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | 10.0 |
2019-12-13 | CVE-2019-16737 | Skymee Petwant | OS Command Injection vulnerability in multiple products The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | 10.0 |
2019-12-13 | CVE-2019-16736 | Skymee Petwant | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user. | 10.0 |
2019-12-13 | CVE-2019-16735 | Skymee Petwant | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user. | 10.0 |
2019-12-13 | CVE-2019-16734 | Skymee Petwant | Use of Hard-coded Credentials vulnerability in multiple products Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | 10.0 |
2019-12-13 | CVE-2019-16733 | Skymee Petwant | OS Command Injection vulnerability in multiple products processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | 10.0 |
2019-12-13 | CVE-2019-16730 | Skymee Petwant | Improper Input Validation vulnerability in multiple products processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | 10.0 |
2019-12-13 | CVE-2019-19782 | Labf | Classic Buffer Overflow vulnerability in Labf Aceaxe Plus 1.0 The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server. | 10.0 |
2019-12-12 | CVE-2019-2320 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130 | 10.0 |
2019-12-12 | CVE-2019-10511 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products Possibility of memory overflow while decoding GSNDCP compressed mode PDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130 | 10.0 |
2019-12-12 | CVE-2019-10493 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130 | 10.0 |
2019-12-11 | CVE-2013-3542 | Grandstream | Use of Hard-coded Credentials vulnerability in Grandstream products Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session. | 10.0 |
2019-12-10 | CVE-2019-17270 | Yachtcontrol | OS Command Injection vulnerability in Yachtcontrol 20191006 Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the client. | 10.0 |
2019-12-10 | CVE-2019-4521 | IBM | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. | 10.0 |
2019-12-12 | CVE-2019-18342 | Siemens | Unspecified vulnerability in Siemens Control Center Server A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). | 9.9 |
2019-12-13 | CVE-2019-18802 | Envoyproxy | Unspecified vulnerability in Envoyproxy Envoy An issue was discovered in Envoy 1.12.0. | 9.8 |
2019-12-13 | CVE-2019-18801 | Envoyproxy | Out-of-bounds Write vulnerability in Envoyproxy Envoy An issue was discovered in Envoy 1.12.0. | 9.8 |
2019-12-13 | CVE-2014-0175 | Puppet Redhat Debian | Use of Hard-coded Credentials vulnerability in multiple products mcollective has a default password set at install | 9.8 |
2019-12-12 | CVE-2019-18339 | Siemens | Missing Authentication for Critical Function vulnerability in Siemens products A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). | 9.8 |
2019-12-12 | CVE-2019-18337 | Siemens | Improper Authentication vulnerability in Siemens products A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). | 9.8 |
2019-12-12 | CVE-2019-19750 | Minerstat | Unspecified vulnerability in Minerstat Msos minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product. | 9.8 |
2019-12-12 | CVE-2019-19740 | Octeth | SQL Injection vulnerability in Octeth Oempro 4.7/4.8 Octeth Oempro 4.7 and 4.8 allow SQL injection. | 9.8 |
2019-12-11 | CVE-2019-19725 | Sysstat Project Debian Canonical | Double Free vulnerability in multiple products sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. | 9.8 |
2019-12-11 | CVE-2019-19649 | Zohocorp | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function. | 9.8 |
2019-12-11 | CVE-2019-18935 | Telerik | Deserialization of Untrusted Data vulnerability in Telerik UI for Asp.Net Ajax Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. | 9.8 |
2019-12-10 | CVE-2013-2167 | Openstack Redhat Debian | Insufficient Verification of Data Authenticity vulnerability in multiple products python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass | 9.8 |
2019-12-10 | CVE-2013-2166 | Openstack Redhat Fedoraproject Debian | Inadequate Encryption Strength vulnerability in multiple products python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass | 9.8 |
2019-12-15 | CVE-2014-3701 | Redhat | Race Condition vulnerability in Redhat Edeploy and Jboss Enterprise web Server eDeploy has tmp file race condition flaws | 9.3 |
2019-12-13 | CVE-2019-16732 | Skymee Petwant | Improper Verification of Cryptographic Signature vulnerability in multiple products Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user. | 9.3 |
2019-12-12 | CVE-2019-19771 | Lodahs Project | Improper Input Validation vulnerability in Lodahs Project Lodahs 1.0.0 The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. | 9.3 |
2019-12-12 | CVE-2019-18345 | Davical Debian | Cross-site Scripting vulnerability in multiple products A reflected XSS issue was discovered in DAViCal through 1.1.8. | 9.3 |
2019-12-11 | CVE-2019-3989 | Amazon | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data. | 9.3 |
2019-12-10 | CVE-2019-1468 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'. | 9.3 |
2019-12-10 | CVE-2019-1462 | Microsoft | Use of Uninitialized Resource vulnerability in Microsoft Office, Office 365 Proplus and Powerpoint A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'. | 9.3 |
2019-12-11 | CVE-2014-0163 | Redhat | OS Command Injection vulnerability in Redhat Openshift 1.0/2.0 Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. | 9.0 |
2019-12-11 | CVE-2019-4715 | IBM | Improper Input Validation vulnerability in IBM Spectrum Scale IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 9.0 |
2019-12-09 | CVE-2019-19683 | Nopcommerce | Path Traversal vulnerability in Nopcommerce 4.20 RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs. | 9.0 |
113 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-12-13 | CVE-2019-19774 | Zohocorp | Unspecified vulnerability in Zohocorp Manageengine Eventlog Analyzer An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. | 8.8 |
2019-12-13 | CVE-2014-0197 | Redhat | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Cloudforms and Cloudforms Management Engine CFME: CSRF protection vulnerability via permissive check of the referrer header | 8.8 |
2019-12-11 | CVE-2019-19650 | Zohocorp | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function. | 8.8 |
2019-12-11 | CVE-2019-19578 | XEN Fedoraproject | Incorrect Calculation vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. | 8.8 |
2019-12-10 | CVE-2019-14889 | Libssh Canonical Opensuse Fedoraproject Debian Oracle | OS Command Injection vulnerability in multiple products A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. | 8.8 |
2019-12-10 | CVE-2019-13764 | Google Debian Fedoraproject Suse Opensuse Redhat | Type Confusion vulnerability in multiple products Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2019-12-10 | CVE-2019-13747 | Google Debian Fedoraproject Redhat | Use of Uninitialized Resource vulnerability in multiple products Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2019-12-10 | CVE-2019-13741 | Google Debian Fedoraproject Redhat | Cross-site Scripting vulnerability in multiple products Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content. | 8.8 |
2019-12-10 | CVE-2019-13736 | Google Debian Fedoraproject Redhat | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 8.8 |
2019-12-10 | CVE-2019-13735 | Google Debian Fedoraproject Redhat | Out-of-bounds Write vulnerability in multiple products Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
2019-12-10 | CVE-2019-13734 | Google Fedoraproject Redhat Canonical Suse Opensuse Debian Oracle | Out-of-bounds Write vulnerability in multiple products Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2019-12-10 | CVE-2019-13732 | Google Debian Fedoraproject Redhat | Use After Free vulnerability in multiple products Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2019-12-10 | CVE-2019-13730 | Google Debian Fedoraproject Novell Opensuse Redhat | Type Confusion vulnerability in multiple products Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2019-12-10 | CVE-2019-13729 | Google Debian Fedoraproject Redhat | Use After Free vulnerability in multiple products Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2019-12-10 | CVE-2019-13728 | Google Debian Fedoraproject Redhat | Out-of-bounds Write vulnerability in multiple products Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2019-12-10 | CVE-2019-13727 | Google Debian Fedoraproject Redhat | Improper Preservation of Permissions vulnerability in multiple products Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | 8.8 |
2019-12-10 | CVE-2019-13726 | Google Debian Fedoraproject Redhat | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | 8.8 |
2019-12-10 | CVE-2019-13725 | Google Debian Fedoraproject Redhat | Use After Free vulnerability in multiple products Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | 8.8 |
2019-12-10 | CVE-2019-5843 | Out-of-bounds Write vulnerability in Google Chrome Out of bounds memory access in JavaScript in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2019-12-10 | CVE-2019-5841 | Out-of-bounds Write vulnerability in Google Chrome Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2019-12-11 | CVE-2019-3988 | Amazon | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter. | 8.3 |
2019-12-11 | CVE-2019-3987 | Amazon | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter. | 8.3 |
2019-12-11 | CVE-2019-3986 | Amazon | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter. | 8.3 |
2019-12-11 | CVE-2019-3985 | Amazon | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter. | 8.3 |
2019-12-12 | CVE-2019-19770 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). | 8.2 |
2019-12-13 | CVE-2019-16776 | Npmjs Opensuse Oracle Fedoraproject Redhat | Path Traversal vulnerability in multiple products Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. | 8.1 |
2019-12-15 | CVE-2019-19807 | Linux Canonical | Use After Free vulnerability in multiple products In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. | 7.8 |
2019-12-13 | CVE-2019-19787 | Atasm Project Fedoraproject | Out-of-bounds Write vulnerability in multiple products ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c via a crafted .m65 file. | 7.8 |
2019-12-13 | CVE-2019-19786 | Atasm Project Fedoraproject | Out-of-bounds Write vulnerability in multiple products ATasm 1.06 has a stack-based buffer overflow in the parse_expr() function in setparse.c via a crafted .m65 file. | 7.8 |
2019-12-13 | CVE-2019-19785 | Atasm Project Fedoraproject | Out-of-bounds Write vulnerability in multiple products ATasm 1.06 has a stack-based buffer overflow in the to_comma() function in asm.c via a crafted .m65 file. | 7.8 |
2019-12-12 | CVE-2019-2337 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products While Skipping unknown IES, EMM is reading the buffer even if the no of bytes to read are more than message length which may cause device to shutdown in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130 | 7.8 |
2019-12-12 | CVE-2019-10485 | Qualcomm | Infinite Loop vulnerability in Qualcomm products Infinite loop while decoding compressed data can lead to overrun condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130 | 7.8 |
2019-12-12 | CVE-2019-19726 | Openbsd | Improper Privilege Management vulnerability in Openbsd OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. | 7.8 |
2019-12-11 | CVE-2013-3691 | Ovislink | Resource Exhaustion vulnerability in Ovislink Airlive Poe2600Hd Firmware AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL. | 7.8 |
2019-12-11 | CVE-2019-3667 | Mcafee | Uncontrolled Search Path Element vulnerability in Mcafee Techcheck 3.0.0.17 DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker. | 7.8 |
2019-12-11 | CVE-2019-19707 | Moxa | Unspecified vulnerability in Moxa products On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets. | 7.8 |
2019-12-11 | CVE-2019-19604 | GIT SCM Debian Fedoraproject Opensuse | Missing Authorization vulnerability in multiple products Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. | 7.8 |
2019-12-10 | CVE-2019-1458 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2019-12-10 | CVE-2019-6183 | Lenovo | Unspecified vulnerability in Lenovo Energy Management 15.11.29.1 A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. | 7.8 |
2019-12-10 | CVE-2013-4133 | KDE Debian | Improper Resource Shutdown or Release vulnerability in multiple products kde-workspace before 4.10.5 has a memory leak in plasma desktop | 7.8 |
2019-12-09 | CVE-2019-19648 | Virustotal Fedoraproject | Out-of-bounds Read vulnerability in multiple products In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. | 7.8 |
2019-12-09 | CVE-2019-19647 | Radare Fedoraproject | NULL Pointer Dereference vulnerability in multiple products radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. | 7.8 |
2019-12-12 | CVE-2019-18338 | Siemens | Relative Path Traversal vulnerability in Siemens products A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). | 7.7 |
2019-12-10 | CVE-2019-1485 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 10/11/9 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. | 7.6 |
2019-12-15 | CVE-2014-8650 | Requests Kerberos Project Debian | Improper Authentication vulnerability in multiple products python-requests-Kerberos through 0.5 does not handle mutual authentication | 7.5 |
2019-12-15 | CVE-2014-3699 | Redhat | Deserialization of Untrusted Data vulnerability in Redhat Edeploy and Jboss Enterprise web Server eDeploy has RCE via cPickle deserialization of untrusted data | 7.5 |
2019-12-13 | CVE-2019-19790 | Telerik | Path Traversal vulnerability in Telerik Radchart and UI FOR Asp.Net Ajax Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. | 7.5 |
2019-12-13 | CVE-2019-18838 | Envoyproxy | NULL Pointer Dereference vulnerability in Envoyproxy Envoy An issue was discovered in Envoy 1.12.0. | 7.5 |
2019-12-12 | CVE-2019-16774 | Phpfastcache | Deserialization of Untrusted Data vulnerability in PHPfastcache In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver. | 7.5 |
2019-12-12 | CVE-2019-12420 | Apache Debian | Resource Exhaustion vulnerability in multiple products In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. | 7.5 |
2019-12-12 | CVE-2019-3951 | Advantech | Out-of-bounds Write vulnerability in Advantech Webaccess Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages. | 7.5 |
2019-12-12 | CVE-2019-18330 | Siemens | Out-of-bounds Write vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 7.5 |
2019-12-12 | CVE-2019-18329 | Siemens | Out-of-bounds Write vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 7.5 |
2019-12-12 | CVE-2019-18328 | Siemens | Out-of-bounds Write vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 7.5 |
2019-12-12 | CVE-2019-18327 | Siemens | Out-of-bounds Write vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 7.5 |
2019-12-12 | CVE-2019-18326 | Siemens | Out-of-bounds Write vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 7.5 |
2019-12-12 | CVE-2019-18325 | Siemens | Out-of-bounds Write vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 7.5 |
2019-12-12 | CVE-2019-18324 | Siemens | Out-of-bounds Write vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 7.5 |
2019-12-12 | CVE-2019-18323 | Siemens | Out-of-bounds Write vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 7.5 |
2019-12-12 | CVE-2019-18316 | Siemens | Deserialization of Untrusted Data vulnerability in Siemens Sppa-T3000 Application Server R8.2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). | 7.5 |
2019-12-12 | CVE-2019-18315 | Siemens | Improper Authentication vulnerability in Siemens Sppa-T3000 Application Server R8.2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). | 7.5 |
2019-12-12 | CVE-2019-18314 | Siemens | Improper Authentication vulnerability in Siemens Sppa-T3000 Application Server R8.2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). | 7.5 |
2019-12-12 | CVE-2019-18313 | Siemens | Unrestricted Upload of File with Dangerous Type vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 7.5 |
2019-12-12 | CVE-2019-18296 | Siemens | Out-of-bounds Write vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 7.5 |
2019-12-12 | CVE-2019-18295 | Siemens | Out-of-bounds Write vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 7.5 |
2019-12-12 | CVE-2019-18293 | Siemens | Out-of-bounds Write vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 7.5 |
2019-12-12 | CVE-2019-18289 | Siemens | Out-of-bounds Write vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 7.5 |
2019-12-12 | CVE-2019-18283 | Siemens | Deserialization of Untrusted Data vulnerability in Siemens Sppa-T3000 Application Server R8.2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). | 7.5 |
2019-12-12 | CVE-2019-13942 | Siemens | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Siemens products A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). | 7.5 |
2019-12-12 | CVE-2019-16246 | Intesync | Information Exposure vulnerability in Intesync Solismed 3.3 Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. | 7.5 |
2019-12-12 | CVE-2019-15936 | Intesync | Unrestricted Upload of File with Dangerous Type vulnerability in Intesync Solismed 3.3 Intesync Solismed 3.3sp allows Insecure File Upload. | 7.5 |
2019-12-12 | CVE-2019-15933 | Intesync | SQL Injection vulnerability in Intesync Solismed 3.3 Intesync Solismed 3.3sp has SQL Injection. | 7.5 |
2019-12-12 | CVE-2019-15932 | Intesync | Missing Authentication for Critical Function vulnerability in Intesync Solismed 3.3 Intesync Solismed 3.3sp has Incorrect Access Control. | 7.5 |
2019-12-12 | CVE-2019-15931 | Intesync | Path Traversal vulnerability in Intesync Solismed 3.3 Intesync Solismed 3.3sp allows Directory Traversal, a different vulnerability than CVE-2019-16246. | 7.5 |
2019-12-12 | CVE-2019-10559 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8939, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.5 |
2019-12-12 | CVE-2017-18640 | Snakeyaml Project Fedoraproject Quarkus Oracle | XML Entity Expansion vulnerability in multiple products The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. | 7.5 |
2019-12-12 | CVE-2019-5093 | Leadtools | Integer Overflow or Wraparound vulnerability in Leadtools 20.0.2019.3.15 An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. | 7.5 |
2019-12-12 | CVE-2019-5085 | Leadtools | Integer Overflow or Wraparound vulnerability in Leadtools 20.0.2019.3.15 An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. | 7.5 |
2019-12-12 | CVE-2019-10694 | Puppet | Use of Hard-coded Credentials vulnerability in Puppet Enterprise The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. | 7.5 |
2019-12-11 | CVE-2019-17087 | Microfocus | Unspecified vulnerability in Microfocus Acutoweb Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. | 7.5 |
2019-12-11 | CVE-2019-0403 | SAP | Improper Neutralization of Formula Elements in a CSV File vulnerability in SAP Enable NOW 1902/1908 SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection. | 7.5 |
2019-12-11 | CVE-2019-19374 | Squiz | Path Traversal vulnerability in Squiz Matrix An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server during interaction with the File Upload field type, when a custom form exists. | 7.5 |
2019-12-11 | CVE-2014-7257 | DBD | SQL Injection vulnerability in Dbd::Pgpp Project Dbd::Pgpp SQL injection vulnerability in DBD::PgPP 0.05 and earlier | 7.5 |
2019-12-11 | CVE-2013-5743 | Zabbix | SQL Injection vulnerability in Zabbix Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7. | 7.5 |
2019-12-11 | CVE-2019-19583 | XEN Fedoraproject Opensuse Debian | An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. | 7.5 |
2019-12-11 | CVE-2019-18379 | Symantec | Server-Side Request Forgery (SSRF) vulnerability in Symantec Messaging Gateway Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface. | 7.5 |
2019-12-11 | CVE-2019-18960 | Amazon | Classic Buffer Overflow vulnerability in Amazon Firecracker 0.18.0/0.19.0 Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. | 7.5 |
2019-12-11 | CVE-2019-5815 | Xmlsoft Debian | Type Confusion vulnerability in multiple products Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. | 7.5 |
2019-12-10 | CVE-2012-1577 | Dietlibc Project Openbsd Debian | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in multiple products lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0. | 7.5 |
2019-12-10 | CVE-2013-2159 | Monkey Project | Improper Authentication vulnerability in Monkey-Project Monkey 1.2.1 Monkey HTTP Daemon: broken user name authentication | 7.5 |
2019-12-10 | CVE-2013-2095 | Openshift Origin Controller Project | Injection vulnerability in Openshift-Origin-Controller Project Openshift-Origin-Controller rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection | 7.5 |
2019-12-09 | CVE-2019-19230 | Broadcom | Deserialization of Untrusted Data vulnerability in Broadcom Nolio 6.6 An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code. | 7.5 |
2019-12-09 | CVE-2019-19646 | Sqlite Siemens Tenable Oracle Netapp | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. | 7.5 |
2019-12-09 | CVE-2019-19603 | Sqlite Oracle Siemens Apache Netapp | SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. | 7.5 |
2019-12-09 | CVE-2019-18190 | Trendmicro | NULL Pointer Dereference vulnerability in Trendmicro products Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances. | 7.5 |
2019-12-11 | CVE-2019-14899 | Freebsd Linux Openbsd Apple | Man-in-the-Middle vulnerability in multiple products A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. | 7.4 |
2019-12-12 | CVE-2019-18309 | Siemens | Unspecified vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 7.2 |
2019-12-12 | CVE-2019-18308 | Siemens | Unspecified vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 7.2 |
2019-12-12 | CVE-2019-18297 | Siemens | Out-of-bounds Write vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 7.2 |
2019-12-12 | CVE-2019-19248 | EA | Unspecified vulnerability in EA Origin 10.5.36/10.5.37/10.5.55.33574 Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 2 of 2). | 7.2 |
2019-12-12 | CVE-2019-19247 | EA | Unspecified vulnerability in EA Origin Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 1 of 2). | 7.2 |
2019-12-12 | CVE-2019-2321 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Incorrect length used while validating the qsee log buffer sent from HLOS which could then lead to remap conflict in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ4019, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, Snapdragon_High_Med_2016, SXR1130, SXR2130 | 7.2 |
2019-12-12 | CVE-2019-2288 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Out of bound write in TZ while copying the secure dump structure on HLOS provided buffer as a part of memory dump in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130 | 7.2 |
2019-12-11 | CVE-2019-3983 | Amazon | Use of Hard-coded Credentials vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections. | 7.2 |
2019-12-11 | CVE-2019-18245 | Reliablecontrols | Unquoted Search Path or Element vulnerability in Reliablecontrols Rc-Licensemanager 3.4 Reliable Controls LicenseManager versions 3.4 and prior may allow an authenticated user to insert malicious code into the system root path, which may allow execution of code with elevated privileges of the application. | 7.2 |
2019-12-11 | CVE-2019-19577 | XEN Fedoraproject | Improper Synchronization vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. | 7.2 |
2019-12-10 | CVE-2019-1483 | Microsoft | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. | 7.2 |
2019-12-10 | CVE-2019-1478 | Microsoft | Unspecified vulnerability in Microsoft Windows 7 and Windows Server 2008 An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'. | 7.2 |
2019-12-10 | CVE-2019-1477 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2019 An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'. | 7.2 |
2019-12-10 | CVE-2019-1476 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. | 7.2 |
2019-12-10 | CVE-2013-0293 | Ovirt | Improper Privilege Management vulnerability in Ovirt Node 2.6.01 oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation | 7.2 |
2019-12-13 | CVE-2019-5253 | Huawei | Improper Authentication vulnerability in Huawei E5572-855 Firmware E5572-855 with versions earlier than 8.0.1.3(H335SP1C233) has an improper authentication vulnerability. | 7.1 |
2019-12-10 | CVE-2019-1461 | Microsoft | Unspecified vulnerability in Microsoft Office, Office 365 Proplus and Word A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory, aka 'Microsoft Word Denial of Service Vulnerability'. | 7.1 |
201 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-12-12 | CVE-2019-4606 | IBM | Untrusted Search Path vulnerability in IBM DB2 High Performance Unload Load IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. | 6.9 |
2019-12-13 | CVE-2019-19796 | Yabasic | Out-of-bounds Write vulnerability in Yabasic 2.86.2 Yabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source file. | 6.8 |
2019-12-13 | CVE-2019-19795 | Samurai Project | Out-of-bounds Write vulnerability in Samurai Project Samurai 0.7 samurai 0.7 has a heap-based buffer overflow in canonpath in util.c via a crafted build file. | 6.8 |
2019-12-13 | CVE-2019-5250 | Huawei | Improper Privilege Management vulnerability in Huawei Mate 20 PRO Firmware Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. | 6.8 |
2019-12-13 | CVE-2019-19778 | Libsixel Project | Out-of-bounds Read vulnerability in Libsixel Project Libsixel 1.8.2 An issue was discovered in libsixel 1.8.2. | 6.8 |
2019-12-13 | CVE-2019-19777 | Libsixel Project Nothings | Out-of-bounds Read vulnerability in multiple products stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main. | 6.8 |
2019-12-12 | CVE-2019-5144 | Kakadusoftware | Out-of-bounds Write vulnerability in Kakadusoftware Kakadu Software 7.10.2 An exploitable heap underflow vulnerability exists in the derive_taps_and_gains function in kdu_v7ar.dll of Kakadu Software SDK 7.10.2. | 6.8 |
2019-12-12 | CVE-2019-15934 | Intesync | Cross-Site Request Forgery (CSRF) vulnerability in Intesync Solismed 3.3 Intesync Solismed 3.3sp has CSRF. | 6.8 |
2019-12-12 | CVE-2019-5154 | Leadtools | Out-of-bounds Write vulnerability in Leadtools 20.0.2019.3.15 An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. | 6.8 |
2019-12-12 | CVE-2019-5092 | Leadtools | Out-of-bounds Write vulnerability in Leadtools 20.0.2019.3.15 An exploitable heap out of bounds write vulnerability exists in the UI tag parsing functionality of the DICOM image format of LEADTOOLS 20.0.2019.3.15. | 6.8 |
2019-12-11 | CVE-2019-0398 | SAP | Cross-Site Request Forgery (CSRF) vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2/4.3 Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery. | 6.8 |
2019-12-11 | CVE-2019-19720 | Yabasic | Out-of-bounds Write vulnerability in Yabasic 2.86.1 Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file. | 6.8 |
2019-12-10 | CVE-2019-1484 | Microsoft | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'. | 6.8 |
2019-12-09 | CVE-2019-4621 | IBM | Insecure Default Initialization of Resource vulnerability in IBM Datapower Gateway IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. | 6.8 |
2019-12-09 | CVE-2019-19685 | Nopcommerce | Cross-Site Request Forgery (CSRF) vulnerability in Nopcommerce 4.20 RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions. | 6.8 |
2019-12-12 | CVE-2018-11805 | Apache Debian | OS Command Injection vulnerability in multiple products In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. | 6.7 |
2019-12-12 | CVE-2019-19769 | Linux Fedoraproject | Use After Free vulnerability in multiple products In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). | 6.7 |
2019-12-11 | CVE-2019-19580 | XEN Fedoraproject | Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. | 6.6 |
2019-12-13 | CVE-2019-19793 | Cyxtera | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Cyxtera Appgate SDP In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Windows, a local or remote user from the same domain can gain privileges. | 6.5 |
2019-12-13 | CVE-2019-16777 | Npmjs Opensuse Oracle Fedoraproject Redhat | Improper Privilege Management vulnerability in multiple products Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. | 6.5 |
2019-12-13 | CVE-2019-16775 | Redhat Npmjs Opensuse Oracle Fedoraproject | UNIX Symbolic Link (Symlink) Following vulnerability in multiple products Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. | 6.5 |
2019-12-12 | CVE-2019-18288 | Siemens | Unrestricted Upload of File with Dangerous Type vulnerability in Siemens Sppa-T3000 Application Server R8.2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). | 6.5 |
2019-12-12 | CVE-2019-10695 | Puppet | Information Exposure Through Log Files vulnerability in Puppet Continuous Delivery When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE console. | 6.5 |
2019-12-11 | CVE-2019-19582 | XEN Fedoraproject | Infinite Loop vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. | 6.5 |
2019-12-11 | CVE-2019-19581 | XEN Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. | 6.5 |
2019-12-11 | CVE-2019-18377 | Symantec | Unspecified vulnerability in Symantec Messaging Gateway Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 6.5 |
2019-12-10 | CVE-2019-1471 | Microsoft | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. | 6.5 |
2019-12-10 | CVE-2019-13753 | Google Debian Fedoraproject Redhat Canonical | Out-of-bounds Read vulnerability in multiple products Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
2019-12-10 | CVE-2019-13752 | Google Debian Fedoraproject Redhat Canonical | Out-of-bounds Read vulnerability in multiple products Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
2019-12-10 | CVE-2019-13751 | Google Debian Fedoraproject Redhat Canonical | Use of Uninitialized Resource vulnerability in multiple products Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
2019-12-10 | CVE-2019-13750 | Google Debian Fedoraproject Redhat Canonical | Improper Input Validation vulnerability in multiple products Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. | 6.5 |
2019-12-10 | CVE-2019-13749 | Google Debian Fedoraproject Redhat | Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 6.5 |
2019-12-10 | CVE-2019-13748 | Google Debian Fedoraproject Redhat | Missing Authorization vulnerability in multiple products Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
2019-12-10 | CVE-2019-13746 | Google Debian Fedoraproject Redhat | Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 6.5 |
2019-12-10 | CVE-2019-13745 | Google Debian Suse Opensuse Fedoraproject Redhat | Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
2019-12-10 | CVE-2019-13744 | Google Debian Fedoraproject Redhat | Information Exposure vulnerability in multiple products Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
2019-12-10 | CVE-2019-13743 | Google Debian Fedoraproject Redhat | Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page. | 6.5 |
2019-12-10 | CVE-2019-13742 | Google Debian Fedoraproject Redhat | Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 6.5 |
2019-12-10 | CVE-2019-13740 | Google Debian Fedoraproject Redhat | Origin Validation Error vulnerability in multiple products Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 6.5 |
2019-12-10 | CVE-2019-13739 | Google Debian Fedoraproject Redhat | Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 6.5 |
2019-12-10 | CVE-2019-13738 | Google Debian Fedoraproject Redhat | Improper Privilege Management vulnerability in multiple products Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page. | 6.5 |
2019-12-10 | CVE-2019-13737 | Google Debian Fedoraproject Redhat | Information Exposure vulnerability in multiple products Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
2019-12-10 | CVE-2019-13672 | Unspecified vulnerability in Google Chrome Incorrect security UI in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page on iOS. | 6.5 | |
2019-12-09 | CVE-2019-4612 | IBM | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. | 6.5 |
2019-12-09 | CVE-2015-3424 | Accentis | SQL Injection vulnerability in Accentis Content Resource Management System SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter. | 6.5 |
2019-12-09 | CVE-2015-1853 | Tuxfamily | Unspecified vulnerability in Tuxfamily Chrony chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets. | 6.5 |
2019-12-09 | CVE-2019-19684 | Nopcommerce | Unrestricted Upload of File with Dangerous Type vulnerability in Nopcommerce 4.20 nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to upload a crafted Facebook Auth plugin. | 6.5 |
2019-12-12 | CVE-2019-18322 | Siemens | Improper Authentication vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 6.4 |
2019-12-12 | CVE-2019-18321 | Siemens | Improper Authentication vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 6.4 |
2019-12-12 | CVE-2019-13932 | Siemens | Improper Input Validation vulnerability in Siemens XHQ 6.0.0.0 A vulnerability has been identified in XHQ (All versions < V6.0.0.2). | 6.4 |
2019-12-10 | CVE-2019-4244 | IBM | Missing Authentication for Critical Function vulnerability in IBM Smartcloud Analytics LOG Analysis IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. | 6.4 |
2019-12-13 | CVE-2019-5260 | Huawei | Improper Input Validation vulnerability in Huawei View 20 Firmware and Y9 2019 Firmware Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. | 6.1 |
2019-12-13 | CVE-2019-14344 | Vocabularyserver | Cross-site Scripting vulnerability in Vocabularyserver Tematres 3.0 TemaTres 3.0 has reflected XSS via the replace_string or search_string parameter to the vocab/admin.php?doAdmin=bulkReplace URI. | 6.1 |
2019-12-13 | CVE-2019-5248 | Huawei | Missing Release of Resource after Effective Lifetime vulnerability in Huawei Cloudengine 12800 Firmware CloudEngine 12800 has a DoS vulnerability. | 6.1 |
2019-12-12 | CVE-2019-13943 | Siemens | Cross-site Scripting vulnerability in Siemens products A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). | 6.1 |
2019-12-11 | CVE-2019-19709 | Mediawiki Debian | Open Redirect vulnerability in multiple products MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. | 6.1 |
2019-12-10 | CVE-2019-1332 | Microsoft | Cross-site Scripting vulnerability in Microsoft products A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'. | 6.1 |
2019-12-13 | CVE-2019-13347 | Atlassian | Unspecified vulnerability in Atlassian Saml Single Sign ON An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. | 6.0 |
2019-12-15 | CVE-2014-3652 | Redhat | Open Redirect vulnerability in Redhat Keycloak 1.0.1 JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL. | 5.8 |
2019-12-12 | CVE-2019-13930 | Siemens | Cross-Site Request Forgery (CSRF) vulnerability in Siemens XHQ 6.0.0.0 A vulnerability has been identified in XHQ (All versions < V6.0.0.2). | 5.8 |
2019-12-10 | CVE-2019-1486 | Microsoft | Open Redirect vulnerability in Microsoft Visual Studio 2019 and Visual Studio Live Share A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'. | 5.8 |
2019-12-10 | CVE-2019-19703 | Jetbrains | Open Redirect vulnerability in Jetbrains Ktor In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location. | 5.8 |
2019-12-10 | CVE-2016-1000107 | Erlang | Open Redirect vulnerability in Erlang Erlang/Otp inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | 5.8 |
2019-12-10 | CVE-2016-1000108 | Yaws Debian | Open Redirect vulnerability in multiple products yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | 5.8 |
2019-12-15 | CVE-2019-19797 | Xfig Project Fedoraproject Debian | Out-of-bounds Write vulnerability in multiple products read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. | 5.5 |
2019-12-12 | CVE-2019-18340 | Siemens | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Siemens products A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0). | 5.5 |
2019-12-12 | CVE-2019-17358 | Cacti Debian Opensuse | Deserialization of Untrusted Data vulnerability in multiple products Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. | 5.5 |
2019-12-12 | CVE-2019-19746 | Fig2Dev Project Fedoraproject | Integer Overflow or Wraparound vulnerability in multiple products make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. | 5.5 |
2019-12-10 | CVE-2013-4184 | Data Debian | Link Following vulnerability in multiple products Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks | 5.5 |
2019-12-12 | CVE-2019-14849 | Redhat | Information Exposure Through Sent Data vulnerability in Redhat 3Scale 2.0/2.4 A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. | 5.4 |
2019-12-12 | CVE-2019-7004 | Avaya | Cross-site Scripting vulnerability in Avaya IP Office Application Server 11.0/11.0.4.0 A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. | 5.4 |
2019-12-10 | CVE-2019-14870 | Samba Fedoraproject Canonical Debian Opensuse | Improper Authentication vulnerability in multiple products All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. | 5.4 |
2019-12-13 | CVE-2019-19722 | Dovecot Fedoraproject | NULL Pointer Dereference vulnerability in multiple products In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. | 5.3 |
2019-12-12 | CVE-2019-18341 | Siemens | Improper Authentication vulnerability in Siemens products A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). | 5.3 |
2019-12-12 | CVE-2019-13944 | Siemens | Path Traversal vulnerability in Siemens products A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). | 5.3 |
2019-12-11 | CVE-2014-0091 | Theforeman | Improper Input Validation vulnerability in Theforeman Foreman Foreman has improper input validation which could lead to partial Denial of Service | 5.3 |
2019-12-10 | CVE-2019-14861 | Samba Fedoraproject Canonical Opensuse Debian | Incorrect Default Permissions vulnerability in multiple products All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. | 5.3 |
2019-12-15 | CVE-2014-3643 | Jersey Project | XXE vulnerability in Jersey Project Jersey jersey: XXE via parameter entities not disabled by the jersey SAX parser | 5.0 |
2019-12-14 | CVE-2019-5235 | Huawei | NULL Pointer Dereference vulnerability in Huawei products Some Huawei smart phones have a null pointer dereference vulnerability. | 5.0 |
2019-12-13 | CVE-2019-5277 | Huawei | Unspecified vulnerability in Huawei Cloudusm-Eua Firmware V600R006C10/V600R019C00 Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. | 5.0 |
2019-12-13 | CVE-2019-5254 | Huawei | Out-of-bounds Read vulnerability in Huawei products Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. | 5.0 |
2019-12-13 | CVE-2019-16731 | Skymee Petwant | Missing Authentication for Critical Function vulnerability in multiple products The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings. | 5.0 |
2019-12-13 | CVE-2019-17123 | Egain | Improper Input Validation vulnerability in Egain Mail 11 The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. | 5.0 |
2019-12-13 | CVE-2019-19397 | Huawei | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Huawei products There is a weak algorithm vulnerability in some Huawei products. | 5.0 |
2019-12-13 | CVE-2014-3495 | Debian Opensuse | Improper Certificate Validation vulnerability in multiple products duplicity 0.6.24 has improper verification of SSL certificates | 5.0 |
2019-12-13 | CVE-2014-0212 | Apache | Resource Exhaustion vulnerability in Apache Qpid-Cpp qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors | 5.0 |
2019-12-12 | CVE-2019-19768 | Linux | Use After Free vulnerability in Linux Kernel 5.4.0 In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer). | 5.0 |
2019-12-12 | CVE-2019-19766 | Bitwarden | Inadequate Encryption Strength vulnerability in Bitwarden Server The Bitwarden server through 1.32.0 has a potentially unwanted KDF. | 5.0 |
2019-12-12 | CVE-2019-18335 | Siemens | Information Exposure vulnerability in Siemens Sppa-T3000 Application Server R8.2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). | 5.0 |
2019-12-12 | CVE-2019-18334 | Siemens | Information Exposure vulnerability in Siemens Sppa-T3000 Application Server R8.2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). | 5.0 |
2019-12-12 | CVE-2019-18333 | Siemens | Information Exposure vulnerability in Siemens Sppa-T3000 Application Server R8.2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). | 5.0 |
2019-12-12 | CVE-2019-18332 | Siemens | Improper Authentication vulnerability in Siemens Sppa-T3000 Application Server R8.2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). | 5.0 |
2019-12-12 | CVE-2019-18331 | Siemens | Information Exposure vulnerability in Siemens Sppa-T3000 Application Server R8.2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). | 5.0 |
2019-12-12 | CVE-2019-18320 | Siemens | Unrestricted Upload of File with Dangerous Type vulnerability in Siemens Sppa-T3000 Application Server R8.2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). | 5.0 |
2019-12-12 | CVE-2019-18319 | Siemens | Improper Authentication vulnerability in Siemens Sppa-T3000 Application Server R8.2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). | 5.0 |
2019-12-12 | CVE-2019-18318 | Siemens | Improper Authentication vulnerability in Siemens Sppa-T3000 Application Server R8.2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). | 5.0 |
2019-12-12 | CVE-2019-18317 | Siemens | Improper Authentication vulnerability in Siemens Sppa-T3000 Application Server R8.2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). | 5.0 |
2019-12-12 | CVE-2019-18312 | Siemens | Improper Authentication vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 5.0 |
2019-12-12 | CVE-2019-18311 | Siemens | Missing Authentication for Critical Function vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 5.0 |
2019-12-12 | CVE-2019-18310 | Siemens | Out-of-bounds Write vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 5.0 |
2019-12-12 | CVE-2019-18307 | Siemens | Out-of-bounds Read vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 5.0 |
2019-12-12 | CVE-2019-18306 | Siemens | Out-of-bounds Write vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 5.0 |
2019-12-12 | CVE-2019-18305 | Siemens | Integer Overflow or Wraparound vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 5.0 |
2019-12-12 | CVE-2019-18304 | Siemens | Integer Overflow or Wraparound vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 5.0 |
2019-12-12 | CVE-2019-18303 | Siemens | Integer Overflow or Wraparound vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 5.0 |
2019-12-12 | CVE-2019-18302 | Siemens | Integer Overflow or Wraparound vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 5.0 |
2019-12-12 | CVE-2019-18301 | Siemens | Integer Overflow or Wraparound vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 5.0 |
2019-12-12 | CVE-2019-18300 | Siemens | Integer Overflow or Wraparound vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 5.0 |
2019-12-12 | CVE-2019-18299 | Siemens | Integer Overflow or Wraparound vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 5.0 |
2019-12-12 | CVE-2019-18298 | Siemens | Integer Overflow or Wraparound vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 5.0 |
2019-12-12 | CVE-2019-18294 | Siemens | Out-of-bounds Write vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 5.0 |
2019-12-12 | CVE-2019-18292 | Siemens | Out-of-bounds Write vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 5.0 |
2019-12-12 | CVE-2019-18291 | Siemens | Out-of-bounds Write vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 5.0 |
2019-12-12 | CVE-2019-18290 | Siemens | Out-of-bounds Write vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). | 5.0 |
2019-12-12 | CVE-2019-18287 | Siemens | Information Exposure vulnerability in Siemens Sppa-T3000 Application Server R8.2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). | 5.0 |
2019-12-12 | CVE-2019-18286 | Siemens | Information Exposure vulnerability in Siemens Sppa-T3000 Application Server R8.2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). | 5.0 |
2019-12-12 | CVE-2019-18284 | Siemens | Missing Authentication for Critical Function vulnerability in Siemens Sppa-T3000 Application Server R8.2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). | 5.0 |
2019-12-12 | CVE-2019-13927 | Siemens | Exposure of Resource to Wrong Sphere vulnerability in Siemens products A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server (All firmware versions < V6.00.320). | 5.0 |
2019-12-12 | CVE-2019-2310 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Out of bound read would occur while trying to read action category and action ID without validating the action length of the Rx Frame body in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SDA660, SDA845, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM8150 | 5.0 |
2019-12-12 | CVE-2019-5091 | Leadtools | Infinite Loop vulnerability in Leadtools 20.0.2019.3.15 An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. | 5.0 |
2019-12-12 | CVE-2019-5090 | Leadtools | Out-of-bounds Read vulnerability in Leadtools 20.0.2019.3.15 An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. | 5.0 |
2019-12-11 | CVE-2019-0405 | SAP | Information Exposure vulnerability in SAP Enable NOW 1902/1908 SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure. | 5.0 |
2019-12-11 | CVE-2019-0404 | SAP | Information Exposure Through an Error Message vulnerability in SAP Enable NOW 1902/1908 SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure. | 5.0 |
2019-12-11 | CVE-2019-19729 | Bson Objectid Project | Improper Input Validation vulnerability in Bson-Objectid Project Bson-Objectid 1.3.0 An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. | 5.0 |
2019-12-11 | CVE-2019-19373 | Squiz | Deserialization of Untrusted Data vulnerability in Squiz Matrix An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/page_templates/page_remote_content/page_remote_content.inc POST parameter during processing of a Remote Content page type. | 5.0 |
2019-12-11 | CVE-2013-4593 | Omniauth Facebook Project | Improper Authentication vulnerability in Omniauth-Facebook Project Omniauth-Facebook RubyGem omniauth-facebook has an access token security vulnerability | 5.0 |
2019-12-10 | CVE-2019-1489 | Microsoft | Information Exposure vulnerability in Microsoft Windows XP An information disclosure vulnerability exists when the Windows Remote Desktop Protocol (RDP) fails to properly handle objects in memory, aka 'Remote Desktop Protocol Information Disclosure Vulnerability'. | 5.0 |
2019-12-10 | CVE-2019-1453 | Microsoft | Unspecified vulnerability in Microsoft products A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'. | 5.0 |
2019-12-10 | CVE-2019-19702 | Modoboa | XML Injection (aka Blind XPath Injection) vulnerability in Modoboa Modoboa-Dmarc 1.1.0 The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 5.0 |
2019-12-10 | CVE-2019-19251 | Last FM | Cleartext Transmission of Sensitive Information vulnerability in Last.Fm Desktop The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. | 5.0 |
2019-12-10 | CVE-2013-4120 | Theforeman | Resource Exhaustion vulnerability in Theforeman Katello Katello has a Denial of Service vulnerability in API OAuth authentication | 5.0 |
2019-12-10 | CVE-2013-1793 | Redhat | Missing Authentication for Critical Function vulnerability in Redhat Openstack and Openstack Essex openstack-utils openstack-db has insecure password creation | 5.0 |
2019-12-09 | CVE-2015-0841 | Monopd Project | Off-by-one Error vulnerability in Monopd Project Monopd Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line. | 5.0 |
2019-12-09 | CVE-2019-14251 | Temenos | Path Traversal vulnerability in Temenos T24 R15.01 An issue was discovered in T24 in TEMENOS Channels R15.01. | 5.0 |
2019-12-12 | CVE-2019-13947 | Siemens | Cleartext Storage of Sensitive Information in GUI vulnerability in Siemens products A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). | 4.9 |
2019-12-12 | CVE-2019-10520 | Qualcomm | Missing Release of Resource after Effective Lifetime vulnerability in Qualcomm products An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice & Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855 | 4.9 |
2019-12-13 | CVE-2014-2387 | PEN Project Opensuse Debian | Exposure of Resource to Wrong Sphere vulnerability in multiple products Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities | 4.6 |
2019-12-13 | CVE-2019-19501 | Idrix | Unspecified vulnerability in Idrix Veracrypt 1.24 VeraCrypt 1.24 allows Local Privilege Escalation during execution of VeraCryptExpander.exe. | 4.6 |
2019-12-12 | CVE-2019-13945 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. | 4.6 |
2019-12-12 | CVE-2019-2319 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products HLOS could corrupt CPZ page table memory for S1 managed VMs in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130 | 4.6 |
2019-12-12 | CVE-2019-10592 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Possible integer overflow while multiplying two integers of 32 bit in QDCM API of get display modes as there is no check on the maximum mode count in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 4.6 |
2019-12-12 | CVE-2019-10571 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Snapshot of IB can lead to invalid address access due to missing check for size in the related function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCN7605, QCS405, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130 | 4.6 |
2019-12-12 | CVE-2019-10555 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Buffer overflow can occur due to usage of wrong datatype and missing length check before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150 | 4.6 |
2019-12-12 | CVE-2019-10530 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 | 4.6 |
2019-12-11 | CVE-2019-18232 | Gemalto | Link Following vulnerability in Gemalto Sentinel LDK License Manager SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. | 4.6 |
2019-12-09 | CVE-2015-7892 | Samsung | Out-of-bounds Write vulnerability in Samsung M2M1Shot Driver Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call. | 4.6 |
2019-12-13 | CVE-2014-1867 | Suphp | Improper Authentication vulnerability in Suphp suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution | 4.4 |
2019-12-12 | CVE-2019-10494 | Qualcomm | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products Race condition between the camera functions due to lack of resource lock which will lead to memory corruption and UAF issue in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150 | 4.4 |
2019-12-11 | CVE-2013-4245 | Gnome Debian | Improper Input Validation vulnerability in multiple products Orca has arbitrary code execution due to insecure Python module load | 4.4 |
2019-12-15 | CVE-2014-8561 | Imagemagick Debian | Infinite Loop vulnerability in multiple products imagemagick 6.8.9.6 has remote DOS via infinite loop | 4.3 |
2019-12-15 | CVE-2014-4913 | Zend Debian | Cross-site Scripting vulnerability in multiple products ZF2014-03 has a potential cross site scripting vector in multiple view helpers | 4.3 |
2019-12-13 | CVE-2019-19794 | Miekg DNS Project | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Miekg-Dns Project Miekg-Dns The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. | 4.3 |
2019-12-13 | CVE-2019-5291 | Huawei | Insufficient Verification of Data Authenticity vulnerability in Huawei products Some Huawei products have an insufficient verification of data authenticity vulnerability. | 4.3 |
2019-12-13 | CVE-2019-5251 | Huawei | Path Traversal vulnerability in Huawei products There is a path traversal vulnerability in several Huawei smartphones. | 4.3 |
2019-12-13 | CVE-2019-17599 | Expresstech | Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). | 4.3 |
2019-12-12 | CVE-2019-19767 | Linux | Use After Free vulnerability in Linux Kernel The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. | 4.3 |
2019-12-12 | CVE-2019-18285 | Siemens | Cleartext Transmission of Sensitive Information vulnerability in Siemens Sppa-T3000 Application Server R8.2 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). | 4.3 |
2019-12-12 | CVE-2019-17428 | Intesync | Inadequate Encryption Strength vulnerability in Intesync Solismed 3.3 An issue was discovered in Intesync Solismed 3.3sp1. | 4.3 |
2019-12-12 | CVE-2019-15935 | Intesync | Cross-site Scripting vulnerability in Intesync Solismed 3.3 Intesync Solismed 3.3sp has XSS. | 4.3 |
2019-12-12 | CVE-2019-15930 | Intesync | Improper Restriction of Rendered UI Layers or Frames vulnerability in Intesync Solismed 3.3 Intesync Solismed 3.3sp allows Clickjacking. | 4.3 |
2019-12-12 | CVE-2019-19748 | Brizoit | Cross-site Scripting vulnerability in Brizoit Work Time Calendar The Work Time Calendar app before 4.7.1 for Jira allows XSS. | 4.3 |
2019-12-11 | CVE-2013-5978 | Cart66 | Cross-site Scripting vulnerability in Cart66 Lite Plugin Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. | 4.3 |
2019-12-11 | CVE-2013-4303 | Mediawiki | Cross-site Scripting vulnerability in Mediawiki includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php. | 4.3 |
2019-12-11 | CVE-2019-14317 | Wolfssl | Missing Encryption of Sensitive Data vulnerability in Wolfssl wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. | 4.3 |
2019-12-11 | CVE-2013-4968 | Puppet | Cross-site Scripting vulnerability in Puppet Enterprise Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management." | 4.3 |
2019-12-11 | CVE-2019-10772 | SVG Sanitizer Project | Cross-site Scripting vulnerability in Svg-Sanitizer Project Svg-Sanitizer It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the sanitizer. | 4.3 |
2019-12-11 | CVE-2019-15008 | Atlassian | Cross-site Scripting vulnerability in Atlassian Crucible The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter. | 4.3 |
2019-12-11 | CVE-2014-0026 | Redhat | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Subscription Asset Manager 1.0.0 katello-headpin is vulnerable to CSRF in REST API | 4.3 |
2019-12-11 | CVE-2013-7371 | Sencha Debian | Cross-site Scripting vulnerability in multiple products node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370) | 4.3 |
2019-12-11 | CVE-2013-7370 | Redhat Sencha Opensuse Debian | Cross-site Scripting vulnerability in multiple products node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | 4.3 |
2019-12-11 | CVE-2013-6495 | Redhat | Cross-site Scripting vulnerability in Redhat products JBossWeb Bayeux has reflected XSS | 4.3 |
2019-12-11 | CVE-2013-4158 | Smokeping Debian Fedoraproject | Cross-site Scripting vulnerability in multiple products smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) | 4.3 |
2019-12-11 | CVE-2019-19719 | Tableau | Cross-site Scripting vulnerability in Tableau Server Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page. | 4.3 |
2019-12-11 | CVE-2019-19708 | Mediawiki | Cross-site Scripting vulnerability in Mediawiki Visual Editor 1.34 The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute. | 4.3 |
2019-12-10 | CVE-2019-1481 | Microsoft | Out-of-bounds Read vulnerability in Microsoft Windows 7 An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player Information Disclosure Vulnerability'. | 4.3 |
2019-12-10 | CVE-2019-1480 | Microsoft | Out-of-bounds Read vulnerability in Microsoft Windows 7 An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player Information Disclosure Vulnerability'. | 4.3 |
2019-12-10 | CVE-2019-1467 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 4.3 |
2019-12-10 | CVE-2019-1466 | Microsoft | Out-of-bounds Read vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 4.3 |
2019-12-10 | CVE-2019-1465 | Microsoft | Out-of-bounds Read vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 4.3 |
2019-12-10 | CVE-2019-1464 | Microsoft | Information Exposure vulnerability in Microsoft Excel, Office and Office 365 Proplus An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. | 4.3 |
2019-12-10 | CVE-2019-13763 | Google Debian Fedoraproject Redhat | Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. | 4.3 |
2019-12-10 | CVE-2019-13761 | Google Debian Fedoraproject Redhat | Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 4.3 |
2019-12-10 | CVE-2019-13759 | Google Debian Fedoraproject Redhat | Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 4.3 |
2019-12-10 | CVE-2019-13758 | Google Debian Fedoraproject Redhat | Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 4.3 |
2019-12-10 | CVE-2019-13757 | Google Debian Fedoraproject Redhat | Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 4.3 |
2019-12-10 | CVE-2019-13756 | Google Debian Fedoraproject Redhat | Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 4.3 |
2019-12-10 | CVE-2019-13755 | Google Debian Fedoraproject Redhat | Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page. | 4.3 |
2019-12-10 | CVE-2019-13754 | Google Debian Fedoraproject Redhat | Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 4.3 |
2019-12-10 | CVE-2013-1689 | Mozilla | Improper Input Validation vulnerability in Mozilla Firefox Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames. | 4.3 |
2019-12-10 | CVE-2019-4095 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
2019-12-10 | CVE-2014-3656 | Redhat | Cross-site Scripting vulnerability in Redhat Jboss Keycloak JBoss KeyCloak: XSS in login-status-iframe.html | 4.3 |
2019-12-10 | CVE-2019-19698 | Libwav Project | NULL Pointer Dereference vulnerability in Libwav Project Libwav marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c. | 4.3 |
2019-12-09 | CVE-2013-0342 | Pyrad Project | Improper Input Validation vulnerability in Pyrad Project Pyrad The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294. | 4.3 |
2019-12-09 | CVE-2015-3425 | Accentis | Cross-site Scripting vulnerability in Accentis Content Resource Management System Cross-site scripting (XSS) vulnerability in Accentis Content Resource Management System before October 2015 patch allows remote attackers to inject arbitrary web script or HTML via the ctl00$cph_content$_uig_formState parameter. | 4.3 |
2019-12-09 | CVE-2014-0242 | Modwsgi | Information Exposure vulnerability in Modwsgi MOD Wsgi mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread. | 4.3 |
2019-12-13 | CVE-2019-5278 | Huawei | Out-of-bounds Read vulnerability in Huawei Campusinsight V100R019C00 There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. | 4.0 |
2019-12-13 | CVE-2019-5290 | Huawei | Improper Input Validation vulnerability in Huawei S5700 Firmware and S6700 Firmware Huawei S5700 and S6700 have a DoS security vulnerability. | 4.0 |
2019-12-11 | CVE-2019-0399 | SAP | Unspecified vulnerability in SAP Portfolio and Project Management SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure. | 4.0 |
2019-12-11 | CVE-2019-15009 | Atlassian | Unspecified vulnerability in Atlassian Crucible The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability. | 4.0 |
2019-12-10 | CVE-2019-1487 | Microsoft | Information Exposure vulnerability in Microsoft Authentication Library An information disclosure vulnerability in Android Apps using Microsoft Authentication Library (MSAL) 0.3.1-Alpha or later exists under specific conditions, aka 'Microsoft Authentication Library for Android Information Disclosure Vulnerability'. | 4.0 |
2019-12-10 | CVE-2019-1470 | Microsoft | Improper Input Validation vulnerability in Microsoft products An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | 4.0 |
41 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-12-14 | CVE-2019-5252 | Huawei | Improper Authentication vulnerability in Huawei products There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). | 3.6 |
2019-12-12 | CVE-2019-2338 | Qualcomm | Unspecified vulnerability in Qualcomm products Crafted image that has a valid signature from a non-QC entity can be loaded which can read/write memory that belongs to the secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130 | 3.6 |
2019-12-10 | CVE-2013-2183 | Monkey Project | Exposure of Resource to Wrong Sphere vulnerability in Monkey-Project Monkey Monkey HTTP Daemon has local security bypass | 3.6 |
2019-12-13 | CVE-2019-4426 | IBM | Cross-site Scripting vulnerability in IBM Business Automation Workflow and Case Manager The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and IBM Case Manager 5.1.1 through 5.3 is vulnerable to cross-site scripting. | 3.5 |
2019-12-12 | CVE-2019-13931 | Siemens | Cross-site Scripting vulnerability in Siemens XHQ 6.0.0.0 A vulnerability has been identified in XHQ (All versions < V6.0.0.2). | 3.5 |
2019-12-12 | CVE-2019-19198 | Scoutnet | Cross-site Scripting vulnerability in Scoutnet Kalender 1.1.0 The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS. | 3.5 |
2019-12-11 | CVE-2019-0395 | SAP | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability. | 3.5 |
2019-12-11 | CVE-2019-18378 | Symantec | Cross-site Scripting vulnerability in Symantec Messaging Gateway Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. | 3.5 |
2019-12-11 | CVE-2019-4665 | IBM | Cross-site Scripting vulnerability in IBM Spectrum Scale IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. | 3.5 |
2019-12-11 | CVE-2019-15007 | Atlassian | Cross-site Scripting vulnerability in Atlassian Crucible The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch. | 3.5 |
2019-12-10 | CVE-2019-1490 | Microsoft | Injection vulnerability in Microsoft Skype FOR Business 2019 A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'. | 3.5 |
2019-12-10 | CVE-2019-4663 | IBM | Cross-site Scripting vulnerability in IBM Websphere Application Server IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. | 3.5 |
2019-12-09 | CVE-2019-4611 | IBM | Cross-site Scripting vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. | 3.5 |
2019-12-09 | CVE-2019-4428 | IBM | Cross-site Scripting vulnerability in IBM Watson Assistant FOR IBM Cloud PAK FOR Data 1.0.0/1.3.0 IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. | 3.5 |
2019-12-09 | CVE-2019-19687 | Openstack | Insufficiently Protected Credentials vulnerability in Openstack Keystone 15.0.0/16.0.0 OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. | 3.5 |
2019-12-09 | CVE-2019-19682 | Nopcommerce | Cross-site Scripting vulnerability in Nopcommerce 4.20 nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/[id] Admin/Blog/BlogPostEdit/[id]. | 3.5 |
2019-12-09 | CVE-2019-19679 | Xpand IT | Cross-site Scripting vulnerability in Xpand-It Xray Test Mangaement In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action for a new Test Issue. | 3.5 |
2019-12-09 | CVE-2019-19678 | Xpand IT | Cross-site Scripting vulnerability in Xpand-It Xray Test Mangaement In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test issue. | 3.5 |
2019-12-12 | CVE-2019-5062 | W1 FI | Origin Validation Error vulnerability in W1.Fi Hostapd 2.6 An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. | 3.3 |
2019-12-12 | CVE-2019-5061 | W1 FI | Improper Authentication vulnerability in W1.Fi Hostapd 2.6 An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. | 3.3 |
2019-12-10 | CVE-2019-13762 | Google Debian Fedoraproject Redhat | Improper Locking vulnerability in multiple products Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code. | 3.3 |
2019-12-09 | CVE-2019-18380 | Symantec | Improper Authentication vulnerability in Symantec Industrial Control System Protection 6.0.0 Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication. | 3.3 |
2019-12-15 | CVE-2014-3536 | Redhat | Information Exposure Through Log Files vulnerability in Redhat Cloudforms Management Engine 5.0 CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration | 2.1 |
2019-12-13 | CVE-2019-5264 | Huawei | Unspecified vulnerability in Huawei products There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). | 2.1 |
2019-12-13 | CVE-2019-5258 | Huawei | Classic Buffer Overflow vulnerability in Huawei products Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a buffer overflow vulnerability. | 2.1 |
2019-12-13 | CVE-2019-5257 | Huawei | Classic Buffer Overflow vulnerability in Huawei products Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace) have a resource management vulnerability. | 2.1 |
2019-12-13 | CVE-2019-5256 | Huawei | NULL Pointer Dereference vulnerability in Huawei products Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a null pointer dereference vulnerability. | 2.1 |
2019-12-13 | CVE-2019-5255 | Huawei | Out-of-bounds Read vulnerability in Huawei products Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a DoS vulnerability. | 2.1 |
2019-12-13 | CVE-2014-0241 | Theforeman Redhat | Insufficiently Protected Credentials vulnerability in multiple products rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable | 2.1 |
2019-12-12 | CVE-2019-10618 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm Qca6390 Firmware Driver may access an invalid address while processing IO control due to lack of check of address validation in Snapdragon Connectivity in QCA6390 | 2.1 |
2019-12-12 | CVE-2019-10545 | Qualcomm | NULL Pointer Dereference vulnerability in Qualcomm products Null pointer dereference issue in kernel due to missing check related to LLC support in GPU in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM670, SDM710, SM6150, SM7150, SM8150 | 2.1 |
2019-12-12 | CVE-2019-10484 | Qualcomm | Use After Free vulnerability in Qualcomm products Use after free issue occurs when command destructors access dynamically allocated response buffer which is already deallocated during previous command teardwon sequence in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8098, MSM8909W, Nicobar, QCS405, QCS605, SDA845, SDM660, SDM670, SDM710, SDM845, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2.1 |
2019-12-11 | CVE-2019-0402 | SAP | Unspecified vulnerability in SAP Adaptive Server Enterprise 16.0 SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure. | 2.1 |
2019-12-10 | CVE-2019-1488 | Microsoft | Unspecified vulnerability in Microsoft products A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers, aka 'Microsoft Defender Security Feature Bypass Vulnerability'. | 2.1 |
2019-12-10 | CVE-2019-1474 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. | 2.1 |
2019-12-10 | CVE-2019-1472 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. | 2.1 |
2019-12-10 | CVE-2019-1469 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 2.1 |
2019-12-10 | CVE-2019-1463 | Microsoft | Information Exposure vulnerability in Microsoft Office and Office 365 Proplus An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. | 2.1 |
2019-12-10 | CVE-2019-1400 | Microsoft | Information Exposure vulnerability in Microsoft Office and Office 365 Proplus An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. | 2.1 |
2019-12-10 | CVE-2019-6192 | Lenovo | Classic Buffer Overflow vulnerability in Lenovo Power Management Driver A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service. | 2.1 |
2019-12-09 | CVE-2019-19645 | Sqlite Netapp Oracle Tenable Siemens | Uncontrolled Recursion vulnerability in multiple products alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. | 2.1 |