Weekly Vulnerabilities Reports > December 23 to 29, 2019
Overview
225 new vulnerabilities reported during this period, including 33 critical vulnerabilities and 76 high severity vulnerabilities. This weekly summary report vulnerabilities in 213 products from 126 vendors including Debian, Opensuse, F5, Canonical, and Fedoraproject. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Out-of-bounds Read", "Improper Authentication", and "Cross-Site Request Forgery (CSRF)".
- 187 reported vulnerabilities are remotely exploitables.
- 22 reported vulnerabilities have public exploit available.
- 60 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 171 reported vulnerabilities are exploitable by an anonymous user.
- Debian has the most reported vulnerabilities, with 32 reported vulnerabilities.
- Debian has the most reported critical vulnerabilities, with 7 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
33 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-12-24 | CVE-2019-10758 | Mongo Express Project | Unspecified vulnerability in Mongo-Express Project Mongo-Express mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. | 9.9 |
2019-12-27 | CVE-2014-5289 | Senkas Kolibri Project | Improper Input Validation vulnerability in Senkas Kolibri Project Senkas Kolibri 2.0 Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request. | 9.8 |
2019-12-27 | CVE-2019-20049 | AL Enterprise | Unspecified vulnerability in Al-Enterprise Omnivista 4760 An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. | 9.8 |
2019-12-27 | CVE-2013-5027 | O DYN | Improper Privilege Management vulnerability in O-Dyn Collabtive 1.0 Collabtive 1.0 has incorrect access control | 9.8 |
2019-12-27 | CVE-2007-0158 | Acme | Out-of-bounds Write vulnerability in Acme Thttpd 2007 thttpd 2007 has buffer underflow. | 9.8 |
2019-12-27 | CVE-2013-4982 | Avtech | Improper Authentication vulnerability in Avtech Avn801 DVR Firmware 1017100310091003 AVTECH AVN801 DVR has a security bypass via the administration login captcha | 9.8 |
2019-12-27 | CVE-2013-4976 | Hikvision | Improper Authentication vulnerability in Hikvision Ds-2Cd7153-E Firmware Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials | 9.8 |
2019-12-27 | CVE-2013-4743 | Static Http Server Project | Classic Buffer Overflow vulnerability in Static Http Server Project Static Http Server 1.0 Static HTTP Server 1.0 has a Local Overflow | 9.8 |
2019-12-27 | CVE-2013-4621 | Magdevgroup | Improper Authentication vulnerability in Magdevgroup Magnolia CMS Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities | 9.8 |
2019-12-27 | CVE-2019-19781 | Citrix | Path Traversal vulnerability in Citrix products An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. | 9.8 |
2019-12-27 | CVE-2019-20041 | Wordpress Debian | Improper Input Validation vulnerability in multiple products wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring. | 9.8 |
2019-12-26 | CVE-2013-3088 | Belkin | Improper Authentication vulnerability in Belkin N900 Firmware 1.00.23 Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging". | 9.8 |
2019-12-26 | CVE-2013-3085 | Belkin | Improper Authentication vulnerability in Belkin F5D8236-4 Firmware An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2. | 9.8 |
2019-12-26 | CVE-2019-19398 | Huawei | Improper Input Validation vulnerability in Huawei M5 Lite 10 Firmware 8.0.0.182(C00) M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input validation vulnerability. | 9.8 |
2019-12-26 | CVE-2019-16327 | Dlink | Improper Authentication vulnerability in Dlink Dir-601 Firmware 2.00Na D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. | 9.8 |
2019-12-26 | CVE-2019-19977 | Libesmtp Project | Out-of-bounds Read vulnerability in Libesmtp Project Libesmtp 1.0.6 libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read. | 9.8 |
2019-12-24 | CVE-2019-19952 | Imagemagick | Use After Free vulnerability in Imagemagick In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage. | 9.8 |
2019-12-24 | CVE-2019-19951 | Graphicsmagick Debian Opensuse | Out-of-bounds Write vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. | 9.8 |
2019-12-24 | CVE-2019-19950 | Graphicsmagick Debian Opensuse | Use After Free vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. | 9.8 |
2019-12-24 | CVE-2019-19948 | Imagemagick Debian Opensuse Canonical | Out-of-bounds Write vulnerability in multiple products In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. | 9.8 |
2019-12-23 | CVE-2019-12568 | Open Tftp Server Project | Out-of-bounds Write vulnerability in Open Tftp Server Project Open Tftp Server 1.64/1.66 Stack-based overflow vulnerability in the logMess function in Open TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12567. | 9.8 |
2019-12-23 | CVE-2019-12567 | Open Tftp Server Project | Out-of-bounds Write vulnerability in Open Tftp Server Project Open Tftp Server 1.64/1.65 Stack-based overflow vulnerability in the logMess function in Open TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12568. | 9.8 |
2019-12-23 | CVE-2018-10389 | Open Tftp Server Project | Use of Externally-Controlled Format String vulnerability in Open Tftp Server Project Open Tftp Server 1.64/1.65 Format string vulnerability in the logMess function in TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet. | 9.8 |
2019-12-23 | CVE-2018-10388 | Open Tftp Server Project | Use of Externally-Controlled Format String vulnerability in Open Tftp Server Project Open Tftp Server 1.64/1.66 Format string vulnerability in the logMess function in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet. | 9.8 |
2019-12-23 | CVE-2018-10387 | Open Tftp Server Project | Out-of-bounds Write vulnerability in Open Tftp Server Project Open Tftp Server 1.64/1.66 Heap-based overflow vulnerability in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or possibly execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2008-2161. | 9.8 |
2019-12-23 | CVE-2019-8293 | Abcprintf | Unrestricted Upload of File with Dangerous Type vulnerability in Abcprintf Upload-Image-With-Ajax 1.0 Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution. | 9.8 |
2019-12-23 | CVE-2019-7489 | Sonicwall | Unspecified vulnerability in Sonicwall Email Security Appliance 10.0.2/7.4.5/7.5 A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. | 9.8 |
2019-12-23 | CVE-2019-7488 | Sonicwall | Weak Password Requirements vulnerability in Sonicwall Email Security Appliance 10.0.2/7.4.5/7.5 Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. | 9.8 |
2019-12-23 | CVE-2019-3431 | ZTE | Insufficiently Protected Credentials vulnerability in ZTE Zxcloud Goldendata VAP Zxivsvapportalxzgav4.01.01.02 All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. | 9.8 |
2019-12-23 | CVE-2019-18234 | Equinoxce | SQL Injection vulnerability in Equinoxce Control Expert Equinox Control Expert all versions, is vulnerable to an SQL injection attack, which may allow an attacker to remotely execute arbitrary code. | 9.8 |
2019-12-23 | CVE-2019-11049 | PHP Fedoraproject Debian Tenable | Double Free vulnerability in multiple products In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations. | 9.8 |
2019-12-24 | CVE-2019-19953 | Graphicsmagick Debian Opensuse | Out-of-bounds Read vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. | 9.1 |
2019-12-24 | CVE-2019-19949 | Imagemagick Debian Opensuse Canonical | Out-of-bounds Read vulnerability in multiple products In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. | 9.1 |
76 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-12-29 | CVE-2019-20063 | Symonics | Improper Initialization vulnerability in Symonics Libmysofa hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json. | 8.8 |
2019-12-27 | CVE-2014-3136 | Dlink | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dwr-113 Firmware 2.02 Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. | 8.8 |
2019-12-27 | CVE-2013-4975 | Hikvision | Improper Privilege Management vulnerability in Hikvision Ds-2Cd7153-E Firmware 4.1.0B130111 Hikvision DS-2CD7153-E IP Camera has Privilege Escalation | 8.8 |
2019-12-27 | CVE-2013-4796 | Reviewboard | Unrestricted Upload of File with Dangerous Type vulnerability in Reviewboard 1.6.17 ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request | 8.8 |
2019-12-27 | CVE-2019-20014 | GNU Opensuse | Double Free vulnerability in multiple products An issue was discovered in GNU LibreDWG before 0.93. | 8.8 |
2019-12-27 | CVE-2019-20011 | GNU Opensuse | Out-of-bounds Read vulnerability in multiple products An issue was discovered in GNU LibreDWG 0.92. | 8.8 |
2019-12-27 | CVE-2019-20010 | GNU Opensuse | Use After Free vulnerability in multiple products An issue was discovered in GNU LibreDWG 0.92. | 8.8 |
2019-12-26 | CVE-2013-2011 | Automattic | Improper Encoding or Escaping of Output vulnerability in Automattic W3 Super Cache WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. | 8.8 |
2019-12-26 | CVE-2012-3462 | Fedoraproject | Improper Authentication vulnerability in Fedoraproject Sssd 1.9.0 A flaw was found in SSSD version 1.9.0. | 8.8 |
2019-12-26 | CVE-2019-19995 | Intelbras | Cross-Site Request Forgery (CSRF) vulnerability in Intelbras IWR 3000N Firmware 1.8.7 A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user. | 8.8 |
2019-12-26 | CVE-2019-16326 | Dlink | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-601 Firmware 2.00Na D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. | 8.8 |
2019-12-26 | CVE-2019-6030 | Custom Body Class Project | Cross-Site Request Forgery (CSRF) vulnerability in Custom Body Class Project Custom Body Class Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
2019-12-26 | CVE-2019-6027 | Wpspellcheck | Cross-Site Request Forgery (CSRF) vulnerability in Wpspellcheck Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1.9 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
2019-12-26 | CVE-2019-6014 | Dlink | OS Command Injection vulnerability in Dlink Dba-1510P Firmware 1.70B005/1.70B009 DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface. | 8.8 |
2019-12-26 | CVE-2019-19681 | Artica | Incorrect Authorization vulnerability in Artica Pandora FMS 7.0 Pandora FMS 7.x suffers from remote code execution vulnerability. | 8.8 |
2019-12-26 | CVE-2019-19979 | WP Maintenance Project | Cross-site Scripting vulnerability in WP Maintenance Project WP Maintenance A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. | 8.8 |
2019-12-23 | CVE-2019-18211 | Orckestra | Deserialization of Untrusted Data vulnerability in Orckestra C1 CMS An issue was discovered in Orckestra C1 CMS through 6.6. | 8.8 |
2019-12-23 | CVE-2019-5276 | Huawei | Classic Buffer Overflow vulnerability in Huawei Elle-Al00B Firmware Huawei smart phones with earlier versions than ELLE-AL00B 9.1.0.222(C00E220R2P1) have a buffer overflow vulnerability. | 8.8 |
2019-12-23 | CVE-2019-19931 | MZ Automation | Out-of-bounds Write vulnerability in Mz-Automation Libiec61850 1.4.0 In libIEC61850 1.4.0, MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c has a heap-based buffer overflow. | 8.8 |
2019-12-26 | CVE-2019-16789 | Agendaless Oracle Debian Fedoraproject Redhat | HTTP Request Smuggling vulnerability in multiple products In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. | 8.2 |
2019-12-27 | CVE-2013-4859 | Insteon | Incorrect Default Permissions vulnerability in Insteon HUB Firmware 2242222 INSTEON Hub 2242-222 lacks Web and API authentication | 8.1 |
2019-12-27 | CVE-2012-4980 | Toshiba | Out-of-bounds Write vulnerability in Toshiba Configfree Utility 8.0.38 Multiple stack-based buffer overflows in CFProfile.exe in Toshiba ConfigFree Utility 8.0.38 allow user-assisted attackers to execute arbitrary code. | 7.8 |
2019-12-27 | CVE-2019-16896 | K7Computing | Link Following vulnerability in K7Computing K7 Ultimate Security 16.0.0117 In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the backup module) improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality. | 7.8 |
2019-12-27 | CVE-2013-4695 | Winamp | Release of Invalid Pointer or Reference vulnerability in Winamp 5.63 Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution | 7.8 |
2019-12-26 | CVE-2019-6026 | Motex | Unspecified vulnerability in Motex products Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope Cat server monitoring agent (SA, SAE) prior to Ver.9.2.2.0, LanScope An prior to Ver 2.7.7.0 (LanScope An 2 series), and LanScope An prior to Ver 3.0.8.1 (LanScope An 3 series)) allow authenticated attackers to obtain unauthorized privileges and execute arbitrary code. | 7.8 |
2019-12-26 | CVE-2019-6019 | IPA | Untrusted Search Path vulnerability in IPA Stamp Workbench Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
2019-12-26 | CVE-2019-6008 | Yokogawa | Unquoted Search Path or Element vulnerability in Yokogawa products An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges. | 7.8 |
2019-12-24 | CVE-2019-5702 | Nvidia | Unspecified vulnerability in Nvidia Geforce Experience NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges. | 7.8 |
2019-12-23 | CVE-2019-5539 | Vmware | Uncontrolled Search Path Element vulnerability in VMWare Horizon View Agent and Workstation VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. | 7.8 |
2019-12-23 | CVE-2019-18236 | WE CON | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in We-Con PLC Editor 1.3.5 Multiple buffer overflow vulnerabilities exist when the PLC Editor Version 1.3.5_20190129 processes project files. | 7.8 |
2019-12-23 | CVE-2019-3467 | Debian Skolelinux Canonical | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals. | 7.8 |
2019-12-23 | CVE-2019-6685 | F5 | Improper Privilege Management vulnerability in F5 products On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution. | 7.8 |
2019-12-23 | CVE-2019-18389 | Virglrenderer Project Redhat Opensuse Debian | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands. | 7.8 |
2019-12-23 | CVE-2019-19929 | Malwarebytes | Untrusted Search Path vulnerability in Malwarebytes Adwcleaner An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded by the product. | 7.8 |
2019-12-27 | CVE-2019-20047 | AL Enterprise | Insufficiently Protected Credentials vulnerability in Al-Enterprise Omnivista 4760 and Omnivista 8770 An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. | 7.5 |
2019-12-27 | CVE-2013-4985 | Vivotek | Incorrect Authorization vulnerability in Vivotek Ip7160 Firmware, Ip7361 Firmware and Ip8332 Firmware Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream | 7.5 |
2019-12-26 | CVE-2019-20006 | Ezxml Project | Use After Free vulnerability in Ezxml Project Ezxml An issue was discovered in ezXML 0.8.3 through 0.8.6. | 7.5 |
2019-12-26 | CVE-2015-5290 | Ratbox | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ratbox Ircd-Ratbox 3.0.9 A Denial of Service vulnerability exists in ircd-ratbox 3.0.9 in the MONITOR Command Handler. | 7.5 |
2019-12-26 | CVE-2012-4420 | Oracle | Information Exposure vulnerability in Oracle JDK 7.0 An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation). | 7.5 |
2019-12-26 | CVE-2019-5275 | Huawei | Out-of-bounds Write vulnerability in Huawei Usg9500 Firmware V500R001C30/V500R001C60 USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. | 7.5 |
2019-12-26 | CVE-2019-5274 | Huawei | Infinite Loop vulnerability in Huawei Usg9500 Firmware V500R001C30/V500R001C60 USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. | 7.5 |
2019-12-26 | CVE-2019-5273 | Huawei | Classic Buffer Overflow vulnerability in Huawei Usg9500 Firmware V500R001C30/V500R001C60 USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. | 7.5 |
2019-12-26 | CVE-2019-19996 | Intelbras | Unspecified vulnerability in Intelbras IWR 3000N Firmware 1.8.7 An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. | 7.5 |
2019-12-26 | CVE-2019-19998 | Xiuno | XXE vulnerability in Xiuno Xiunobbs 4.0 Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php. | 7.5 |
2019-12-25 | CVE-2019-19967 | UPC | Cleartext Transmission of Sensitive Information vulnerability in UPC Connect BOX Eurodocsis Firmware Ch7465Lgncip6.12.18.252P6Nosh The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/setter.xml URI. | 7.5 |
2019-12-25 | CVE-2019-19962 | Wolfssl | Improper Verification of Cryptographic Signature vulnerability in Wolfssl wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography. | 7.5 |
2019-12-24 | CVE-2019-19925 | Sqlite Siemens Oracle Debian Redhat Suse Opensuse Netapp | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. | 7.5 |
2019-12-24 | CVE-2019-19956 | Xmlsoft Debian Oracle Fedoraproject Canonical Netapp Siemens | Memory Leak vulnerability in multiple products xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. | 7.5 |
2019-12-24 | CVE-2019-19923 | Sqlite Siemens Oracle Debian Redhat Suse Opensuse Netapp | NULL Pointer Dereference vulnerability in multiple products flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. | 7.5 |
2019-12-24 | CVE-2019-19695 | Trendmicro | Link Following vulnerability in Trendmicro Antivirus 9.0/9.0.1379 A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it. | 7.5 |
2019-12-23 | CVE-2019-8463 | Checkpoint | Link Following vulnerability in Checkpoint Endpoint Security Clients E81.00 A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations. | 7.5 |
2019-12-23 | CVE-2019-6684 | F5 | Unspecified vulnerability in F5 products On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, under certain conditions, a multi-bladed BIG-IP Virtual Clustered Multiprocessing (vCMP) may drop broadcast packets when they are rebroadcast to the vCMP guest secondary blades. | 7.5 |
2019-12-23 | CVE-2019-6683 | F5 | Resource Exhaustion vulnerability in F5 products On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IP virtual servers with Loose Initiation enabled on a FastL4 profile may be subject to excessive flow usage under undisclosed conditions. | 7.5 |
2019-12-23 | CVE-2019-6681 | F5 | Memory Leak vulnerability in F5 Big-Ip Local Traffic Manager On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a memory leak in Multicast Forwarding Cache (MFC) handling in tmrouted. | 7.5 |
2019-12-23 | CVE-2019-6680 | F5 | Unspecified vulnerability in F5 products On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5, while processing traffic through a standard virtual server that targets a FastL4 virtual server (VIP on VIP), hardware appliances may stop responding. | 7.5 |
2019-12-23 | CVE-2019-5266 | Huawei | Improper Input Validation vulnerability in Huawei P30 Firmware 9.1.0.193(C00E190R2P1) Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an insufficient input validation vulnerability. | 7.5 |
2019-12-23 | CVE-2019-5265 | Huawei | Unspecified vulnerability in Huawei P30 Firmware 9.1.0.193(C00E190R2P1) Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an improper access control vulnerability. | 7.5 |
2019-12-23 | CVE-2019-6682 | F5 | Resource Exhaustion vulnerability in F5 Big-Ip Application Security Manager On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP ASM system may consume excessive resources when processing certain types of HTTP responses from the origin web server. | 7.5 |
2019-12-23 | CVE-2019-6677 | F5 | Unspecified vulnerability in F5 products On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, under certain conditions when using custom TCP congestion control settings in a TCP profile, TMM stops processing traffic when processed by an iRule. | 7.5 |
2019-12-23 | CVE-2019-6676 | F5 | Unspecified vulnerability in F5 products On versions 15.0.0-15.0.1, 14.0.0-14.1.2.2, and 13.1.0-13.1.3.1, TMM may restart on BIG-IP Virtual Edition (VE) when using virtio direct descriptors and packets 2 KB or larger. | 7.5 |
2019-12-23 | CVE-2019-17563 | Apache Debian Opensuse Canonical Oracle | Session Fixation vulnerability in multiple products When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. | 7.5 |
2019-12-23 | CVE-2019-11044 | PHP Tenable Fedoraproject | In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. | 7.5 |
2019-12-23 | CVE-2019-19926 | Sqlite Siemens Oracle Debian Redhat Opensuse Suse Netapp | NULL Pointer Dereference vulnerability in multiple products multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. | 7.5 |
2019-12-26 | CVE-2019-6032 | NTV | Improper Certificate Validation vulnerability in NTV News 24 The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 7.4 |
2019-12-23 | CVE-2019-6687 | F5 | Improper Certificate Validation vulnerability in F5 Big-Ip Application Security Manager On versions 15.0.0-15.0.1.1, the BIG-IP ASM Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints. | 7.4 |
2019-12-24 | CVE-2019-19954 | Signal | Uncontrolled Search Path Element vulnerability in Signal Signal-Desktop Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file. | 7.3 |
2019-12-27 | CVE-2019-20048 | AL Enterprise | Unrestricted Upload of File with Dangerous Type vulnerability in Al-Enterprise Omnivista 8770 An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. | 7.2 |
2019-12-26 | CVE-2019-6012 | TMS Outsource | SQL Injection vulnerability in Tms-Outsource Wpdatatables Lite SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 7.2 |
2019-12-26 | CVE-2019-15695 | Tigervnc Opensuse | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. | 7.2 |
2019-12-26 | CVE-2019-15694 | Tigervnc Opensuse | Out-of-bounds Write vulnerability in multiple products TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. | 7.2 |
2019-12-26 | CVE-2019-15693 | Tigervnc | Out-of-bounds Write vulnerability in Tigervnc TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. | 7.2 |
2019-12-26 | CVE-2019-15692 | Tigervnc Opensuse | Out-of-bounds Write vulnerability in multiple products TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. | 7.2 |
2019-12-26 | CVE-2019-15691 | Tigervnc Opensuse | Operation on a Resource after Expiration or Release vulnerability in multiple products TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. | 7.2 |
2019-12-26 | CVE-2019-19999 | Halo | Server-Side Request Forgery (SSRF) vulnerability in Halo Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration. | 7.2 |
2019-12-23 | CVE-2019-18390 | Virglrenderer Project Redhat Opensuse Debian | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands. | 7.1 |
2019-12-23 | CVE-2019-12418 | Apache Debian Oracle Canonical Opensuse Netapp | When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. | 7.0 |
114 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-12-26 | CVE-2019-6013 | Dlink | OS Command Injection vulnerability in Dlink Dba-1510P Firmware 1.70B005/1.70B009 DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI). | 6.6 |
2019-12-29 | CVE-2019-20056 | Nothings | Reachable Assertion vulnerability in Nothings STB Image.H 2.23 stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned. | 6.5 |
2019-12-29 | CVE-2019-20055 | Liquidpixels | Server-Side Request Forgery (SSRF) vulnerability in Liquidpixels Liquifire OS 4.8.0 LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substring followed by a URL in square brackets. | 6.5 |
2019-12-27 | CVE-2019-20052 | Matio Project | Memory Leak vulnerability in Matio Project Matio 1.5.17 A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case. | 6.5 |
2019-12-27 | CVE-2013-4665 | Spbas | Cross-Site Request Forgery (CSRF) vulnerability in Spbas Business Automation Software 2012 SPBAS Business Automation Software 2012 has CSRF. | 6.5 |
2019-12-27 | CVE-2019-20024 | Libsixel Project | Out-of-bounds Write vulnerability in Libsixel Project Libsixel A heap-based buffer overflow was discovered in image_buffer_resize in fromsixel.c in libsixel before 1.8.4. | 6.5 |
2019-12-27 | CVE-2019-20023 | Libsixel Project | Memory Leak vulnerability in Libsixel Project Libsixel A memory leak was discovered in image_buffer_resize in fromsixel.c in libsixel 1.8.4. | 6.5 |
2019-12-27 | CVE-2019-20022 | Libsixel Project | Operation on a Resource after Expiration or Release vulnerability in Libsixel Project Libsixel An invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3. | 6.5 |
2019-12-27 | CVE-2019-20020 | Matio Project | Out-of-bounds Read vulnerability in Matio Project Matio 1.5.17 A stack-based buffer over-read was discovered in ReadNextStructField in mat5.c in matio 1.5.17. | 6.5 |
2019-12-27 | CVE-2019-20019 | Matio Project | Allocation of Resources Without Limits or Throttling vulnerability in Matio Project Matio 1.5.17 An attempted excessive memory allocation was discovered in Mat_VarRead5 in mat5.c in matio 1.5.17. | 6.5 |
2019-12-27 | CVE-2019-20018 | Matio Project | Out-of-bounds Read vulnerability in Matio Project Matio 1.5.17 A stack-based buffer over-read was discovered in ReadNextCell in mat5.c in matio 1.5.17. | 6.5 |
2019-12-27 | CVE-2019-20017 | Matio Project | Out-of-bounds Read vulnerability in Matio Project Matio 1.5.17 A stack-based buffer over-read was discovered in Mat_VarReadNextInfo5 in mat5.c in matio 1.5.17. | 6.5 |
2019-12-27 | CVE-2019-20016 | Symonics | Out-of-bounds Write vulnerability in Symonics Libmysofa libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack consumption in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c. | 6.5 |
2019-12-27 | CVE-2019-20015 | GNU Opensuse | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in GNU LibreDWG 0.92. | 6.5 |
2019-12-27 | CVE-2019-20013 | GNU Opensuse | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in GNU LibreDWG before 0.93. | 6.5 |
2019-12-27 | CVE-2019-20012 | GNU Opensuse | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in GNU LibreDWG 0.92. | 6.5 |
2019-12-27 | CVE-2019-20009 | GNU Opensuse | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in GNU LibreDWG before 0.93. | 6.5 |
2019-12-26 | CVE-2019-20007 | Ezxml Project | NULL Pointer Dereference vulnerability in Ezxml Project Ezxml An issue was discovered in ezXML 0.8.2 through 0.8.6. | 6.5 |
2019-12-26 | CVE-2019-20005 | Ezxml Project | Out-of-bounds Read vulnerability in Ezxml Project Ezxml An issue was discovered in ezXML 0.8.3 through 0.8.6. | 6.5 |
2019-12-26 | CVE-2019-6024 | Rakuten | Insufficiently Protected Credentials vulnerability in Rakuten Rakuma Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user's authentication information via a malicious application created by the third party. | 6.5 |
2019-12-26 | CVE-2019-6022 | Cybozu | Path Traversal vulnerability in Cybozu Office Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function. | 6.5 |
2019-12-24 | CVE-2019-19958 | MZ Automation | Allocation of Resources Without Limits or Throttling vulnerability in Mz-Automation Libiec61850 1.4.0 In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service. | 6.5 |
2019-12-24 | CVE-2019-19957 | MZ Automation | Out-of-bounds Read vulnerability in Mz-Automation Libiec61850 1.4.0 In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_access_result.c has an out-of-bounds read vulnerability, related to bufPos and elementLength. | 6.5 |
2019-12-23 | CVE-2019-5108 | Linux Debian Canonical Netapp Oracle | Improper Authentication vulnerability in multiple products An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. | 6.5 |
2019-12-23 | CVE-2019-19944 | MZ Automation | Out-of-bounds Read vulnerability in Mz-Automation Libiec61850 1.4.0 In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c has an out-of-bounds read, related to intLen and bufPos. | 6.5 |
2019-12-23 | CVE-2019-19337 | Redhat | Unspecified vulnerability in Redhat Ceph Storage 3.3 A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. | 6.5 |
2019-12-23 | CVE-2019-19930 | MZ Automation | Integer Overflow or Wraparound vulnerability in Mz-Automation Libiec61850 1.4.0 In libIEC61850 1.4.0, MmsValue_newOctetString in mms/iso_mms/common/mms_value.c has an integer signedness error that can lead to an attempted excessive memory allocation. | 6.5 |
2019-12-23 | CVE-2019-11050 | PHP Debian Canonical Fedoraproject Opensuse Tenable | Out-of-bounds Read vulnerability in multiple products When PHP EXIF extension is parsing EXIF information from an image, e.g. | 6.5 |
2019-12-23 | CVE-2019-11047 | PHP Fedoraproject Debian Canonical | Out-of-bounds Read vulnerability in multiple products When PHP EXIF extension is parsing EXIF information from an image, e.g. | 6.5 |
2019-12-27 | CVE-2013-4867 | EA | Improper Privilege Management vulnerability in EA Karotz Smart Rabbit Firmware 12.07.19.00 Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking | 6.3 |
2019-12-26 | CVE-2019-19984 | Icegram | Incorrect Authorization vulnerability in Icegram Email Subscribers & Newsletters The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns. | 6.3 |
2019-12-29 | CVE-2019-20058 | Boltcms | Cross-site Scripting vulnerability in Boltcms Bolt 3.7.0 Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. | 6.1 |
2019-12-27 | CVE-2014-6420 | Livefyre | Cross-site Scripting vulnerability in Livefyre Livecomments 3.0 Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture. | 6.1 |
2019-12-27 | CVE-2014-4550 | Visualshortcodes | Cross-site Scripting vulnerability in Visualshortcodes Ninja 1.4 Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter. | 6.1 |
2019-12-27 | CVE-2014-4536 | Katz | Cross-site Scripting vulnerability in Katz Infusionsoft Gravity Forms Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter. | 6.1 |
2019-12-27 | CVE-2014-4535 | Import Legacy Media Project | Cross-site Scripting vulnerability in Import Legacy Media Project Import Legacy Media 0.1 Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. | 6.1 |
2019-12-27 | CVE-2014-4567 | Videowhisper | Cross-site Scripting vulnerability in Videowhisper Video Comments Webcam Recorder 1.45/1.45.2/1.55 Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_logout.php in the Video Comments Webcam Recorder plugin 1.55, as downloaded before 20140116 for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter. | 6.1 |
2019-12-27 | CVE-2014-4558 | Cybercompany | Cross-site Scripting vulnerability in Cybercompany Swipehq-Payment-Gateway-Woocommerce Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter. | 6.1 |
2019-12-27 | CVE-2014-4548 | Ruven Toolkit Project | Cross-site Scripting vulnerability in Ruven-Toolkit Project Ruven-Toolkit 1.1 Cross-site scripting (XSS) vulnerability in tinymce/popup.php in the Ruven Toolkit plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the popup parameter. | 6.1 |
2019-12-27 | CVE-2014-4544 | Podcast Channels Project | Cross-site Scripting vulnerability in Podcast Channels Project Podcast Channels 0.1/0.20 Cross-site scripting (XSS) vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the Filename parameter to getid3/demos/demo.write.php. | 6.1 |
2019-12-27 | CVE-2014-4539 | Movies Project | Cross-site Scripting vulnerability in Movies Project Movies Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. | 6.1 |
2019-12-27 | CVE-2014-4592 | Czepol | Cross-site Scripting vulnerability in Czepol Wp-Planet 0.1 Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 6.1 |
2019-12-27 | CVE-2014-4519 | Conversador Project | Cross-site Scripting vulnerability in Conversador Project Conversador 2.61 Cross-site scripting (XSS) vulnerability in the Conversador plugin 2.61 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the 'page' parameter. | 6.1 |
2019-12-27 | CVE-2013-4692 | Xorbin | Cross-site Scripting vulnerability in Xorbin Analog Flash Clock 1.0 Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS | 6.1 |
2019-12-27 | CVE-2013-4693 | Xorbin | Cross-site Scripting vulnerability in Xorbin Digital Flash Clock 1.0 WordPress Xorbin Digital Flash Clock 1.0 has XSS | 6.1 |
2019-12-27 | CVE-2013-4691 | Sencha | Cross-site Scripting vulnerability in Sencha Connect Sencha Labs Connect has XSS with connect.methodOverride() | 6.1 |
2019-12-27 | CVE-2013-4664 | Spbas | Cross-site Scripting vulnerability in Spbas Business Automation Software 2012 SPBAS Business Automation Software 2012 has XSS. | 6.1 |
2019-12-27 | CVE-2014-4559 | Cybercompay | Cross-site Scripting vulnerability in Cybercompay Swipehq-Payment-Gateway-Wp-E-Commerce Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php in the Swipe Checkout for WP e-Commerce plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) api_key, (2) payment_page_url, (3) merchant_id, (4) api_url, or (5) currency parameter. | 6.1 |
2019-12-27 | CVE-2014-4525 | Winwar | Cross-site Scripting vulnerability in Winwar WP Ebay Product Feeds Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in the Ebay Feeds for WordPress plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter. | 6.1 |
2019-12-27 | CVE-2014-4523 | Easy Career Openings Project | Cross-site Scripting vulnerability in Easy Career Openings Project Easy Career Openings 0.4 Cross-site scripting (XSS) vulnerability in the Easy Career Openings plugin 0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 6.1 |
2019-12-27 | CVE-2019-20042 | Wordpress Debian | Cross-site Scripting vulnerability in multiple products In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. | 6.1 |
2019-12-26 | CVE-2019-6035 | Yahoo | Open Redirect vulnerability in Yahoo Athenz Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page. | 6.1 |
2019-12-26 | CVE-2019-6034 | Appleple | Injection vulnerability in Appleple A-Blog CMS a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors. | 6.1 |
2019-12-26 | CVE-2019-6033 | Appleple | Cross-site Scripting vulnerability in Appleple A-Blog CMS Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
2019-12-26 | CVE-2019-6031 | Dayz | Cross-site Scripting vulnerability in Dayz Kinza Cross-site scripting vulnerability in KINZA for Windows version 5.9.2 and earlier and for Mac version 5.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via RSS reader. | 6.1 |
2019-12-26 | CVE-2019-6029 | Custom Body Class Project | Cross-site Scripting vulnerability in Custom Body Class Project Custom Body Class Cross-site scripting vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
2019-12-26 | CVE-2019-6025 | Sixapart | Open Redirect vulnerability in Sixapart Movable Type Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | 6.1 |
2019-12-26 | CVE-2019-6021 | Ricoh | Open Redirect vulnerability in Ricoh Limedio Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | 6.1 |
2019-12-26 | CVE-2019-6020 | Alfasado | Open Redirect vulnerability in Alfasado Powercms Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x), 4.42 and earlier (PowerCMS 4.x), and 3.293 and earlier (PowerCMS 3.x) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | 6.1 |
2019-12-26 | CVE-2019-6018 | Netcommons | Cross-site Scripting vulnerability in Netcommons Cross-site scripting vulnerability in NetCommons 3.2.2 and earlier (NetCommons3.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
2019-12-26 | CVE-2019-6016 | Remise | Cross-site Scripting vulnerability in Remise Payment Module Cross-site scripting vulnerability in REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
2019-12-26 | CVE-2019-6011 | TMS Outsource | Cross-site Scripting vulnerability in Tms-Outsource Wpdatatables Lite Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
2019-12-26 | CVE-2019-19540 | Cridio | Cross-site Scripting vulnerability in Cridio Listingpro The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage. | 6.1 |
2019-12-26 | CVE-2018-18288 | Crushftp | Open Redirect vulnerability in Crushftp CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redirection. | 6.1 |
2019-12-24 | CVE-2019-18249 | Reliablecontrols | Cross-site Scripting vulnerability in Reliablecontrols Mach-Prowebcom Firmware and Mach-Prowebsys Firmware Reliable Controls MACH-ProWebCom/Sys, all versions prior to 2.15 (Firmware versions prior to 8.26.4), may allow attacker to execute commands on behalf of the user when an authenticated user clicks on a malicious link. | 6.1 |
2019-12-26 | CVE-2019-20000 | Bullguard | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Bullguard Premium Protection 20.0.371.8 The malware scan function in BullGuard Premium Protection 20.0.371.8 has a TOCTOU issue that enables a symbolic link attack, allowing privileged files to be deleted. | 5.9 |
2019-12-23 | CVE-2019-6147 | Forcepoint | Incorrect Type Conversion or Cast vulnerability in Forcepoint Next Generation Firewall Security Management Center Forcepoint NGFW Security Management Center (SMC) versions lower than 6.5.12 or 6.7.1 have a rare issue that in specific circumstances can corrupt the internal configuration database. | 5.9 |
2019-12-23 | CVE-2019-11045 | PHP Fedoraproject Debian Opensuse Canonical Tenable | Injection vulnerability in multiple products In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. | 5.9 |
2019-12-28 | CVE-2019-20054 | Linux Netapp | NULL Pointer Dereference vulnerability in multiple products In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. | 5.5 |
2019-12-27 | CVE-2019-20053 | UPX Project Opensuse | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. | 5.5 |
2019-12-27 | CVE-2019-20051 | UPX Project Fedoraproject | Incorrect Calculation vulnerability in multiple products A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. | 5.5 |
2019-12-27 | CVE-2019-20021 | UPX Project Fedoraproject | Out-of-bounds Read vulnerability in multiple products A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. | 5.5 |
2019-12-26 | CVE-2011-1474 | Linux | Infinite Loop vulnerability in Linux Kernel 2.6.32.33/2.6.37.4/2.6.38 A locally locally exploitable DOS vulnerability was found in pax-linux versions 2.6.32.33-test79.patch, 2.6.38-test3.patch, and 2.6.37.4-test14.patch. | 5.5 |
2019-12-23 | CVE-2019-19151 | F5 | Improper Privilege Management vulnerability in F5 products On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. | 5.5 |
2019-12-23 | CVE-2019-5267 | Huawei | Unspecified vulnerability in Huawei Oceanstor Sns3096 Firmware V100R002C01 Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vulnerability. | 5.5 |
2019-12-23 | CVE-2019-18391 | Virglrenderer Project Redhat Opensuse Debian | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands. | 5.5 |
2019-12-23 | CVE-2019-18388 | Virglrenderer Project Opensuse Debian | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands. | 5.5 |
2019-12-26 | CVE-2019-20008 | Archerysec | Cross-site Scripting vulnerability in Archerysec Archery 1.0/1.1/1.2 In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page. | 5.4 |
2019-12-26 | CVE-2019-19389 | Jetbrains | Injection vulnerability in Jetbrains Ktor JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting. | 5.4 |
2019-12-26 | CVE-2013-4318 | Feature Project | Injection vulnerability in Feature Project Feature 0.3.0 File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory. | 5.4 |
2019-12-26 | CVE-2019-16781 | Wordpress Debian | Cross-site Scripting vulnerability in multiple products In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. | 5.4 |
2019-12-26 | CVE-2019-16780 | Wordpress Debian | Cross-site Scripting vulnerability in multiple products WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. | 5.4 |
2019-12-26 | CVE-2019-19542 | Cridio | Cross-site Scripting vulnerability in Cridio Listingpro The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page. | 5.4 |
2019-12-26 | CVE-2019-19541 | Cridio | Cross-site Scripting vulnerability in Cridio Listingpro The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page. | 5.4 |
2019-12-26 | CVE-2019-19981 | Icegram | Cross-Site Request Forgery (CSRF) vulnerability in Icegram Email Subscribers & Newsletters The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings. | 5.4 |
2019-12-27 | CVE-2013-4868 | Karotz | Information Exposure vulnerability in Karotz API 12.07.19.00 Karotz API 12.07.19.00: Session Token Information Disclosure | 5.3 |
2019-12-26 | CVE-2018-20492 | Gitlab | Incorrect Authorization vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. | 5.3 |
2019-12-26 | CVE-2019-6017 | Remise | Unspecified vulnerability in Remise Payment Module REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier allow remote attackers to [Disclosed_Information_type] via unspecified vectors. | 5.3 |
2019-12-26 | CVE-2019-19985 | Icegram | Missing Authorization vulnerability in Icegram Email Subscribers & Newsletters The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure. | 5.3 |
2019-12-26 | CVE-2019-19982 | Icegram | Improper Authentication vulnerability in Icegram Email Subscribers & Newsletters The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unauthenticated option creation. | 5.3 |
2019-12-25 | CVE-2019-19963 | Wolfssl | Unspecified vulnerability in Wolfssl An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. | 5.3 |
2019-12-25 | CVE-2019-19960 | Wolfssl | Unspecified vulnerability in Wolfssl In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks. | 5.3 |
2019-12-24 | CVE-2019-19924 | Sqlite Siemens Apache Oracle Netapp | Improper Handling of Exceptional Conditions vulnerability in multiple products SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. | 5.3 |
2019-12-23 | CVE-2019-3429 | ZTE | Information Exposure Through Log Files vulnerability in ZTE Zxcloud Goldendata VAP Zxivsvapportalxzgav4.01.01.02 All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. | 5.3 |
2019-12-23 | CVE-2019-6686 | F5 | Unspecified vulnerability in F5 Big-Ip Local Traffic Manager On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, the Traffic Management Microkernel (TMM) might stop responding after the total number of diameter connections and pending messages on a single virtual server has reached 32K. | 5.3 |
2019-12-23 | CVE-2019-6678 | F5 | Unspecified vulnerability in F5 products On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, the TMM process may restart when the packet filter feature is enabled. | 5.3 |
2019-12-23 | CVE-2019-11046 | PHP Debian Fedoraproject Opensuse Canonical Tenable | Out-of-bounds Read vulnerability in multiple products In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. | 5.3 |
2019-12-26 | CVE-2019-5272 | Huawei | Improper Validation of Integrity Check Value vulnerability in Huawei Usg9500 Firmware V500R001C30/V500R001C60 USG9500 with versions of V500R001C30;V500R001C60 have a missing integrity checking vulnerability. | 4.9 |
2019-12-23 | CVE-2019-3430 | ZTE | Unspecified vulnerability in ZTE Zxcloud Goldendata VAP Zxivsvapportalxzgav4.01.01.02 All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability. | 4.9 |
2019-12-23 | CVE-2019-19150 | F5 | Information Exposure Through Log Files vulnerability in F5 Big-Ip Access Policy Manager On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled. | 4.9 |
2019-12-27 | CVE-2016-1000029 | Tenable | Cross-site Scripting vulnerability in Tenable Nessus Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269). | 4.8 |
2019-12-27 | CVE-2016-1000028 | Tenable | Cross-site Scripting vulnerability in Tenable Nessus Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. | 4.8 |
2019-12-25 | CVE-2019-19965 | Linux Debian Canonical Netapp Opensuse | NULL Pointer Dereference vulnerability in multiple products In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. | 4.7 |
2019-12-27 | CVE-2013-4763 | Samsung | Incorrect Default Permissions vulnerability in Samsung Galaxy S3 Firmware and Galaxy S4 Firmware Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission. | 4.6 |
2019-12-25 | CVE-2019-19966 | Linux Debian Opensuse Netapp | Use After Free vulnerability in multiple products In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655. | 4.6 |
2019-12-24 | CVE-2017-16778 | Fermax | Incorrect Authorization vulnerability in Fermax Outdoor Panel Firmware An access control weakness in the DTMF tone receiver of Fermax Outdoor Panel allows physical attackers to inject a Dual-Tone-Multi-Frequency (DTMF) tone to invoke an access grant that would allow physical access to a restricted floor/level. | 4.6 |
2019-12-24 | CVE-2019-19947 | Linux Debian Canonical Netapp | Use of Uninitialized Resource vulnerability in multiple products In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. | 4.6 |
2019-12-26 | CVE-2012-2736 | Gnome Debian Canonical Opensuse | Missing Authentication for Critical Function vulnerability in multiple products In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network. | 4.4 |
2019-12-27 | CVE-2013-4764 | Samsung | Incorrect Default Permissions vulnerability in Samsung Galaxy S3 Firmware and Galaxy S4 Firmware Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission. | 4.3 |
2019-12-27 | CVE-2019-20043 | Wordpress Debian | Improper Privilege Management vulnerability in multiple products In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. | 4.3 |
2019-12-26 | CVE-2019-6023 | Cybozu | Unspecified vulnerability in Cybozu Office Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'. | 4.3 |
2019-12-26 | CVE-2019-19983 | Fastvelocity | Information Exposure vulnerability in Fastvelocity Minify In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. | 4.3 |
2019-12-26 | CVE-2019-19980 | Icegram | Unspecified vulnerability in Icegram Email Subscribers & Newsletters The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the administrative dashboard on behalf of an administrator. | 4.3 |
2019-12-23 | CVE-2019-6688 | F5 | Unspecified vulnerability in F5 products On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5 and BIG-IQ versions 6.0.0-6.1.0 and 5.2.0-5.4.0, a user is able to obtain the secret that was being used to encrypt a BIG-IP UCS backup file while sending SNMP query to the BIG-IP or BIG-IQ system, however the user can not access to the UCS files. | 4.3 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2019-12-29 | CVE-2019-20057 | Proxyman | Insufficient Verification of Data Authenticity vulnerability in Proxyman com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman for macOS 1.11.0 and earlier allows an attacker to change the System Proxy and redirect all traffic to an attacker-controlled computer, enabling MITM attacks. | 3.7 |
2019-12-23 | CVE-2019-6679 | F5 | Link Following vulnerability in F5 products On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. | 3.3 |