Weekly Vulnerabilities Reports > December 23 to 29, 2019

Overview

225 new vulnerabilities reported during this period, including 33 critical vulnerabilities and 76 high severity vulnerabilities. This weekly summary report vulnerabilities in 213 products from 126 vendors including Debian, Opensuse, F5, Canonical, and Fedoraproject. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Out-of-bounds Read", "Improper Authentication", and "Cross-Site Request Forgery (CSRF)".

  • 187 reported vulnerabilities are remotely exploitables.
  • 22 reported vulnerabilities have public exploit available.
  • 60 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 171 reported vulnerabilities are exploitable by an anonymous user.
  • Debian has the most reported vulnerabilities, with 32 reported vulnerabilities.
  • Debian has the most reported critical vulnerabilities, with 7 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

33 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-12-24 CVE-2019-10758 Mongo Express Project Unspecified vulnerability in Mongo-Express Project Mongo-Express

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method.

9.9
2019-12-27 CVE-2014-5289 Senkas Kolibri Project Improper Input Validation vulnerability in Senkas Kolibri Project Senkas Kolibri 2.0

Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request.

9.8
2019-12-27 CVE-2019-20049 AL Enterprise Unspecified vulnerability in Al-Enterprise Omnivista 4760

An issue was discovered on Alcatel-Lucent OmniVista 4760 devices.

9.8
2019-12-27 CVE-2013-5027 O DYN Improper Privilege Management vulnerability in O-Dyn Collabtive 1.0

Collabtive 1.0 has incorrect access control

9.8
2019-12-27 CVE-2007-0158 Acme Out-of-bounds Write vulnerability in Acme Thttpd 2007

thttpd 2007 has buffer underflow.

9.8
2019-12-27 CVE-2013-4982 Avtech Improper Authentication vulnerability in Avtech Avn801 DVR Firmware 1017100310091003

AVTECH AVN801 DVR has a security bypass via the administration login captcha

9.8
2019-12-27 CVE-2013-4976 Hikvision Improper Authentication vulnerability in Hikvision Ds-2Cd7153-E Firmware

Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials

9.8
2019-12-27 CVE-2013-4743 Static Http Server Project Classic Buffer Overflow vulnerability in Static Http Server Project Static Http Server 1.0

Static HTTP Server 1.0 has a Local Overflow

9.8
2019-12-27 CVE-2013-4621 Magdevgroup Improper Authentication vulnerability in Magdevgroup Magnolia CMS

Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities

9.8
2019-12-27 CVE-2019-19781 Citrix Path Traversal vulnerability in Citrix products

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0.

9.8
2019-12-27 CVE-2019-20041 Wordpress
Debian
Improper Input Validation vulnerability in multiple products

wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring.

9.8
2019-12-26 CVE-2013-3088 Belkin Improper Authentication vulnerability in Belkin N900 Firmware 1.00.23

Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging".

9.8
2019-12-26 CVE-2013-3085 Belkin Improper Authentication vulnerability in Belkin F5D8236-4 Firmware

An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2.

9.8
2019-12-26 CVE-2019-19398 Huawei Improper Input Validation vulnerability in Huawei M5 Lite 10 Firmware 8.0.0.182(C00)

M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input validation vulnerability.

9.8
2019-12-26 CVE-2019-16327 Dlink Improper Authentication vulnerability in Dlink Dir-601 Firmware 2.00Na

D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass.

9.8
2019-12-26 CVE-2019-19977 Libesmtp Project Out-of-bounds Read vulnerability in Libesmtp Project Libesmtp 1.0.6

libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read.

9.8
2019-12-24 CVE-2019-19952 Imagemagick Use After Free vulnerability in Imagemagick

In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage.

9.8
2019-12-24 CVE-2019-19951 Graphicsmagick
Debian
Opensuse
Out-of-bounds Write vulnerability in multiple products

In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.

9.8
2019-12-24 CVE-2019-19950 Graphicsmagick
Debian
Opensuse
Use After Free vulnerability in multiple products

In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.

9.8
2019-12-24 CVE-2019-19948 Imagemagick
Debian
Opensuse
Canonical
Out-of-bounds Write vulnerability in multiple products

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.

9.8
2019-12-23 CVE-2019-12568 Open Tftp Server Project Out-of-bounds Write vulnerability in Open Tftp Server Project Open Tftp Server 1.64/1.66

Stack-based overflow vulnerability in the logMess function in Open TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12567.

9.8
2019-12-23 CVE-2019-12567 Open Tftp Server Project Out-of-bounds Write vulnerability in Open Tftp Server Project Open Tftp Server 1.64/1.65

Stack-based overflow vulnerability in the logMess function in Open TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12568.

9.8
2019-12-23 CVE-2018-10389 Open Tftp Server Project Use of Externally-Controlled Format String vulnerability in Open Tftp Server Project Open Tftp Server 1.64/1.65

Format string vulnerability in the logMess function in TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.

9.8
2019-12-23 CVE-2018-10388 Open Tftp Server Project Use of Externally-Controlled Format String vulnerability in Open Tftp Server Project Open Tftp Server 1.64/1.66

Format string vulnerability in the logMess function in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.

9.8
2019-12-23 CVE-2018-10387 Open Tftp Server Project Out-of-bounds Write vulnerability in Open Tftp Server Project Open Tftp Server 1.64/1.66

Heap-based overflow vulnerability in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or possibly execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2008-2161.

9.8
2019-12-23 CVE-2019-8293 Abcprintf Unrestricted Upload of File with Dangerous Type vulnerability in Abcprintf Upload-Image-With-Ajax 1.0

Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution.

9.8
2019-12-23 CVE-2019-7489 Sonicwall Unspecified vulnerability in Sonicwall Email Security Appliance 10.0.2/7.4.5/7.5

A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution.

9.8
2019-12-23 CVE-2019-7488 Sonicwall Weak Password Requirements vulnerability in Sonicwall Email Security Appliance 10.0.2/7.4.5/7.5

Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database.

9.8
2019-12-23 CVE-2019-3431 ZTE Insufficiently Protected Credentials vulnerability in ZTE Zxcloud Goldendata VAP Zxivsvapportalxzgav4.01.01.02

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability.

9.8
2019-12-23 CVE-2019-18234 Equinoxce SQL Injection vulnerability in Equinoxce Control Expert

Equinox Control Expert all versions, is vulnerable to an SQL injection attack, which may allow an attacker to remotely execute arbitrary code.

9.8
2019-12-23 CVE-2019-11049 PHP
Fedoraproject
Debian
Tenable
Double Free vulnerability in multiple products

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations.

9.8
2019-12-24 CVE-2019-19953 Graphicsmagick
Debian
Opensuse
Out-of-bounds Read vulnerability in multiple products

In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.

9.1
2019-12-24 CVE-2019-19949 Imagemagick
Debian
Opensuse
Canonical
Out-of-bounds Read vulnerability in multiple products

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.

9.1

76 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-12-29 CVE-2019-20063 Symonics Improper Initialization vulnerability in Symonics Libmysofa

hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json.

8.8
2019-12-27 CVE-2014-3136 Dlink Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dwr-113 Firmware 2.02

Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev.

8.8
2019-12-27 CVE-2013-4975 Hikvision Improper Privilege Management vulnerability in Hikvision Ds-2Cd7153-E Firmware 4.1.0B130111

Hikvision DS-2CD7153-E IP Camera has Privilege Escalation

8.8
2019-12-27 CVE-2013-4796 Reviewboard Unrestricted Upload of File with Dangerous Type vulnerability in Reviewboard 1.6.17

ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request

8.8
2019-12-27 CVE-2019-20014 GNU
Opensuse
Double Free vulnerability in multiple products

An issue was discovered in GNU LibreDWG before 0.93.

8.8
2019-12-27 CVE-2019-20011 GNU
Opensuse
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in GNU LibreDWG 0.92.

8.8
2019-12-27 CVE-2019-20010 GNU
Opensuse
Use After Free vulnerability in multiple products

An issue was discovered in GNU LibreDWG 0.92.

8.8
2019-12-26 CVE-2013-2011 Automattic Improper Encoding or Escaping of Output vulnerability in Automattic W3 Super Cache

WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code.

8.8
2019-12-26 CVE-2012-3462 Fedoraproject Improper Authentication vulnerability in Fedoraproject Sssd 1.9.0

A flaw was found in SSSD version 1.9.0.

8.8
2019-12-26 CVE-2019-19995 Intelbras Cross-Site Request Forgery (CSRF) vulnerability in Intelbras IWR 3000N Firmware 1.8.7

A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user.

8.8
2019-12-26 CVE-2019-16326 Dlink Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-601 Firmware 2.00Na

D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented.

8.8
2019-12-26 CVE-2019-6030 Custom Body Class Project Cross-Site Request Forgery (CSRF) vulnerability in Custom Body Class Project Custom Body Class

Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

8.8
2019-12-26 CVE-2019-6027 Wpspellcheck Cross-Site Request Forgery (CSRF) vulnerability in Wpspellcheck

Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1.9 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

8.8
2019-12-26 CVE-2019-6014 Dlink OS Command Injection vulnerability in Dlink Dba-1510P Firmware 1.70B005/1.70B009

DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface.

8.8
2019-12-26 CVE-2019-19681 Artica Incorrect Authorization vulnerability in Artica Pandora FMS 7.0

Pandora FMS 7.x suffers from remote code execution vulnerability.

8.8
2019-12-26 CVE-2019-19979 WP Maintenance Project Cross-site Scripting vulnerability in WP Maintenance Project WP Maintenance

A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors.

8.8
2019-12-23 CVE-2019-18211 Orckestra Deserialization of Untrusted Data vulnerability in Orckestra C1 CMS

An issue was discovered in Orckestra C1 CMS through 6.6.

8.8
2019-12-23 CVE-2019-5276 Huawei Classic Buffer Overflow vulnerability in Huawei Elle-Al00B Firmware

Huawei smart phones with earlier versions than ELLE-AL00B 9.1.0.222(C00E220R2P1) have a buffer overflow vulnerability.

8.8
2019-12-23 CVE-2019-19931 MZ Automation Out-of-bounds Write vulnerability in Mz-Automation Libiec61850 1.4.0

In libIEC61850 1.4.0, MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c has a heap-based buffer overflow.

8.8
2019-12-26 CVE-2019-16789 Agendaless
Oracle
Debian
Fedoraproject
Redhat
HTTP Request Smuggling vulnerability in multiple products

In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling.

8.2
2019-12-27 CVE-2013-4859 Insteon Incorrect Default Permissions vulnerability in Insteon HUB Firmware 2242222

INSTEON Hub 2242-222 lacks Web and API authentication

8.1
2019-12-27 CVE-2012-4980 Toshiba Out-of-bounds Write vulnerability in Toshiba Configfree Utility 8.0.38

Multiple stack-based buffer overflows in CFProfile.exe in Toshiba ConfigFree Utility 8.0.38 allow user-assisted attackers to execute arbitrary code.

7.8
2019-12-27 CVE-2019-16896 K7Computing Link Following vulnerability in K7Computing K7 Ultimate Security 16.0.0117

In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the backup module) improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality.

7.8
2019-12-27 CVE-2013-4695 Winamp Release of Invalid Pointer or Reference vulnerability in Winamp 5.63

Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution

7.8
2019-12-26 CVE-2019-6026 Motex Unspecified vulnerability in Motex products

Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope Cat server monitoring agent (SA, SAE) prior to Ver.9.2.2.0, LanScope An prior to Ver 2.7.7.0 (LanScope An 2 series), and LanScope An prior to Ver 3.0.8.1 (LanScope An 3 series)) allow authenticated attackers to obtain unauthorized privileges and execute arbitrary code.

7.8
2019-12-26 CVE-2019-6019 IPA Untrusted Search Path vulnerability in IPA Stamp Workbench

Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

7.8
2019-12-26 CVE-2019-6008 Yokogawa Unquoted Search Path or Element vulnerability in Yokogawa products

An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.

7.8
2019-12-24 CVE-2019-5702 Nvidia Unspecified vulnerability in Nvidia Geforce Experience

NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.

7.8
2019-12-23 CVE-2019-5539 Vmware Uncontrolled Search Path Element vulnerability in VMWare Horizon View Agent and Workstation

VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint.

7.8
2019-12-23 CVE-2019-18236 WE CON Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in We-Con PLC Editor 1.3.5

Multiple buffer overflow vulnerabilities exist when the PLC Editor Version 1.3.5_20190129 processes project files.

7.8
2019-12-23 CVE-2019-3467 Debian
Skolelinux
Canonical
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products

Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals.

7.8
2019-12-23 CVE-2019-6685 F5 Improper Privilege Management vulnerability in F5 products

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution.

7.8
2019-12-23 CVE-2019-18389 Virglrenderer Project
Redhat
Opensuse
Debian
Out-of-bounds Write vulnerability in multiple products

A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.

7.8
2019-12-23 CVE-2019-19929 Malwarebytes Untrusted Search Path vulnerability in Malwarebytes Adwcleaner

An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded by the product.

7.8
2019-12-27 CVE-2019-20047 AL Enterprise Insufficiently Protected Credentials vulnerability in Al-Enterprise Omnivista 4760 and Omnivista 8770

An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2.

7.5
2019-12-27 CVE-2013-4985 Vivotek Incorrect Authorization vulnerability in Vivotek Ip7160 Firmware, Ip7361 Firmware and Ip8332 Firmware

Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream

7.5
2019-12-26 CVE-2019-20006 Ezxml Project Use After Free vulnerability in Ezxml Project Ezxml

An issue was discovered in ezXML 0.8.3 through 0.8.6.

7.5
2019-12-26 CVE-2015-5290 Ratbox Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ratbox Ircd-Ratbox 3.0.9

A Denial of Service vulnerability exists in ircd-ratbox 3.0.9 in the MONITOR Command Handler.

7.5
2019-12-26 CVE-2012-4420 Oracle Information Exposure vulnerability in Oracle JDK 7.0

An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation).

7.5
2019-12-26 CVE-2019-5275 Huawei Out-of-bounds Write vulnerability in Huawei Usg9500 Firmware V500R001C30/V500R001C60

USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability.

7.5
2019-12-26 CVE-2019-5274 Huawei Infinite Loop vulnerability in Huawei Usg9500 Firmware V500R001C30/V500R001C60

USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability.

7.5
2019-12-26 CVE-2019-5273 Huawei Classic Buffer Overflow vulnerability in Huawei Usg9500 Firmware V500R001C30/V500R001C60

USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability.

7.5
2019-12-26 CVE-2019-19996 Intelbras Unspecified vulnerability in Intelbras IWR 3000N Firmware 1.8.7

An issue was discovered on Intelbras IWR 3000N 1.8.7 devices.

7.5
2019-12-26 CVE-2019-19998 Xiuno XXE vulnerability in Xiuno Xiunobbs 4.0

Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php.

7.5
2019-12-25 CVE-2019-19967 UPC Cleartext Transmission of Sensitive Information vulnerability in UPC Connect BOX Eurodocsis Firmware Ch7465Lgncip6.12.18.252P6Nosh

The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/setter.xml URI.

7.5
2019-12-25 CVE-2019-19962 Wolfssl Improper Verification of Cryptographic Signature vulnerability in Wolfssl

wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography.

7.5
2019-12-24 CVE-2019-19925 Sqlite
Siemens
Oracle
Debian
Redhat
Suse
Opensuse
Netapp
Unrestricted Upload of File with Dangerous Type vulnerability in multiple products

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.

7.5
2019-12-24 CVE-2019-19956 Xmlsoft
Debian
Oracle
Fedoraproject
Canonical
Netapp
Siemens
Memory Leak vulnerability in multiple products

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

7.5
2019-12-24 CVE-2019-19923 Sqlite
Siemens
Oracle
Debian
Redhat
Suse
Opensuse
Netapp
NULL Pointer Dereference vulnerability in multiple products

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view.

7.5
2019-12-24 CVE-2019-19695 Trendmicro Link Following vulnerability in Trendmicro Antivirus 9.0/9.0.1379

A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it.

7.5
2019-12-23 CVE-2019-8463 Checkpoint Link Following vulnerability in Checkpoint Endpoint Security Clients E81.00

A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations.

7.5
2019-12-23 CVE-2019-6684 F5 Unspecified vulnerability in F5 products

On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, under certain conditions, a multi-bladed BIG-IP Virtual Clustered Multiprocessing (vCMP) may drop broadcast packets when they are rebroadcast to the vCMP guest secondary blades.

7.5
2019-12-23 CVE-2019-6683 F5 Resource Exhaustion vulnerability in F5 products

On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IP virtual servers with Loose Initiation enabled on a FastL4 profile may be subject to excessive flow usage under undisclosed conditions.

7.5
2019-12-23 CVE-2019-6681 F5 Memory Leak vulnerability in F5 Big-Ip Local Traffic Manager

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a memory leak in Multicast Forwarding Cache (MFC) handling in tmrouted.

7.5
2019-12-23 CVE-2019-6680 F5 Unspecified vulnerability in F5 products

On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5, while processing traffic through a standard virtual server that targets a FastL4 virtual server (VIP on VIP), hardware appliances may stop responding.

7.5
2019-12-23 CVE-2019-5266 Huawei Improper Input Validation vulnerability in Huawei P30 Firmware 9.1.0.193(C00E190R2P1)

Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an insufficient input validation vulnerability.

7.5
2019-12-23 CVE-2019-5265 Huawei Unspecified vulnerability in Huawei P30 Firmware 9.1.0.193(C00E190R2P1)

Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an improper access control vulnerability.

7.5
2019-12-23 CVE-2019-6682 F5 Resource Exhaustion vulnerability in F5 Big-Ip Application Security Manager

On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP ASM system may consume excessive resources when processing certain types of HTTP responses from the origin web server.

7.5
2019-12-23 CVE-2019-6677 F5 Unspecified vulnerability in F5 products

On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, under certain conditions when using custom TCP congestion control settings in a TCP profile, TMM stops processing traffic when processed by an iRule.

7.5
2019-12-23 CVE-2019-6676 F5 Unspecified vulnerability in F5 products

On versions 15.0.0-15.0.1, 14.0.0-14.1.2.2, and 13.1.0-13.1.3.1, TMM may restart on BIG-IP Virtual Edition (VE) when using virtio direct descriptors and packets 2 KB or larger.

7.5
2019-12-23 CVE-2019-17563 Apache
Debian
Opensuse
Canonical
Oracle
Session Fixation vulnerability in multiple products

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack.

7.5
2019-12-23 CVE-2019-11044 PHP
Tenable
Fedoraproject
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte.
7.5
2019-12-23 CVE-2019-19926 Sqlite
Siemens
Oracle
Debian
Redhat
Opensuse
Suse
Netapp
NULL Pointer Dereference vulnerability in multiple products

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls.

7.5
2019-12-26 CVE-2019-6032 NTV Improper Certificate Validation vulnerability in NTV News 24

The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

7.4
2019-12-23 CVE-2019-6687 F5 Improper Certificate Validation vulnerability in F5 Big-Ip Application Security Manager

On versions 15.0.0-15.0.1.1, the BIG-IP ASM Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints.

7.4
2019-12-24 CVE-2019-19954 Signal Uncontrolled Search Path Element vulnerability in Signal Signal-Desktop

Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.

7.3
2019-12-27 CVE-2019-20048 AL Enterprise Unrestricted Upload of File with Dangerous Type vulnerability in Al-Enterprise Omnivista 8770

An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2.

7.2
2019-12-26 CVE-2019-6012 TMS Outsource SQL Injection vulnerability in Tms-Outsource Wpdatatables Lite

SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

7.2
2019-12-26 CVE-2019-15695 Tigervnc
Opensuse
Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor.

7.2
2019-12-26 CVE-2019-15694 Tigervnc
Opensuse
Out-of-bounds Write vulnerability in multiple products

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect.

7.2
2019-12-26 CVE-2019-15693 Tigervnc Out-of-bounds Write vulnerability in Tigervnc

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient.

7.2
2019-12-26 CVE-2019-15692 Tigervnc
Opensuse
Out-of-bounds Write vulnerability in multiple products

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow.

7.2
2019-12-26 CVE-2019-15691 Tigervnc
Opensuse
Operation on a Resource after Expiration or Release vulnerability in multiple products

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder.

7.2
2019-12-26 CVE-2019-19999 Halo Server-Side Request Forgery (SSRF) vulnerability in Halo

Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.

7.2
2019-12-23 CVE-2019-18390 Virglrenderer Project
Redhat
Opensuse
Debian
Out-of-bounds Read vulnerability in multiple products

An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.

7.1
2019-12-23 CVE-2019-12418 Apache
Debian
Oracle
Canonical
Opensuse
Netapp
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface.
7.0

114 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-12-26 CVE-2019-6013 Dlink OS Command Injection vulnerability in Dlink Dba-1510P Firmware 1.70B005/1.70B009

DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI).

6.6
2019-12-29 CVE-2019-20056 Nothings Reachable Assertion vulnerability in Nothings STB Image.H 2.23

stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned.

6.5
2019-12-29 CVE-2019-20055 Liquidpixels Server-Side Request Forgery (SSRF) vulnerability in Liquidpixels Liquifire OS 4.8.0

LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substring followed by a URL in square brackets.

6.5
2019-12-27 CVE-2019-20052 Matio Project Memory Leak vulnerability in Matio Project Matio 1.5.17

A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case.

6.5
2019-12-27 CVE-2013-4665 Spbas Cross-Site Request Forgery (CSRF) vulnerability in Spbas Business Automation Software 2012

SPBAS Business Automation Software 2012 has CSRF.

6.5
2019-12-27 CVE-2019-20024 Libsixel Project Out-of-bounds Write vulnerability in Libsixel Project Libsixel

A heap-based buffer overflow was discovered in image_buffer_resize in fromsixel.c in libsixel before 1.8.4.

6.5
2019-12-27 CVE-2019-20023 Libsixel Project Memory Leak vulnerability in Libsixel Project Libsixel

A memory leak was discovered in image_buffer_resize in fromsixel.c in libsixel 1.8.4.

6.5
2019-12-27 CVE-2019-20022 Libsixel Project Operation on a Resource after Expiration or Release vulnerability in Libsixel Project Libsixel

An invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3.

6.5
2019-12-27 CVE-2019-20020 Matio Project Out-of-bounds Read vulnerability in Matio Project Matio 1.5.17

A stack-based buffer over-read was discovered in ReadNextStructField in mat5.c in matio 1.5.17.

6.5
2019-12-27 CVE-2019-20019 Matio Project Allocation of Resources Without Limits or Throttling vulnerability in Matio Project Matio 1.5.17

An attempted excessive memory allocation was discovered in Mat_VarRead5 in mat5.c in matio 1.5.17.

6.5
2019-12-27 CVE-2019-20018 Matio Project Out-of-bounds Read vulnerability in Matio Project Matio 1.5.17

A stack-based buffer over-read was discovered in ReadNextCell in mat5.c in matio 1.5.17.

6.5
2019-12-27 CVE-2019-20017 Matio Project Out-of-bounds Read vulnerability in Matio Project Matio 1.5.17

A stack-based buffer over-read was discovered in Mat_VarReadNextInfo5 in mat5.c in matio 1.5.17.

6.5
2019-12-27 CVE-2019-20016 Symonics Out-of-bounds Write vulnerability in Symonics Libmysofa

libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack consumption in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c.

6.5
2019-12-27 CVE-2019-20015 GNU
Opensuse
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

An issue was discovered in GNU LibreDWG 0.92.

6.5
2019-12-27 CVE-2019-20013 GNU
Opensuse
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

An issue was discovered in GNU LibreDWG before 0.93.

6.5
2019-12-27 CVE-2019-20012 GNU
Opensuse
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

An issue was discovered in GNU LibreDWG 0.92.

6.5
2019-12-27 CVE-2019-20009 GNU
Opensuse
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

An issue was discovered in GNU LibreDWG before 0.93.

6.5
2019-12-26 CVE-2019-20007 Ezxml Project NULL Pointer Dereference vulnerability in Ezxml Project Ezxml

An issue was discovered in ezXML 0.8.2 through 0.8.6.

6.5
2019-12-26 CVE-2019-20005 Ezxml Project Out-of-bounds Read vulnerability in Ezxml Project Ezxml

An issue was discovered in ezXML 0.8.3 through 0.8.6.

6.5
2019-12-26 CVE-2019-6024 Rakuten Insufficiently Protected Credentials vulnerability in Rakuten Rakuma

Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user's authentication information via a malicious application created by the third party.

6.5
2019-12-26 CVE-2019-6022 Cybozu Path Traversal vulnerability in Cybozu Office

Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function.

6.5
2019-12-24 CVE-2019-19958 MZ Automation Allocation of Resources Without Limits or Throttling vulnerability in Mz-Automation Libiec61850 1.4.0

In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service.

6.5
2019-12-24 CVE-2019-19957 MZ Automation Out-of-bounds Read vulnerability in Mz-Automation Libiec61850 1.4.0

In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_access_result.c has an out-of-bounds read vulnerability, related to bufPos and elementLength.

6.5
2019-12-23 CVE-2019-5108 Linux
Debian
Canonical
Netapp
Oracle
Improper Authentication vulnerability in multiple products

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3.

6.5
2019-12-23 CVE-2019-19944 MZ Automation Out-of-bounds Read vulnerability in Mz-Automation Libiec61850 1.4.0

In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c has an out-of-bounds read, related to intLen and bufPos.

6.5
2019-12-23 CVE-2019-19337 Redhat Unspecified vulnerability in Redhat Ceph Storage 3.3

A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests.

6.5
2019-12-23 CVE-2019-19930 MZ Automation Integer Overflow or Wraparound vulnerability in Mz-Automation Libiec61850 1.4.0

In libIEC61850 1.4.0, MmsValue_newOctetString in mms/iso_mms/common/mms_value.c has an integer signedness error that can lead to an attempted excessive memory allocation.

6.5
2019-12-23 CVE-2019-11050 PHP
Debian
Canonical
Fedoraproject
Opensuse
Tenable
Out-of-bounds Read vulnerability in multiple products

When PHP EXIF extension is parsing EXIF information from an image, e.g.

6.5
2019-12-23 CVE-2019-11047 PHP
Fedoraproject
Debian
Canonical
Out-of-bounds Read vulnerability in multiple products

When PHP EXIF extension is parsing EXIF information from an image, e.g.

6.5
2019-12-27 CVE-2013-4867 EA Improper Privilege Management vulnerability in EA Karotz Smart Rabbit Firmware 12.07.19.00

Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking

6.3
2019-12-26 CVE-2019-19984 Icegram Incorrect Authorization vulnerability in Icegram Email Subscribers & Newsletters

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns.

6.3
2019-12-29 CVE-2019-20058 Boltcms Cross-site Scripting vulnerability in Boltcms Bolt 3.7.0

Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page.

6.1
2019-12-27 CVE-2014-6420 Livefyre Cross-site Scripting vulnerability in Livefyre Livecomments 3.0

Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture.

6.1
2019-12-27 CVE-2014-4550 Visualshortcodes Cross-site Scripting vulnerability in Visualshortcodes Ninja 1.4

Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter.

6.1
2019-12-27 CVE-2014-4536 Katz Cross-site Scripting vulnerability in Katz Infusionsoft Gravity Forms

Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter.

6.1
2019-12-27 CVE-2014-4535 Import Legacy Media Project Cross-site Scripting vulnerability in Import Legacy Media Project Import Legacy Media 0.1

Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.

6.1
2019-12-27 CVE-2014-4567 Videowhisper Cross-site Scripting vulnerability in Videowhisper Video Comments Webcam Recorder 1.45/1.45.2/1.55

Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_logout.php in the Video Comments Webcam Recorder plugin 1.55, as downloaded before 20140116 for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter.

6.1
2019-12-27 CVE-2014-4558 Cybercompany Cross-site Scripting vulnerability in Cybercompany Swipehq-Payment-Gateway-Woocommerce

Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.

6.1
2019-12-27 CVE-2014-4548 Ruven Toolkit Project Cross-site Scripting vulnerability in Ruven-Toolkit Project Ruven-Toolkit 1.1

Cross-site scripting (XSS) vulnerability in tinymce/popup.php in the Ruven Toolkit plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the popup parameter.

6.1
2019-12-27 CVE-2014-4544 Podcast Channels Project Cross-site Scripting vulnerability in Podcast Channels Project Podcast Channels 0.1/0.20

Cross-site scripting (XSS) vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the Filename parameter to getid3/demos/demo.write.php.

6.1
2019-12-27 CVE-2014-4539 Movies Project Cross-site Scripting vulnerability in Movies Project Movies

Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.

6.1
2019-12-27 CVE-2014-4592 Czepol Cross-site Scripting vulnerability in Czepol Wp-Planet 0.1

Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.

6.1
2019-12-27 CVE-2014-4519 Conversador Project Cross-site Scripting vulnerability in Conversador Project Conversador 2.61

Cross-site scripting (XSS) vulnerability in the Conversador plugin 2.61 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the 'page' parameter.

6.1
2019-12-27 CVE-2013-4692 Xorbin Cross-site Scripting vulnerability in Xorbin Analog Flash Clock 1.0

Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS

6.1
2019-12-27 CVE-2013-4693 Xorbin Cross-site Scripting vulnerability in Xorbin Digital Flash Clock 1.0

WordPress Xorbin Digital Flash Clock 1.0 has XSS

6.1
2019-12-27 CVE-2013-4691 Sencha Cross-site Scripting vulnerability in Sencha Connect

Sencha Labs Connect has XSS with connect.methodOverride()

6.1
2019-12-27 CVE-2013-4664 Spbas Cross-site Scripting vulnerability in Spbas Business Automation Software 2012

SPBAS Business Automation Software 2012 has XSS.

6.1
2019-12-27 CVE-2014-4559 Cybercompay Cross-site Scripting vulnerability in Cybercompay Swipehq-Payment-Gateway-Wp-E-Commerce

Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php in the Swipe Checkout for WP e-Commerce plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) api_key, (2) payment_page_url, (3) merchant_id, (4) api_url, or (5) currency parameter.

6.1
2019-12-27 CVE-2014-4525 Winwar Cross-site Scripting vulnerability in Winwar WP Ebay Product Feeds

Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in the Ebay Feeds for WordPress plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter.

6.1
2019-12-27 CVE-2014-4523 Easy Career Openings Project Cross-site Scripting vulnerability in Easy Career Openings Project Easy Career Openings 0.4

Cross-site scripting (XSS) vulnerability in the Easy Career Openings plugin 0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

6.1
2019-12-27 CVE-2019-20042 Wordpress
Debian
Cross-site Scripting vulnerability in multiple products

In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability.

6.1
2019-12-26 CVE-2019-6035 Yahoo Open Redirect vulnerability in Yahoo Athenz

Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.

6.1
2019-12-26 CVE-2019-6034 Appleple Injection vulnerability in Appleple A-Blog CMS

a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors.

6.1
2019-12-26 CVE-2019-6033 Appleple Cross-site Scripting vulnerability in Appleple A-Blog CMS

Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1
2019-12-26 CVE-2019-6031 Dayz Cross-site Scripting vulnerability in Dayz Kinza

Cross-site scripting vulnerability in KINZA for Windows version 5.9.2 and earlier and for Mac version 5.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via RSS reader.

6.1
2019-12-26 CVE-2019-6029 Custom Body Class Project Cross-site Scripting vulnerability in Custom Body Class Project Custom Body Class

Cross-site scripting vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1
2019-12-26 CVE-2019-6025 Sixapart Open Redirect vulnerability in Sixapart Movable Type

Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.

6.1
2019-12-26 CVE-2019-6021 Ricoh Open Redirect vulnerability in Ricoh Limedio

Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.

6.1
2019-12-26 CVE-2019-6020 Alfasado Open Redirect vulnerability in Alfasado Powercms

Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x), 4.42 and earlier (PowerCMS 4.x), and 3.293 and earlier (PowerCMS 3.x) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.

6.1
2019-12-26 CVE-2019-6018 Netcommons Cross-site Scripting vulnerability in Netcommons

Cross-site scripting vulnerability in NetCommons 3.2.2 and earlier (NetCommons3.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1
2019-12-26 CVE-2019-6016 Remise Cross-site Scripting vulnerability in Remise Payment Module

Cross-site scripting vulnerability in REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1
2019-12-26 CVE-2019-6011 TMS Outsource Cross-site Scripting vulnerability in Tms-Outsource Wpdatatables Lite

Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1
2019-12-26 CVE-2019-19540 Cridio Cross-site Scripting vulnerability in Cridio Listingpro

The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage.

6.1
2019-12-26 CVE-2018-18288 Crushftp Open Redirect vulnerability in Crushftp

CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redirection.

6.1
2019-12-24 CVE-2019-18249 Reliablecontrols Cross-site Scripting vulnerability in Reliablecontrols Mach-Prowebcom Firmware and Mach-Prowebsys Firmware

Reliable Controls MACH-ProWebCom/Sys, all versions prior to 2.15 (Firmware versions prior to 8.26.4), may allow attacker to execute commands on behalf of the user when an authenticated user clicks on a malicious link.

6.1
2019-12-26 CVE-2019-20000 Bullguard Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Bullguard Premium Protection 20.0.371.8

The malware scan function in BullGuard Premium Protection 20.0.371.8 has a TOCTOU issue that enables a symbolic link attack, allowing privileged files to be deleted.

5.9
2019-12-23 CVE-2019-6147 Forcepoint Incorrect Type Conversion or Cast vulnerability in Forcepoint Next Generation Firewall Security Management Center

Forcepoint NGFW Security Management Center (SMC) versions lower than 6.5.12 or 6.7.1 have a rare issue that in specific circumstances can corrupt the internal configuration database.

5.9
2019-12-23 CVE-2019-11045 PHP
Fedoraproject
Debian
Opensuse
Canonical
Tenable
Injection vulnerability in multiple products

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte.

5.9
2019-12-28 CVE-2019-20054 Linux
Netapp
NULL Pointer Dereference vulnerability in multiple products

In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.

5.5
2019-12-27 CVE-2019-20053 UPX Project
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.

5.5
2019-12-27 CVE-2019-20051 UPX Project
Fedoraproject
Incorrect Calculation vulnerability in multiple products

A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95.

5.5
2019-12-27 CVE-2019-20021 UPX Project
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.

5.5
2019-12-26 CVE-2011-1474 Linux Infinite Loop vulnerability in Linux Kernel 2.6.32.33/2.6.37.4/2.6.38

A locally locally exploitable DOS vulnerability was found in pax-linux versions 2.6.32.33-test79.patch, 2.6.38-test3.patch, and 2.6.37.4-test14.patch.

5.5
2019-12-23 CVE-2019-19151 F5 Improper Privilege Management vulnerability in F5 products

On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions.

5.5
2019-12-23 CVE-2019-5267 Huawei Unspecified vulnerability in Huawei Oceanstor Sns3096 Firmware V100R002C01

Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vulnerability.

5.5
2019-12-23 CVE-2019-18391 Virglrenderer Project
Redhat
Opensuse
Debian
Out-of-bounds Write vulnerability in multiple products

A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.

5.5
2019-12-23 CVE-2019-18388 Virglrenderer Project
Opensuse
Debian
NULL Pointer Dereference vulnerability in multiple products

A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands.

5.5
2019-12-26 CVE-2019-20008 Archerysec Cross-site Scripting vulnerability in Archerysec Archery 1.0/1.1/1.2

In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page.

5.4
2019-12-26 CVE-2019-19389 Jetbrains Injection vulnerability in Jetbrains Ktor

JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.

5.4
2019-12-26 CVE-2013-4318 Feature Project Injection vulnerability in Feature Project Feature 0.3.0

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory.

5.4
2019-12-26 CVE-2019-16781 Wordpress
Debian
Cross-site Scripting vulnerability in multiple products

In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard.

5.4
2019-12-26 CVE-2019-16780 Wordpress
Debian
Cross-site Scripting vulnerability in multiple products

WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard.

5.4
2019-12-26 CVE-2019-19542 Cridio Cross-site Scripting vulnerability in Cridio Listingpro

The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page.

5.4
2019-12-26 CVE-2019-19541 Cridio Cross-site Scripting vulnerability in Cridio Listingpro

The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page.

5.4
2019-12-26 CVE-2019-19981 Icegram Cross-Site Request Forgery (CSRF) vulnerability in Icegram Email Subscribers & Newsletters

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings.

5.4
2019-12-27 CVE-2013-4868 Karotz Information Exposure vulnerability in Karotz API 12.07.19.00

Karotz API 12.07.19.00: Session Token Information Disclosure

5.3
2019-12-26 CVE-2018-20492 Gitlab Incorrect Authorization vulnerability in Gitlab

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1.

5.3
2019-12-26 CVE-2019-6017 Remise Unspecified vulnerability in Remise Payment Module

REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier allow remote attackers to [Disclosed_Information_type] via unspecified vectors.

5.3
2019-12-26 CVE-2019-19985 Icegram Missing Authorization vulnerability in Icegram Email Subscribers & Newsletters

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.

5.3
2019-12-26 CVE-2019-19982 Icegram Improper Authentication vulnerability in Icegram Email Subscribers & Newsletters

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unauthenticated option creation.

5.3
2019-12-25 CVE-2019-19963 Wolfssl Unspecified vulnerability in Wolfssl

An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled.

5.3
2019-12-25 CVE-2019-19960 Wolfssl Unspecified vulnerability in Wolfssl

In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks.

5.3
2019-12-24 CVE-2019-19924 Sqlite
Siemens
Apache
Oracle
Netapp
Improper Handling of Exceptional Conditions vulnerability in multiple products

SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c.

5.3
2019-12-23 CVE-2019-3429 ZTE Information Exposure Through Log Files vulnerability in ZTE Zxcloud Goldendata VAP Zxivsvapportalxzgav4.01.01.02

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability.

5.3
2019-12-23 CVE-2019-6686 F5 Unspecified vulnerability in F5 Big-Ip Local Traffic Manager

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, the Traffic Management Microkernel (TMM) might stop responding after the total number of diameter connections and pending messages on a single virtual server has reached 32K.

5.3
2019-12-23 CVE-2019-6678 F5 Unspecified vulnerability in F5 products

On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, the TMM process may restart when the packet filter feature is enabled.

5.3
2019-12-23 CVE-2019-11046 PHP
Debian
Fedoraproject
Opensuse
Canonical
Tenable
Out-of-bounds Read vulnerability in multiple products

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers.

5.3
2019-12-26 CVE-2019-5272 Huawei Improper Validation of Integrity Check Value vulnerability in Huawei Usg9500 Firmware V500R001C30/V500R001C60

USG9500 with versions of V500R001C30;V500R001C60 have a missing integrity checking vulnerability.

4.9
2019-12-23 CVE-2019-3430 ZTE Unspecified vulnerability in ZTE Zxcloud Goldendata VAP Zxivsvapportalxzgav4.01.01.02

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability.

4.9
2019-12-23 CVE-2019-19150 F5 Information Exposure Through Log Files vulnerability in F5 Big-Ip Access Policy Manager

On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled.

4.9
2019-12-27 CVE-2016-1000029 Tenable Cross-site Scripting vulnerability in Tenable Nessus

Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269).

4.8
2019-12-27 CVE-2016-1000028 Tenable Cross-site Scripting vulnerability in Tenable Nessus

Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins.

4.8
2019-12-25 CVE-2019-19965 Linux
Debian
Canonical
Netapp
Opensuse
NULL Pointer Dereference vulnerability in multiple products

In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.

4.7
2019-12-27 CVE-2013-4763 Samsung Incorrect Default Permissions vulnerability in Samsung Galaxy S3 Firmware and Galaxy S4 Firmware

Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission.

4.6
2019-12-25 CVE-2019-19966 Linux
Debian
Opensuse
Netapp
Use After Free vulnerability in multiple products

In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.

4.6
2019-12-24 CVE-2017-16778 Fermax Incorrect Authorization vulnerability in Fermax Outdoor Panel Firmware

An access control weakness in the DTMF tone receiver of Fermax Outdoor Panel allows physical attackers to inject a Dual-Tone-Multi-Frequency (DTMF) tone to invoke an access grant that would allow physical access to a restricted floor/level.

4.6
2019-12-24 CVE-2019-19947 Linux
Debian
Canonical
Netapp
Use of Uninitialized Resource vulnerability in multiple products

In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.

4.6
2019-12-26 CVE-2012-2736 Gnome
Debian
Canonical
Opensuse
Missing Authentication for Critical Function vulnerability in multiple products

In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.

4.4
2019-12-27 CVE-2013-4764 Samsung Incorrect Default Permissions vulnerability in Samsung Galaxy S3 Firmware and Galaxy S4 Firmware

Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission.

4.3
2019-12-27 CVE-2019-20043 Wordpress
Debian
Improper Privilege Management vulnerability in multiple products

In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API.

4.3
2019-12-26 CVE-2019-6023 Cybozu Unspecified vulnerability in Cybozu Office

Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'.

4.3
2019-12-26 CVE-2019-19983 Fastvelocity Information Exposure vulnerability in Fastvelocity Minify

In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered.

4.3
2019-12-26 CVE-2019-19980 Icegram Unspecified vulnerability in Icegram Email Subscribers & Newsletters

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the administrative dashboard on behalf of an administrator.

4.3
2019-12-23 CVE-2019-6688 F5 Unspecified vulnerability in F5 products

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5 and BIG-IQ versions 6.0.0-6.1.0 and 5.2.0-5.4.0, a user is able to obtain the secret that was being used to encrypt a BIG-IP UCS backup file while sending SNMP query to the BIG-IP or BIG-IQ system, however the user can not access to the UCS files.

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2019-12-29 CVE-2019-20057 Proxyman Insufficient Verification of Data Authenticity vulnerability in Proxyman

com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman for macOS 1.11.0 and earlier allows an attacker to change the System Proxy and redirect all traffic to an attacker-controlled computer, enabling MITM attacks.

3.7
2019-12-23 CVE-2019-6679 F5 Link Following vulnerability in F5 products

On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks.

3.3