Cyber Monday: Tips for Safeguarding Personal Information

December 2, 2019, 7:43 am

≫ Next: CISA Releases Draft of Binding Operational Directive on Developing a Vulnerability Disclosure Policy

≪ Previous: Vulnerability Summary for the Week of November 25, 2019

Original release date: December 2, 2019

Cyber Monday draw millions of shoppers online for deals and savings, but this day also provides opportunities for an attacker to steal personal information. The Cybersecurity and Infrastructure Security Agency (CISA) reminds users to remain vigilant when browsing or shopping online.

CISA encourages Cyber Monday shoppers to review the following online shopping safety tips:

Do business with reputable vendors. Before providing any information, make sure that you are interacting with a reputable, established vendor. Some attackers may try to trick you by creating malicious websites that appear to be legitimate, so you should verify the legitimacy before supplying any information. (See Avoiding Social Engineering and Phishing Attacks.)
Use caution with email links and attachments. Take appropriate precautions when using email and web browsers to reduce the risk of an infection. Be wary of unsolicited email attachments and avoid clicking on email links, even if they seem to come from people or businesses you know. (See Using Caution with Email Attachments.)
Pay using a credit card. There are laws to limit your liability for fraudulent credit card charges, but debit cards may not have the same level of protection.
Ensure your information is encrypted. Check website URLs to ensure they begin with "https:" (instead of "http:") accompanied by a padlock icon to verify that the site is secure.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

CISA Releases Draft of Binding Operational Directive on Developing a Vulnerability Disclosure Policy

December 2, 2019, 8:02 am

≫ Next: Mozilla Releases Security Updates for Firefox and Firefox ESR

≪ Previous: Cyber Monday: Tips for Safeguarding Personal Information

Original release date: December 2, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) has released a draft of Binding Operational Directive (BOD) 20-01, Develop and Publish a Vulnerability Disclosure Policy. BOD 20-01 will require each federal agency to publish a vulnerability disclosure policy (VDP). CISA has posted the draft directive for public feedback. The deadline for submitting comments is 11:59 PM EST on December 27, 2019.

CISA encourages users and administrators to review the CISA blog post, Improving Vulnerability Disclosure Together, and draft BOD 20-01 for more information. CISA encourages feedback on draft BOD 20-01 from individuals with personal or institutional expertise in vulnerability disclosure and from organizations that have a VDP and manage coordinated vulnerability disclosures.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Mozilla Releases Security Updates for Firefox and Firefox ESR

December 4, 2019, 7:54 am

≫ Next: Dridex Malware

≪ Previous: CISA Releases Draft of Binding Operational Directive on Developing a Vulnerability Disclosure Policy

Original release date: December 4, 2019

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 71 and Firefox ESR 68.3.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Dridex Malware

December 5, 2019, 6:13 am

≫ Next: NCSC-NZ Releases Cyber Governance Resource for Leaders

≪ Previous: Mozilla Releases Security Updates for Firefox and Firefox ESR

Original release date: December 5, 2019

This Alert is the result of recent collaboration between the Department of the Treasury Financial Sector Cyber Information Group (CIG) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) to identify and share information with the financial services sector. Treasury and the Cybersecurity and Infrastructure Security Agency (CISA) are providing this report to inform the sector about the Dridex malware and variants. The report provides an overview of the malware, related activity, and a list of previously unreported indicators of compromise derived from information reported to FinCEN by private sector financial institutions. Because actors using Dridex malware and its derivatives continue to target the financial services sector, including financial institutions and customers, the techniques, tactics, and procedures contained in this report warrant renewed attention. Treasury and CISA encourage network security specialists to incorporate these indicators into existing Dridex-related network defense capabilities and planning. For information regarding the malicious cyber actors responsible for the development and distribution of the Dridex malware, see the Treasury press release, Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware and the FBI press release, Russian National Charged with Decade-Long Series of Hacking and Bank Fraud Offenses Resulting in Tens of Millions in Losses and Second Russian National Charged with Involvement in Deployment of “Bugat” Malware.

This Alert does not introduce a new regulatory interpretation, nor impose any new requirements on regulated entities. Except where noted, there is no indication that the actual owner of the email address was involved in the suspicious or malicious activity. If activity related to these indicators of compromise is detected, please notify appropriate law enforcement and the CIG.

For a downloadable copy of IOCs, see:

This product is provided subject to this Notification and this Privacy & Use policy.

↧

NCSC-NZ Releases Cyber Governance Resource for Leaders

December 5, 2019, 7:57 am

≫ Next: Microsoft Releases Security Advisory for Windows Hello for Business

≪ Previous: Dridex Malware

Original release date: December 5, 2019

The New Zealand National Cyber Security Centre (NCSC-NZ) has released an article on a new cybersecurity governance resource to support public and private sector leaders in making decisions about their cybersecurity resilience and risk. NCSC-NZ developed this governance—a series of documents with practical advice and simple steps—following a cybersecurity resilience assessment of New Zealand’s nationally significant organizations.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages senior leaders and security practitioners to review NCSC-NZ’s Charting Your Course: Cyber Security Governance and Cyber Security Resilience of New Zealand’s Nationally Significant Organisations 2017-2018 for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Microsoft Releases Security Advisory for Windows Hello for Business

December 5, 2019, 8:02 am

≫ Next: ACSC Releases Fundamentals of Cross Domain Solutions

≪ Previous: NCSC-NZ Releases Cyber Governance Resource for Leaders

Original release date: December 5, 2019

Microsoft has released a Security Advisory to address an issue in Windows Hello for Business (WHfB). An attacker could exploit this issue on devices that were affected by CVE-2017-15361, also known as Return of Coppersmith’s Attack (ROCA), to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft Security Advisories ADV190026 and ADV170012 and apply the recommended mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

ACSC Releases Fundamentals of Cross Domain Solutions

December 5, 2019, 8:06 am

≫ Next: VMware Releases Security Updates for ESXi and Horizon DaaS

≪ Previous: Microsoft Releases Security Advisory for Windows Hello for Business

Original release date: December 5, 2019

The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide outlining the fundamentals of cross domain solution (CDS) technologies. This guidance provides cross domain security principles to enable organizations to share information securely across separated networks.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages organizations with information sharing requirements to review ACSC’s Fundamentals of Cross Domain Solutions to learn how to plan, analyze, design, and implement CDS systems.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

VMware Releases Security Updates for ESXi and Horizon DaaS

December 6, 2019, 7:56 am

≫ Next: Vulnerability Summary for the Week of December 2, 2019

≪ Previous: ACSC Releases Fundamentals of Cross Domain Solutions

Original release date: December 6, 2019

VMware has released security updates to address a vulnerability in ESXi and Horizon DaaS. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2019-0022 and apply the necessary updates and workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Vulnerability Summary for the Week of December 2, 2019

December 9, 2019, 3:12 am

≫ Next: Samba Releases Security Updates

≪ Previous: VMware Releases Security Updates for ESXi and Horizon DaaS

Original release date: December 9, 2019

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
embedthis -- goahead	An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request that can be used to corrupt heap structures that could lead to full code execution. The request can be unauthenticated in the form of GET or POST requests, and does not require the requested resource to exist on the server.	2019-12-03	7.5	CVE-2019-5096 MISC
titanhq -- webtitan	An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access.	2019-12-02	7.2	CVE-2019-19014 MISC MISC
titanhq -- webtitan	An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy (without password authentication), an attacker is able to fully control the appliance database. Through this, several different paths exist to gain further access, or execute code.	2019-12-02	10	CVE-2019-19015 MISC MISC

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
accusoft -- imagegear	An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG header-parser of the Accusoft ImageGear 19.3.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the viction to trigger the vulnerability.	2019-12-03	6.8	CVE-2019-5076 MISC
accusoft -- imagegear	An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFdecodethunderscan function of Accusoft ImageGear 19.3.0 library. A specially crafted TIFF file can cause an out of bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.	2019-12-03	6.8	CVE-2019-5083 MISC
accusoft -- imagegear	An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll GEM Raster parser of the Accusoft ImageGear 19.3.0 library. A specially crafted GEM file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.	2019-12-03	6.8	CVE-2019-5132 MISC
accusoft -- imagegear	An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll BMP parser of the ImageGear 19.3.0 library. A specially crafted BMP file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.	2019-12-03	6.8	CVE-2019-5133 MISC
debian -- devscripts	An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.	2019-12-03	6.5	CVE-2013-7325 MISC MISC MISC
embedthis -- goahead	A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server.	2019-12-03	5	CVE-2019-5097 MISC
forma -- forma.lms	Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.	2019-12-03	6.5	CVE-2019-5109 MISC
forma -- forma.lms	Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.	2019-12-03	6.5	CVE-2019-5110 MISC
forma -- forma.lms	Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_cat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.	2019-12-03	6.5	CVE-2019-5111 MISC
forma -- forma.lms	Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_status was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.	2019-12-03	6.5	CVE-2019-5112 MISC
fusionpbx -- fusionpbx	A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter.	2019-11-29	4.3	CVE-2019-19388 MISC MISC
fusionpbx -- fusionpbx	A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter.	2019-11-29	4.3	CVE-2019-19384 MISC MISC
fusionpbx -- fusionpbx	A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter.	2019-11-29	4.3	CVE-2019-19385 MISC MISC
fusionpbx -- fusionpbx	A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter.	2019-11-29	4.3	CVE-2019-19387 MISC MISC
fusionpbx -- fusionpbx	A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter.	2019-11-29	4.3	CVE-2019-19386 MISC MISC
huawei -- multiple_home_routers	Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege.	2019-11-29	4.6	CVE-2019-5269 CONFIRM
huawei -- nova_5i_pro_and_nova_5_smartphones	Nova 5i pro and Nova 5 smartphones with versions earlier than 9.1.1.190(C00E190R6P2)and Versions earlier than 9.1.1.175(C00E170R3P2) have an improper validation of array index vulnerability. The system does not properly validate the input value before use it as an array index when processing certain image information. The attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution.	2019-11-29	4.4	CVE-2019-5210 CONFIRM
huawei -- p30_and_mate_20_and_p30_pro_smartphones	P30, Mate 20, P30 Pro smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), versions earlier than Hima-AL00B 9.1.0.135(C00E200R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12) have a buffer overflow vulnerability on several , the system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause malicious code execution.	2019-11-29	6.8	CVE-2019-5225 CONFIRM
libgwenhywfar -- libgwenhywfar	An issue exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates.	2019-12-03	5	CVE-2015-7542 MISC MISC MISC MISC MISC
linux -- linux_kernel	In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.	2019-11-29	6.8	CVE-2019-19378 MISC
linux -- linux_kernel	In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.	2019-11-29	6.8	CVE-2019-19377 MISC
piwigo -- piwigo	piwigo has XSS in password.php	2019-12-02	4.3	CVE-2012-4525 MISC MISC MISC MISC MISC
piwigo -- piwigo	piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)	2019-12-02	4.3	CVE-2012-4526 MISC MISC MISC MISC MISC
shadowsocks -- shadowsocks-libev	An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.	2019-12-03	4.3	CVE-2019-5163 MISC
shadowsocks -- shadowsocks-libev	An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability.	2019-12-03	4.6	CVE-2019-5164 MISC
testlink -- testlink	TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request.	2019-12-02	4.3	CVE-2019-19491 MISC
titanhq -- webtitan	An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database.	2019-12-02	5	CVE-2019-19016 MISC MISC
wireshark -- wireshark	In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection.	2019-12-05	5	CVE-2019-19553 MISC MISC MISC
wordpress -- wordpress	The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a csshero_action=edit_page request because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary JavaScript in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookies or launch other attacks.	2019-12-04	4.3	CVE-2019-19133 MISC MISC MISC
wso2 -- enterprise_integrator	In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor configuration from the source view in the Management Console.	2019-12-05	4.3	CVE-2019-19587 MISC
zanata -- zanata	Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging	2019-12-03	6.8	CVE-2013-4486 MISC MISC MISC

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
gitbook -- gitbook	GitBook through 2.6.9 allows XSS via a local .md file.	2019-12-05	3.5	CVE-2019-19596 MISC
gnupg -- libgcrypt_and_gnupg	Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.	2019-11-29	1.9	CVE-2014-3591 MISC MISC MISC MISC MISC
ibm -- cloud_pak_system	IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774.	2019-12-03	2.1	CVE-2019-4465 XF CONFIRM
qnap-- qts	A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. If exploited, this vulnerability may allow an attacker to inject and execute scripts on the administrator console. To fix this vulnerability, QNAP recommend updating QTS to the latest version.	2019-12-04	3.5	CVE-2019-7197 CONFIRM

Severity Not Yet Assigned

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
10-strike_software -- free_photo_viewer	Free Photo Viewer 1.3 allows remote attackers to execute arbitrary code via a crafted BMP and/or TIFF file that triggers a malformed SEH, as demonstrated by a 0012ECB4 FreePhot.00425642 42200008 corrupt entry.	2019-11-30	not yet calculated	CVE-2019-19468 MISC
allied_telesis -- at-gs950/8_devices	A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product.	2019-11-29	not yet calculated	CVE-2019-18922 MISC FULLDISC MISC
amd -- atidxx64.dll_driver	An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.	2019-12-05	not yet calculated	CVE-2019-5098 MISC
anhui_huami_information_technology -- mi_fit_application	The Anhui Huami Mi Fit application before 4.0.11 for Android has an Unencrypted Update Check.	2019-11-30	not yet calculated	CVE-2019-19463 MISC
apache -- olingo	The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks.	2019-12-04	not yet calculated	CVE-2019-17554 MLIST
apache -- olingo	The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0 reads the Retry-After header and passes it to the Thread.sleep() method without any check. If a malicious server returns a huge value in the header, then it can help to implement a DoS attack.	2019-12-04	not yet calculated	CVE-2019-17555 MLIST
apache -- olingo	Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running attacker's code in the worse case.	2019-12-04	not yet calculated	CVE-2019-17556 MLIST
armeria -- armeria	Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking.	2019-12-06	not yet calculated	CVE-2019-16771 MISC CONFIRM
autodesk -- desktop_application	DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system.	2019-12-03	not yet calculated	CVE-2019-7365 CONFIRM
autodesk -- fbx_software_development_kit	Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system.	2019-12-03	not yet calculated	CVE-2019-7366 CONFIRM
autodesk -- desktop_application	DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system.	2019-12-03	not yet calculated	CVE-2019-7365 CONFIRM
autodesk -- fbx_software_development_kit	Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system.	2019-12-03	not yet calculated	CVE-2019-7366 CONFIRM
aviatrix -- vpn_client	Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges through file modifications.	2019-12-05	not yet calculated	CVE-2019-17388 MISC MISC MISC
aviatrix -- vpn_client	An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client through 2.2.10 allows an attacker to gain elevated privileges through arbitrary code execution on Windows, Linux, and macOS.	2019-12-05	not yet calculated	CVE-2019-17387 MISC MISC MISC
axtls -- axtls	process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with zero certificates.	2019-12-03	not yet calculated	CVE-2019-9689 MISC MISC
cbc -- cbc_gem_application_for_android	The CBC Gem application before 9.24.1 for Android and before 9.26.0 for iOS has Unencrypted Analytics.	2019-11-30	not yet calculated	CVE-2019-19464 MISC
chkstat -- chkstat	The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges.	2019-12-05	not yet calculated	CVE-2019-3690 CONFIRM
chkstat -- chkstat	The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges.	2019-12-05	not yet calculated	CVE-2019-3690 CONFIRM
ckeditor -- ckeditor	pluginconfig.php in the Image Uploader and Browser plugin before 4.1.9 for CKEditor mishandles certain characters in pathnames.	2019-12-02	not yet calculated	CVE-2019-19502 MISC MISC MISC MISC
d-link -- dap-1860_devices	D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to the value stored in the device's /var/hnap/timestamp file, the request will pass the HNAP_AUTH check function.	2019-12-05	not yet calculated	CVE-2019-19598 MISC MISC
d-link -- dap-1860_devices	D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.	2019-12-05	not yet calculated	CVE-2019-19597 MISC MISC
daps -- daps	An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can possibly leak their IP address and the fact that they are using the product. This also affects Dash Core through 0.14.0.3 and Private Instant Verified Transactions (PIVX) through 3.4.0.	2019-12-04	not yet calculated	CVE-2019-16752 MISC
daps -- daps	An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their binary representations. This is a weak signature scheme design that would allow the reuse of signatures in some cases (or even the reuse of signatures, intended for one type of message, for another type). This also affects Private Instant Verified Transactions (PIVX) through 3.4.0.	2019-12-04	not yet calculated	CVE-2019-16753 MISC
davical -- davical	A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. If the attacked user is an administrator, the attacker could for example add a new admin user.	2019-12-04	not yet calculated	CVE-2019-18346 MISC MISC MISC
davical -- davical	A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another (possibly privileged) user. Affected database fields include Username, Display Name, and Email.	2019-12-04	not yet calculated	CVE-2019-18347 MISC MISC MISC
dell -- command_update	Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\IC\ICDebugLog.txt" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly.	2019-12-03	not yet calculated	CVE-2019-3750 MISC
dell -- command_update	Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly.	2019-12-03	not yet calculated	CVE-2019-3749 MISC
dell -- command_configure	Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system.	2019-12-06	not yet calculated	CVE-2019-18575 MISC
dell -- command_update	Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\IC\ICDebugLog.txt" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly.	2019-12-03	not yet calculated	CVE-2019-3750 MISC
dell -- command_update	Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly.	2019-12-03	not yet calculated	CVE-2019-3749 MISC
dell -- rsa_authentication_manager_software	RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could then be included in a report. When other Security Console administrators open the affected report, the injected scripts could potentially be executed in their browser.	2019-12-03	not yet calculated	CVE-2019-18574 MISC
django -- django	Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.)	2019-12-02	not yet calculated	CVE-2019-19118 MLIST MISC MISC CONFIRM
documize -- documize	domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS.	2019-12-06	not yet calculated	CVE-2019-19619 MISC MISC MISC
documize -- documize	domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS.	2019-12-06	not yet calculated	CVE-2019-19619 MISC MISC MISC
ezmaster -- exmaster	The admin sys mode is now conditional and dedicated for the special case. By default, since ezmaster@5.2.11 no instance (container) is launched with advanced capabilities (not launched as root)	2019-11-29	not yet calculated	CVE-2019-16767 MISC MISC CONFIRM
freeswitch -- freeswitch	FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.	2019-12-02	not yet calculated	CVE-2019-19492 MISC
fronius -- solar_inverter_devices	admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=download&filename= Directory Traversal.	2019-12-04	not yet calculated	CVE-2019-19229 MISC MISC MISC
fronius -- solar_inverter_devices	Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file.	2019-12-04	not yet calculated	CVE-2019-19228 MISC MISC MISC
gnome -- dia	When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3.	2019-11-29	not yet calculated	CVE-2019-19451 MISC
google -- android	In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141003796	2019-12-06	not yet calculated	CVE-2019-2217 MISC
google -- android	In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068	2019-12-06	not yet calculated	CVE-2019-9464 MISC
google -- android	In ReadMATImage of mat.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process when loading a MATLAB image file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140328986	2019-12-06	not yet calculated	CVE-2019-2224 MISC
google -- android	In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140692129	2019-12-06	not yet calculated	CVE-2019-2223 MISC
google -- android	In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138583650	2019-12-06	not yet calculated	CVE-2019-2221 MISC
google -- android	In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-140768453	2019-12-06	not yet calculated	CVE-2019-2227 MISC
google -- android	In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140152619	2019-12-06	not yet calculated	CVE-2019-2226 MISC
google -- android	When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-110433804	2019-12-06	not yet calculated	CVE-2019-2225 MISC
google -- android	n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140322595	2019-12-06	not yet calculated	CVE-2019-2222 MISC
google -- android	In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141170038	2019-12-06	not yet calculated	CVE-2019-2230 MISC
google -- android	In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-138636979	2019-12-06	not yet calculated	CVE-2019-2220 MISC
google -- android	In System UI, there is a possible bypass of user's consent for access to sensor data due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-119041698	2019-12-06	not yet calculated	CVE-2019-2219 MISC
google -- android	In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141169173	2019-12-06	not yet calculated	CVE-2019-2218 MISC
google -- android	In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-141955555	2019-12-06	not yet calculated	CVE-2019-2231 MISC
google -- android	In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140632678	2019-12-06	not yet calculated	CVE-2019-2232 MISC
google -- android	In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139803872	2019-12-06	not yet calculated	CVE-2019-2229 MISC
google -- android	In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196	2019-12-06	not yet calculated	CVE-2019-2228 MISC
google -- android	In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138583650	2019-12-06	not yet calculated	CVE-2019-2221 MISC
google -- android	In ReadMATImage of mat.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process when loading a MATLAB image file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140328986	2019-12-06	not yet calculated	CVE-2019-2224 MISC
google -- android	When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-110433804	2019-12-06	not yet calculated	CVE-2019-2225 MISC
google -- android	In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140692129	2019-12-06	not yet calculated	CVE-2019-2223 MISC
google -- android	In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139803872	2019-12-06	not yet calculated	CVE-2019-2229 MISC
google -- android	In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141170038	2019-12-06	not yet calculated	CVE-2019-2230 MISC
google -- android	In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-141955555	2019-12-06	not yet calculated	CVE-2019-2231 MISC
google -- android	In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140632678	2019-12-06	not yet calculated	CVE-2019-2232 MISC
google -- android	n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140322595	2019-12-06	not yet calculated	CVE-2019-2222 MISC
google -- android	In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-140768453	2019-12-06	not yet calculated	CVE-2019-2227 MISC
google -- android	In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-138636979	2019-12-06	not yet calculated	CVE-2019-2220 MISC
google -- android	In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141169173	2019-12-06	not yet calculated	CVE-2019-2218 MISC
google -- android	In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140152619	2019-12-06	not yet calculated	CVE-2019-2226 MISC
google -- android	In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141003796	2019-12-06	not yet calculated	CVE-2019-2217 MISC
google -- android	In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196	2019-12-06	not yet calculated	CVE-2019-2228 MISC
google -- android	In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068	2019-12-06	not yet calculated	CVE-2019-9464 MISC
google -- android	In System UI, there is a possible bypass of user's consent for access to sensor data due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-119041698	2019-12-06	not yet calculated	CVE-2019-2219 MISC
harbor -- harbor	A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality.	2019-12-03	not yet calculated	CVE-2019-3990 CONFIRM MISC
harbor -- harbor	A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality.	2019-12-03	not yet calculated	CVE-2019-3990 CONFIRM MISC
hashicorp -- terraform	When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.	2019-12-02	not yet calculated	CVE-2019-19316 CONFIRM
huawei -- atlas_300_and_atlas_500	Huawei Atlas 300, Atlas 500 have a buffer overflow vulnerability. A local, authenticated attacker may craft specific parameter and send to the process to exploit this vulnerability. Successfully exploit may cause service crash.	2019-11-29	not yet calculated	CVE-2019-5247 CONFIRM
huawei -- band_2_and_honor_band_3	There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. The band does not sufficiently authenticate the device try to connect to it in certain scenario. Successful exploit could allow the attacker to spoof then connect to the band.	2019-11-29	not yet calculated	CVE-2019-5218 CONFIRM
huawei -- hisuite_and_hwbackup	HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup.	2019-11-29	not yet calculated	CVE-2019-5263 CONFIRM
huawei -- honor_play_smartphones	Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition.	2019-11-29	not yet calculated	CVE-2019-5309 CONFIRM
huawei -- mate_20_rs_smartphones	Mate 20 RS smartphones with versions earlier than 9.1.0.135(C786E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation in ADB mode, successful exploit could allow the attacker to switch to third desktop after a series of operation.	2019-11-29	not yet calculated	CVE-2019-5308 CONFIRM
huawei -- multiple_home_routers	Some Huawei home routers have an input validation vulnerability. Due to input parameter is not correctly verified, an attacker can exploit this vulnerability by sending special constructed packets to obtain files in the device and upload files to some directories.	2019-11-29	not yet calculated	CVE-2019-5268 CONFIRM
huawei -- myna_smart_speaker	There is an information leak vulnerability in Huawei smart speaker Myna. When the smart speaker is paired with the cloud through Wi-Fi, the speaker incorrectly processes some data. Attackers can exploit this vulnerability to read and modify specific configurations of speakers through a series of operations.	2019-11-29	not yet calculated	CVE-2019-5271 CONFIRM
huawei -- p20_phones	The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim's mobile phone are deleted.	2019-11-29	not yet calculated	CVE-2019-5211 CONFIRM
huawei -- p30_and_p30_pro_and_mate_20_smartphones	P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version.	2019-11-29	not yet calculated	CVE-2019-5227 CONFIRM
huawei -- p30_and_p30_pro_and_mate_20_smartphones	P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version.	2019-11-29	not yet calculated	CVE-2019-5226 CONFIRM
huawei -- p30_smartphones	P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21) have an out of bounds read vulnerability. The system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause out of bounds read and information disclosure.	2019-11-29	not yet calculated	CVE-2019-5224 CONFIRM
huawei -- share	There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share, successful exploit could cause information disclosure.	2019-11-29	not yet calculated	CVE-2019-5212 CONFIRM
huawei -- viewpoint_products	There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information leak.	2019-11-29	not yet calculated	CVE-2019-5232 CONFIRM
ibm -- cloud_pak_system	IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159243.	2019-12-03	not yet calculated	CVE-2019-4226 XF CONFIRM
ibm -- cloud_pak_system	IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163776.	2019-12-03	not yet calculated	CVE-2019-4467 XF CONFIRM
ibm -- cloud_pak_system	IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163777.	2019-12-03	not yet calculated	CVE-2019-4468 XF CONFIRM
ibm -- cloud_pak_system	IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280.	2019-12-03	not yet calculated	CVE-2019-4130 XF CONFIRM
ibm -- cloud_pak_system	IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158020.	2019-12-03	not yet calculated	CVE-2019-4098 XF CONFIRM
ibm -- cloud_pak_system	IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163776.	2019-12-03	not yet calculated	CVE-2019-4467 XF CONFIRM
ibm -- cloud_pak_system	IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280.	2019-12-03	not yet calculated	CVE-2019-4130 XF CONFIRM
ibm -- cloud_pak_system	IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158020.	2019-12-03	not yet calculated	CVE-2019-4098 XF CONFIRM
intelbras -- iwr_3000n_devices	Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled, a related issue to CVE-2019-17600.	2019-12-05	not yet calculated	CVE-2019-19007 MISC
kaspersky -- multiple_products	Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products	2019-12-02	not yet calculated	CVE-2019-15689 CONFIRM
kentico -- kentico	Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.	2019-12-02	not yet calculated	CVE-2019-19493 MISC
libyang -- libyang	In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.	2019-12-06	not yet calculated	CVE-2019-19333 CONFIRM CONFIRM
libyang -- libyang	In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.	2019-12-06	not yet calculated	CVE-2019-19334 CONFIRM CONFIRM
linux -- linux_kernel	fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc.	2019-12-05	not yet calculated	CVE-2019-19602 MISC MISC MISC MISC MISC
linux -- linux_kernel	relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.	2019-11-30	not yet calculated	CVE-2019-19462 MISC MISC MISC MISC MISC
litemanger -- litemanager	LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe.	2019-12-02	not yet calculated	CVE-2019-19490 MISC
max_secure -- anti_virus_plus	Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation.	2019-12-03	not yet calculated	CVE-2019-19382 MISC MISC
mcafee -- web_advisor	Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would normally have blocked via a carefully crafted web site.	2019-12-03	not yet calculated	CVE-2019-3665 CONFIRM
mcafee -- web_advisor	API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a carefully crafted web site.	2019-12-03	not yet calculated	CVE-2019-3666 CONFIRM
mcafee -- web_advisor	API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a carefully crafted web site.	2019-12-03	not yet calculated	CVE-2019-3666 CONFIRM
mcafee -- web_advisor	Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would normally have blocked via a carefully crafted web site.	2019-12-03	not yet calculated	CVE-2019-3665 CONFIRM
myphpadmin -- myphpadmin	phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.	2019-12-06	not yet calculated	CVE-2019-19617 MISC MISC MLIST MISC
napc -- xinet_elegant_6_asset_library	NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used.	2019-12-02	not yet calculated	CVE-2019-19245 MISC MISC
norton -- password_manager	Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.	2019-12-05	not yet calculated	CVE-2019-18381 CONFIRM
norton -- password_manager	Norton Password Manager, prior to 6.6.2.5, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.	2019-12-05	not yet calculated	CVE-2019-19546 CONFIRM
okaycms -- okaycms	In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie price_filter, and second in api/Comparison.php via the cookie comparison.	2019-12-03	not yet calculated	CVE-2019-16885 MISC FULLDISC MISC
omnios_community_edition -- omnios_community_edition	illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ip_attr.c mishandles conn_ixa dereferences.	2019-11-29	not yet calculated	CVE-2019-19396 MISC MISC
opencv -- opencv	An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.	2019-12-06	not yet calculated	CVE-2019-19624 MISC MISC
opencv -- opencv	An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.	2019-12-06	not yet calculated	CVE-2019-19624 MISC MISC
opendetex -- opendetex	OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of an incorrect sprintf.	2019-12-05	not yet calculated	CVE-2019-19601 MISC
opensc -- opensc	An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.	2019-12-01	not yet calculated	CVE-2019-19481 MISC MISC
openwrt_project -- openwrt	OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device).	2019-12-03	not yet calculated	CVE-2019-18993 CONFIRM
openwrt_project -- openwrt	OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, on a TP-Link Archer C7 device).	2019-12-03	not yet calculated	CVE-2019-18992 CONFIRM
otrs -- otrs_community_edition_and_otrs	Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x version 5.0.38 and prior versions; 6.0.x version 6.0.23 and prior versions. OTRS AG: OTRS 7.0.x version 7.0.12 and prior versions.	2019-12-05	not yet calculated	CVE-2019-18180 CONFIRM
palo_alto_networks -- pan-os	An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5. PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue.	2019-12-05	not yet calculated	CVE-2019-17437 CONFIRM
phpmyadmin -- phpmyadmin	phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.	2019-12-06	not yet calculated	CVE-2019-19617 MISC MISC MLIST MISC
proftpd -- proftpd	An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.	2019-11-30	not yet calculated	CVE-2019-19269 MISC MLIST FEDORA FEDORA
puma -- puma	In Puma before version 4.3.2, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough.	2019-12-05	not yet calculated	CVE-2019-16770 CONFIRM
qnap -- music_station	This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator?s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions.	2019-12-05	not yet calculated	CVE-2019-7185 CONFIRM
qnap -- netback_replicator	An unquoted service path vulnerability is reported to affect the service ?QVssService? in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this issue in QNAP NetBak Replicator 4.5.12.1108.	2019-12-04	not yet calculated	CVE-2019-7201 CONFIRM
qnap -- photo_station	This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.	2019-12-05	not yet calculated	CVE-2019-7195 CONFIRM
qnap -- photo_station	This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.	2019-12-05	not yet calculated	CVE-2019-7192 CONFIRM
qnap -- photo_station	This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.	2019-12-05	not yet calculated	CVE-2019-7194 CONFIRM
qnap -- qts	This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recommend updating QTS to their latest versions.	2019-12-05	not yet calculated	CVE-2019-7183 CONFIRM
qnap -- qts	This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.	2019-12-05	not yet calculated	CVE-2019-7193 CONFIRM
qnap -- video_station	This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator?s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions.	2019-12-05	not yet calculated	CVE-2019-7184 CONFIRM
rabbitmq-c -- rabbitmq-c	An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.	2019-12-01	not yet calculated	CVE-2019-18609 MISC CONFIRM MLIST MISC UBUNTU
radare -- radare2	In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input.	2019-12-05	not yet calculated	CVE-2019-19590 MISC
reset.pro -- adobe_stock_api_integration_for_prestashop	reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file.	2019-12-05	not yet calculated	CVE-2019-19594 MISC
reset.pro -- adobe_stock_api_integration_for_prestashop	reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file.	2019-12-05	not yet calculated	CVE-2019-19595 MISC
ros -- sros	SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2.)	2019-12-06	not yet calculated	CVE-2019-19627 MISC MISC MISC MISC MISC
ros -- sros	SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document.	2019-12-06	not yet calculated	CVE-2019-19625 MISC MISC
ros -- sros_2	SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document.	2019-12-06	not yet calculated	CVE-2019-19625 MISC MISC
ros -- sros_2	SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2.)	2019-12-06	not yet calculated	CVE-2019-19627 MISC MISC MISC MISC MISC
salto -- proaccess_space	An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to every single path on the file system, because the webserver is running with the highest privileges available.	2019-12-03	not yet calculated	CVE-2019-19460 MISC MISC
salto -- proaccess_space	An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server.	2019-12-03	not yet calculated	CVE-2019-19459 MISC MISC
salto -- proaccess_space	SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature.	2019-12-03	not yet calculated	CVE-2019-19458 MISC MISC
salto -- proaccess_space	SALTO ProAccess SPACE 5.4.3.0 allows XSS.	2019-12-03	not yet calculated	CVE-2019-19457 MISC MISC
sangoma -- freepbx	In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account.	2019-12-06	not yet calculated	CVE-2019-19551 CONFIRM
sangoma -- freepbx	In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account.	2019-12-06	not yet calculated	CVE-2019-19552 MISC
sceditor -- sceditor	SCEditor 2.1.3 allows XSS.	2019-12-05	not yet calculated	CVE-2019-19466 MISC MISC
secureworks -- red_cloak_windows_agent	In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a malicious file.	2019-12-06	not yet calculated	CVE-2019-19620 MISC MISC
securworks -- red_cloak_windows_agent	In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a malicious file.	2019-12-06	not yet calculated	CVE-2019-19620 MISC MISC
serialize-to-js -- serialize-to-js	The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.	2019-12-07	not yet calculated	CVE-2019-16772 MISC CONFIRM
shapeshift -- keykeep_hardware_wallet	Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing registrations. This vulnerability can be exploited by unauthenticated attackers and the interface is reachable via WebUSB.	2019-12-06	not yet calculated	CVE-2019-18672 MISC MISC CONFIRM
shapeshift -- keykeep_hardware_wallet	Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes on the stack via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB.	2019-12-06	not yet calculated	CVE-2019-18671 MISC MISC CONFIRM
smplayer -- smplayer	SMPlayer 19.5.0 has a buffer overflow via a long .m3u file.	2019-12-02	not yet calculated	CVE-2019-19489 MISC
sony -- catalyst_production_suite_and_catalyst_browse	In Sony Catalyst Production Suite through 2019.1 (1.1.0.21) and Catalyst Browse through 2019.1 (1.1.0.21), an unprivileged user can obtain admin privileges, and execute a program as admin, after DLL hijacking of a DLL that is loaded during setup (installation).	2019-12-04	not yet calculated	CVE-2019-19364 MISC
sqlite -- sqlite	lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.	2019-12-05	not yet calculated	CVE-2019-19317 MISC MISC
strapi -- strapi	The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.	2019-12-05	not yet calculated	CVE-2019-19609 MISC MISC
sylius -- sylius	In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible to the customer. A validation message with the exception details will be presented to the user when one will try to log into the shop. This has been patched in versions 1.3.14, 1.4.10, 1.5.7, and 1.6.3.	2019-12-05	not yet calculated	CVE-2019-16768 MISC CONFIRM
teamviewer -- teamviewer	An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history (but does not exit the application), this data is not wiped from main memory, and therefore could be read by a local user with the same or greater privileges.	2019-12-02	not yet calculated	CVE-2019-19362 MISC
thinkparq -- beegfs	beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows Authentication Bypass via communication with a BeeGFS metadata server (which is typically not exposed to external networks).	2019-12-05	not yet calculated	CVE-2019-15897 MISC MISC MISC
titanhq -- webtitan	An issue was discovered in TitanHQ WebTitan before 5.18. It contains a Remote Code Execution issue through which an attacker can execute arbitrary code as root. The issue stems from the hotfix download mechanism, which downloads a shell script via HTTP, and then executes it as root. This is analogous to CVE-2019-6800 but for a different product.	2019-12-02	not yet calculated	CVE-2019-19019 MISC MISC
titanhq -- webtitan	An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system.	2019-12-02	not yet calculated	CVE-2019-19017 MISC MISC
titanhq -- webtitan	An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account.	2019-12-02	not yet calculated	CVE-2019-19021 MISC MISC
titanhq -- webtitan	An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires the attacker to have access to a valid web interface account.	2019-12-02	not yet calculated	CVE-2019-19020 MISC MISC
titanhq -- webtitan	An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using.	2019-12-02	not yet calculated	CVE-2019-19018 MISC MISC
trustedsec -- trevorc2	TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and interacting with the "SITE_PATH_QUERY".	2019-12-04	not yet calculated	CVE-2019-18850 MISC MISC
validators -- validators	The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. This is fixed in 0.12.6.	2019-12-05	not yet calculated	CVE-2019-19588 MISC
validators -- validators	The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. This is fixed in 0.12.6.	2019-12-05	not yet calculated	CVE-2019-19588 MISC
verot -- class.upload.php	class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.	2019-12-04	not yet calculated	CVE-2019-19576 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC
vmware -- esxi_and_horizon_daas	OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.	2019-12-06	not yet calculated	CVE-2019-5544 CONFIRM
wagtail-2fa -- wagtail-2fa	When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version 1.3.0.	2019-11-29	not yet calculated	CVE-2019-16766 MISC MISC CONFIRM
weidmueller -- ie-sw-vl05m_and_ie-sw-vl08mt_and_ie-sw-pl10m_devices	An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption.	2019-12-06	not yet calculated	CVE-2019-16671 MISC MISC CONFIRM
weidmueller -- ie-sw-vl05m_and_ie-sw-vl08mt_and_ie-sw-pl10m_devices	An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext.	2019-12-06	not yet calculated	CVE-2019-16672 MISC MISC CONFIRM
weidmueller -- ie-sw-vl05m_and_ie-sw-vl08mt_and_ie-sw-pl10m_devices	An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network.	2019-12-06	not yet calculated	CVE-2019-16674 MISC MISC CONFIRM
weidmueller -- ie-sw-vl05m_and_ie-sw-vl08mt_and_ie-sw-pl10m_devices	An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device.	2019-12-06	not yet calculated	CVE-2019-16673 MISC MISC CONFIRM
weidmueller -- ie-sw-vl05m_and_ie-sw-vl08mt_and_ie-sw-pl10m_devices	An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-force prevention.	2019-12-06	not yet calculated	CVE-2019-16670 MISC MISC MISC
wordpress -- wordpress	The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives.	2019-12-05	not yet calculated	CVE-2019-19589 MISC MISC
xen -- xen	An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl's "assignable-add" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these "alternate" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.	2019-12-04	not yet calculated	CVE-2019-19579 MLIST CONFIRM MISC MISC
xfig -- fig2dev	read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.	2019-12-04	not yet calculated	CVE-2019-19555 MISC
xtivia -- web_and_time_expense_interface_for_microsoft_dynamics_nav	An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment function.	2019-12-06	not yet calculated	CVE-2019-19616 MISC
xtivia -- web_time_and_expense_interface_for_microsoft_dynamics_nav	An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment function.	2019-12-06	not yet calculated	CVE-2019-19616 MISC
yahoo -- serialize-javascript	The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.	2019-12-05	not yet calculated	CVE-2019-16769 CONFIRM
zmanda -- zmanda_management_console	In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials.	2019-12-01	not yet calculated	CVE-2019-19469 MISC

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Samba Releases Security Updates

December 10, 2019, 8:43 am

≫ Next: Adobe Releases Security Updates

≪ Previous: Vulnerability Summary for the Week of December 2, 2019

Original release date: December 10, 2019

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcements for CVE-2019-14861 and CVE-2019-14870 and apply the necessary updates and workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Adobe Releases Security Updates

December 10, 2019, 8:49 am

≫ Next: Intel Releases Security Updates

≪ Previous: Samba Releases Security Updates

Original release date: December 10, 2019

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

ColdFusion APSB19-58
Brackets APSB19-57
Photoshop CC APSB19-56
Acrobat and Reader APSB19-55

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Intel Releases Security Updates

December 10, 2019, 10:38 am

≫ Next: Apple Releases Multiple Security Updates

≪ Previous: Adobe Releases Security Updates

Original release date: December 10, 2019

Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates and recommended mitigations:

Linux Administrative Tools for Intel Network Adapters Advisory INTEL-SA-00237
FPGA SDK for OpenCL Advisory INTEL-SA-00284
Processors Voltage Settings Modification Advisory INTEL-SA-00289
Control Center-I Advisory INTEL-SA-00299
Quartus Prime Pro Edition Advisory INTEL-SA-00311
SCS Platform Discovery Utility Advisory INTEL-SA-00312
Unexpected Page Fault in Virtualized Environment Advisory INTEL-SA-00317
NUC Firmware Advisory INTEL-SA-00323
Rapid Storage Technology Advisory INTEL-SA-00324

For updates addressing low severity vulnerabilities, see the Intel technology blog.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Apple Releases Multiple Security Updates

December 10, 2019, 2:05 pm

≫ Next: Google Releases Security Updates for Chrome

≪ Previous: Intel Releases Security Updates

Original release date: December 10, 2019

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Google Releases Security Updates for Chrome

December 10, 2019, 2:22 pm

≫ Next: Microsoft Releases December 2019 Security Updates

≪ Previous: Apple Releases Multiple Security Updates

Original release date: December 10, 2019

Google has released security updates for Chrome version 79.0.3945.79 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Microsoft Releases December 2019 Security Updates

December 10, 2019, 3:29 pm

≫ Next: WordPress Releases Security and Maintenance Updates

≪ Previous: Google Releases Security Updates for Chrome

Original release date: December 10, 2019

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s December 2019 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

WordPress Releases Security and Maintenance Updates

December 13, 2019, 7:45 am

≫ Next: Vulnerability Summary for the Week of December 9, 2019

≪ Previous: Microsoft Releases December 2019 Security Updates

Original release date: December 13, 2019

WordPress 5.3 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.3.1.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Vulnerability Summary for the Week of December 9, 2019

December 16, 2019, 3:31 am

≫ Next: Microsoft Releases Information on CVE-2019-1491

≪ Previous: WordPress Releases Security and Maintenance Updates

Original release date: December 16, 2019

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
amazon -- blink_xt2_camera	Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter.	2019-12-11	8.3	CVE-2019-3988 CONFIRM
amazon -- blink_xt2_camera	Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter.	2019-12-11	8.3	CVE-2019-3987 CONFIRM
amazon -- blink_xt2_camera	Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter.	2019-12-11	8.3	CVE-2019-3986 CONFIRM
amazon -- blink_xt2_camera	Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections.	2019-12-11	7.2	CVE-2019-3983 CONFIRM
amazon -- blink_xt2_camera	Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data.	2019-12-11	9.3	CVE-2019-3989 CONFIRM
amazon -- blink_xt2_camera	Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter.	2019-12-11	8.3	CVE-2019-3985 CONFIRM
electronic_arts -- origin	Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 1 of 2).	2019-12-12	7.2	CVE-2019-19247 MISC
electronic_arts -- origin	Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 2 of 2).	2019-12-12	7.2	CVE-2019-19248 CONFIRM
git_project -- git	Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.	2019-12-11	10	CVE-2019-19604 MLIST MISC CONFIRM CONFIRM DEBIAN
google -- android	In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140632678	2019-12-06	7.8	CVE-2019-2232 MISC
google -- android	In ReadMATImage of mat.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process when loading a MATLAB image file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140328986	2019-12-06	9.3	CVE-2019-2224 MISC
google -- android	In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141169173	2019-12-06	7.2	CVE-2019-2218 MISC
google -- android	In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141003796	2019-12-06	7.2	CVE-2019-2217 MISC
ibm -- cloud_pak_system	Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.	2019-12-10	10	CVE-2019-4521 XF CONFIRM
ibm -- spectrum_scale	IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093.	2019-12-11	9	CVE-2019-4715 XF CONFIRM
intesync -- solismed	Intesync Solismed 3.3sp allows Directory Traversal, a different vulnerability than CVE-2019-16246.	2019-12-12	7.5	CVE-2019-15931 MISC MISC MISC MISC
intesync -- solismed	Intesync Solismed 3.3sp has Incorrect Access Control.	2019-12-12	7.5	CVE-2019-15932 MISC MISC MISC MISC
intesync -- solismed	Intesync Solismed 3.3sp has SQL Injection.	2019-12-12	7.5	CVE-2019-15933 MISC MISC MISC MISC
intesync -- solismed	Intesync Solismed 3.3sp allows Insecure File Upload.	2019-12-12	7.5	CVE-2019-15936 MISC MISC MISC
intesync -- solismed	Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution.	2019-12-12	7.5	CVE-2019-16246 MISC MISC MISC
libsixel_project -- libsixel	An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c.	2019-12-08	7.5	CVE-2019-19636 MISC
libsixel_project -- libsixel	An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c.	2019-12-08	7.5	CVE-2019-19635 MISC
libsixel_project -- libsixel	An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.	2019-12-08	7.5	CVE-2019-19637 MISC
libsixel_project -- libsixel	An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.	2019-12-08	7.5	CVE-2019-19638 MISC
libyang -- libyang	In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.	2019-12-06	7.5	CVE-2019-19333 CONFIRM CONFIRM
microsoft -- internet_explorer	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.	2019-12-10	7.6	CVE-2019-1485 MISC
microsoft -- multiple_products	A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory, aka 'Microsoft Word Denial of Service Vulnerability'.	2019-12-10	7.1	CVE-2019-1461 MISC
microsoft -- multiple_products	A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'.	2019-12-10	9.3	CVE-2019-1462 MISC MISC
microsoft -- multiple_windows_products	A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'.	2019-12-10	9.3	CVE-2019-1468 MISC MISC
microsoft -- multiple_windows_products	An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1483.	2019-12-10	7.2	CVE-2019-1476 MISC MISC
microsoft -- multiple_windows_products	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.	2019-12-10	7.2	CVE-2019-1458 MISC
microsoft -- windows_10_and_windows_server_2019	An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'.	2019-12-10	7.2	CVE-2019-1477 MISC
microsoft -- windows_10_and_windows_server_and_windows_server_2019	An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1476.	2019-12-10	7.2	CVE-2019-1483 MISC MISC
microsoft -- windows_7_and_windows_server_2008_and_windows_server_2008_r2	An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'.	2019-12-10	7.2	CVE-2019-1478 MISC
monkey_project -- monkey_http_daemon	Monkey HTTP Daemon: broken user name authentication	2019-12-10	7.5	CVE-2013-2159 MISC MISC MISC MISC
nolio -- ca_release_automation	An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.	2019-12-09	7.5	CVE-2019-19230 MISC FULLDISC BUGTRAQ CONFIRM
octeth -- oempro	Octeth Oempro 4.7 allows SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.	2019-12-12	7.5	CVE-2019-19740 MISC MISC
ovirt -- ovirt_node	oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation	2019-12-10	7.2	CVE-2013-0293 MISC MISC MISC MISC MISC
qualcomm -- multiple_snapdragon_products	Possibility of memory overflow while decoding GSNDCP compressed mode PDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130	2019-12-12	10	CVE-2019-10511 CONFIRM
qualcomm -- multiple_snapdragon_products	Out of bound write in TZ while copying the secure dump structure on HLOS provided buffer as a part of memory dump in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130	2019-12-12	7.2	CVE-2019-2288 CONFIRM
qualcomm -- multiple_snapdragon_products	Incorrect length used while validating the qsee log buffer sent from HLOS which could then lead to remap conflict in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ4019, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, Snapdragon_High_Med_2016, SXR1130, SXR2130	2019-12-12	7.2	CVE-2019-2321 CONFIRM
qualcomm -- multiple_snapdragon_products	Infinite loop while decoding compressed data can lead to overrun condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130	2019-12-12	7.8	CVE-2019-10485 CONFIRM
qualcomm -- multiple_snapdragon_products	While Skipping unknown IES, EMM is reading the buffer even if the no of bytes to read are more than message length which may cause device to shutdown in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130	2019-12-12	7.8	CVE-2019-2337 CONFIRM
qualcomm -- multiple_snapdragon_products	Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8939, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130	2019-12-12	7.5	CVE-2019-10559 CONFIRM
qualcomm -- multiple_snapdragon_products	Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130	2019-12-12	10	CVE-2019-10493 CONFIRM
qualcomm -- multiple_snapdragon_products	Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130	2019-12-12	10	CVE-2019-2320 CONFIRM
sitevision -- sitevision	SiteVision 4 allows Remote Code Execution.	2019-12-06	9	CVE-2019-12733 MISC FULLDISC FULLDISC MISC MISC MISC
sqlite -- sqlite	SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.	2019-12-09	7.5	CVE-2019-19603 MISC MISC
symantec -- messaging_gateway	Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface.	2019-12-11	7.5	CVE-2019-18379 MISC
sysstat_project -- sysstat	sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.	2019-12-11	7.5	CVE-2019-19725 MISC
trend_micro -- security_2020	Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances.	2019-12-09	7.5	CVE-2019-18190 MISC
weidmueller -- multiple_devices	An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-force prevention.	2019-12-06	7.5	CVE-2019-16670 MISC MISC MISC MISC
zoho_manageengine -- applications_manager	Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function.	2019-12-11	7.5	CVE-2019-19649 CONFIRM

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
accentis -- content_resource_management_system	Cross-site scripting (XSS) vulnerability in Accentis Content Resource Management System before October 2015 patch allows remote attackers to inject arbitrary web script or HTML via the ctl00$cph_content$_uig_formState parameter.	2019-12-09	4.3	CVE-2015-3425 MISC
accentis -- content_resource_management_system	SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter.	2019-12-09	6.5	CVE-2015-3424 MISC
atasm -- atasm	ATasm 1.06 has a stack-based buffer overflow in the parse_expr() function in setparse.c via a crafted .m65 file.	2019-12-13	6.8	CVE-2019-19786 MISC
atasm -- atasm	ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c via a crafted .m65 file.	2019-12-13	6.8	CVE-2019-19787 MISC
atasm -- atasm	ATasm 1.06 has a stack-based buffer overflow in the to_comma() function in asm.c via a crafted .m65 file.	2019-12-13	6.8	CVE-2019-19785 MISC
atlassian -- fisheye_and_crucible	The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability.	2019-12-11	4	CVE-2019-15009 MISC MISC
atlassian -- fisheye_and_crucible	The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter.	2019-12-11	4.3	CVE-2019-15008 MISC MISC
atlassian -- jira	The Work Time Calendar app before 4.7.1 for Jira allows XSS.	2019-12-12	4.3	CVE-2019-19748 MISC
audible -- audible	The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service.	2019-12-06	4.3	CVE-2019-11554 MISC
cacti -- cacti	Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.	2019-12-12	5.5	CVE-2019-17358 MISC MISC MISC MISC MISC MISC MISC
commenthol -- serialize-to-js	The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.	2019-12-07	4.3	CVE-2019-16772 MISC CONFIRM
davical -- davical	A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrator, the attacker can for example add a new admin user to gain full access to the application.	2019-12-12	4.3	CVE-2019-18345 MISC MISC MISC MLIST MISC MISC DEBIAN
documize -- documize	domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS.	2019-12-06	4.3	CVE-2019-19619 MISC MISC MISC
gnome -- libxslt	Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.	2019-12-11	5	CVE-2019-5815 MISC MISC
gnome -- orca	Orca has arbitrary code execution due to insecure Python module load	2019-12-11	4.4	CVE-2013-4245 MISC MISC MISC MISC
google -- android	When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-110433804	2019-12-06	5.8	CVE-2019-2225 MISC
google -- android	In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196	2019-12-06	4.9	CVE-2019-2228 MISC
google -- android	In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-138636979	2019-12-06	4.9	CVE-2019-2220 MISC
google -- android	In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068	2019-12-06	4.3	CVE-2019-9464 MISC
google -- android	In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140692129	2019-12-06	6.8	CVE-2019-2223 MISC
google -- android	In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140152619	2019-12-06	4.9	CVE-2019-2226 MISC
google -- android	n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140322595	2019-12-06	6.8	CVE-2019-2222 MISC
google -- android	In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141170038	2019-12-06	5	CVE-2019-2230 MISC
google -- android	In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138583650	2019-12-06	4.6	CVE-2019-2221 MISC
google -- android	In System UI, there is a possible bypass of user's consent for access to sensor data due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-119041698	2019-12-06	4.7	CVE-2019-2219 MISC
google -- chrome	Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2019-12-10	6.8	CVE-2019-13732 MISC MISC
google -- chrome	Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.	2019-12-10	4.3	CVE-2019-13750 MISC MISC
google -- chrome	Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content.	2019-12-10	6.8	CVE-2019-13741 MISC MISC
google -- chrome	Incorrect security UI in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page on iOS.	2019-12-10	4.3	CVE-2019-13672 MISC MISC
google -- chrome	Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2019-12-10	6.8	CVE-2019-13764 MISC MISC
google -- chrome	Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2019-12-10	6.8	CVE-2019-13729 MISC MISC
google -- chrome	Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.	2019-12-10	4.3	CVE-2019-13754 MISC MISC
google -- chrome	Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.	2019-12-10	4.3	CVE-2019-13753 MISC MISC
google -- chrome	Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.	2019-12-10	4.3	CVE-2019-13751 MISC MISC
google -- chrome	Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.	2019-12-10	6.8	CVE-2019-13725 MISC MISC
google -- chrome	Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2019-12-10	6.8	CVE-2019-5841 MISC MISC
google -- chrome	Out of bounds memory access in JavaScript in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2019-12-10	6.8	CVE-2019-5843 MISC MISC
google -- chrome	Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2019-12-10	6.8	CVE-2019-13728 MISC MISC
google -- chrome	Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.	2019-12-10	6.8	CVE-2019-13735 MISC MISC
google -- chrome	Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2019-12-10	6.8	CVE-2019-13734 MISC MISC
google -- chrome	Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.	2019-12-10	6.8	CVE-2019-13727 MISC MISC
google -- chrome	Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.	2019-12-10	4.3	CVE-2019-13749 MISC MISC
google -- chrome	Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2019-12-10	6.8	CVE-2019-13747 MISC MISC
google -- chrome	Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2019-12-10	6.8	CVE-2019-13730 MISC MISC
google -- chrome	Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.	2019-12-10	6.8	CVE-2019-13736 MISC MISC
google -- chrome	Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.	2019-12-10	4.3	CVE-2019-13748 MISC MISC
google -- chrome	Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.	2019-12-10	4.3	CVE-2019-13746 MISC MISC
google -- chrome	Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.	2019-12-10	4.3	CVE-2019-13740 MISC MISC
google -- chrome	Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.	2019-12-10	4.3	CVE-2019-13745 MISC MISC
google -- chrome	Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.	2019-12-10	4.3	CVE-2019-13761 MISC MISC
google -- chrome	Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.	2019-12-10	6.8	CVE-2019-13726 MISC MISC
google -- chrome	Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.	2019-12-10	4.3	CVE-2019-13759 MISC MISC
google -- chrome	Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.	2019-12-10	4.3	CVE-2019-13758 MISC MISC
google -- chrome	Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.	2019-12-10	4.3	CVE-2019-13757 MISC MISC
google -- chrome	Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page.	2019-12-10	4.3	CVE-2019-13743 MISC MISC
google -- chrome	Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.	2019-12-10	4.3	CVE-2019-13739 MISC MISC
google -- chrome	Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.	2019-12-10	4.3	CVE-2019-13756 MISC MISC
google -- chrome	Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.	2019-12-10	4.3	CVE-2019-13752 MISC MISC
google -- chrome	Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.	2019-12-10	4.3	CVE-2019-13742 MISC MISC
google -- chrome	Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.	2019-12-10	4.3	CVE-2019-13744 MISC MISC
google -- chrome	Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.	2019-12-10	4.3	CVE-2019-13763 MISC MISC
google -- chrome	Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.	2019-12-10	4.3	CVE-2019-13737 MISC MISC
google -- chrome	Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page.	2019-12-10	4.3	CVE-2019-13738 MISC MISC
google -- chrome	Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.	2019-12-10	4.3	CVE-2019-13755 MISC MISC
htmldoc -- htmldoc	HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document.	2019-12-08	6.8	CVE-2019-19630 MISC MLIST
ibm -- cloud_pak_system	IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015.	2019-12-10	4.3	CVE-2019-4095 XF CONFIRM
ibm -- planning_analytics	IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.	2019-12-09	6.5	CVE-2019-4612 XF CONFIRM
ibm -- smartcloud_analytics	IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. IBM X-Force ID: 159518.	2019-12-10	6.4	CVE-2019-4244 XF CONFIRM
intesync -- solismed	Intesync Solismed 3.3sp has CSRF.	2019-12-12	6.8	CVE-2019-15934 MISC MISC MISC MISC
intesync -- solismed	Intesync Solismed 3.3sp allows Clickjacking.	2019-12-12	4.3	CVE-2019-15930 MISC MISC MISC MISC
intesync -- solismed	Intesync Solismed 3.3sp has XSS.	2019-12-12	4.3	CVE-2019-15935 MISC MISC MISC MISC
intesync -- solismed	An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted.	2019-12-12	4.3	CVE-2019-17428 MISC MISC MISC
katello -- katello	Katello has a Denial of Service vulnerability in API OAuth authentication	2019-12-10	5	CVE-2013-4120 MISC MISC
ktor -- ktor	In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.	2019-12-10	5.8	CVE-2019-19703 MISC
libcapsinetwork_and_monopd -- libcapsinetwork_and_monopd	Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line.	2019-12-09	5	CVE-2015-0841 MISC MISC MISC MISC
linux -- linux_kernel	In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.	2019-12-08	6.8	CVE-2019-19447 MISC
linux -- linux_kernel	In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.	2019-12-08	6.8	CVE-2019-19448 MISC
linux -- linux_kernel	In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated).	2019-12-08	6.8	CVE-2019-19449 MISC
marc-q -- libwav	marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c.	2019-12-10	4.3	CVE-2019-19698 MISC MISC
mediawiki -- mediawiki	The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute.	2019-12-11	4.3	CVE-2019-19708 MISC MISC
microsoft -- authentication_library_for_android	An information disclosure vulnerability in Android Apps using Microsoft Authentication Library (MSAL) 0.3.1-Alpha or later exists under specific conditions, aka 'Microsoft Authentication Library for Android Information Disclosure Vulnerability'.	2019-12-10	4	CVE-2019-1487 MISC
microsoft -- multiple_excel_and_office_products	An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.	2019-12-10	4.3	CVE-2019-1464 MISC
microsoft -- multiple_windows_products	A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.	2019-12-10	5	CVE-2019-1453 MISC
microsoft -- multiple_windows_products	An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'.	2019-12-10	4	CVE-2019-1470 MISC
microsoft -- multiple_windows_products	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1466.	2019-12-10	4.3	CVE-2019-1467 MISC
microsoft -- multiple_windows_products	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1466, CVE-2019-1467.	2019-12-10	4.3	CVE-2019-1465 MISC MISC
microsoft -- multiple_windows_products	A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.	2019-12-10	6.8	CVE-2019-1484 MISC
microsoft -- multiple_windows_products	An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1467.	2019-12-10	4.3	CVE-2019-1466 MISC MISC
microsoft -- power_bi_report_server_and_sql_server _ 2017_ reporting _ services _and_sql_server _ 2019_ reporting _ services	A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'.	2019-12-10	4.3	CVE-2019-1332 MISC
microsoft -- windows_10_and_windows_server_and_windows_server_2019	A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'.	2019-12-10	6.5	CVE-2019-1471 MISC
microsoft -- windows_7	An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1481.	2019-12-10	4.3	CVE-2019-1480 MISC MISC
microsoft -- windows_7	An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1480.	2019-12-10	4.3	CVE-2019-1481 MISC MISC
microsoft -- windows_xp_service	An information disclosure vulnerability exists when the Windows Remote Desktop Protocol (RDP) fails to properly handle objects in memory, aka 'Remote Desktop Protocol Information Disclosure Vulnerability'.	2019-12-10	5	CVE-2019-1489 MISC
mozilla -- firefox	Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames.	2019-12-10	4.3	CVE-2013-1689 CONFIRM MISC
nopcommerce -- nopcommerce	nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to upload a crafted Facebook Auth plugin.	2019-12-09	6.5	CVE-2019-19684 MISC
openstack -- openstack-utils	openstack-utils openstack-db has insecure password creation	2019-12-10	5	CVE-2013-1793 MISC MISC
puppet -- puppet_enterprise	Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management."	2019-12-11	4.3	CVE-2013-4968 MISC
pyradius -- pyrad	The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294.	2019-12-09	4.3	CVE-2013-0342 MISC MISC MISC MISC MISC MISC CONFIRM
qualcomm -- multiple_snapdragon_products	Out of bound read would occur while trying to read action category and action ID without validating the action length of the Rx Frame body in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SDA660, SDA845, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM8150	2019-12-12	5	CVE-2019-2310 CONFIRM
qualcomm -- multiple_snapdragon_products	Race condition between the camera functions due to lack of resource lock which will lead to memory corruption and UAF issue in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150	2019-12-12	4.4	CVE-2019-10494 CONFIRM
qualcomm -- multiple_snapdragon_products	Buffer overflow can occur due to usage of wrong datatype and missing length check before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150	2019-12-12	4.6	CVE-2019-10555 CONFIRM
qualcomm -- multiple_snapdragon_products	An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice & Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855	2019-12-12	4.9	CVE-2019-10520 CONFIRM
qualcomm -- multiple_snapdragon_products	HLOS could corrupt CPZ page table memory for S1 managed VMs in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130	2019-12-12	4.6	CVE-2019-2319 CONFIRM
qualcomm -- multiple_snapdragon_products	Possible integer overflow while multiplying two integers of 32 bit in QDCM API of get display modes as there is no check on the maximum mode count in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130	2019-12-12	4.6	CVE-2019-10592 CONFIRM
qualcomm -- multiple_snapdragon_products	Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24	2019-12-12	4.6	CVE-2019-10530 CONFIRM
qualcomm -- multiple_snapdragon_products	Snapshot of IB can lead to invalid address access due to missing check for size in the related function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCN7605, QCS405, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130	2019-12-12	4.6	CVE-2019-10571 CONFIRM
radare -- radare2	radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.	2019-12-09	6.8	CVE-2019-19647 MISC
red_hat -- jboss_enterprise_application_platform_and_jboss_portal_platform	JBossWeb Bayeux has reflected XSS	2019-12-11	4.3	CVE-2013-6495 MISC MISC
red_hat -- jboss_keycloak	JBoss KeyCloak: XSS in login-status-iframe.html	2019-12-10	4.3	CVE-2014-3656 MISC MISC
red_hat -- subscription_asset_manager	katello-headpin is vulnerable to CSRF in REST API	2019-12-11	4.3	CVE-2014-0026 MISC MISC
ros -- sros	SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2.)	2019-12-06	5	CVE-2019-19627 MISC MISC MISC MISC MISC
ros -- sros	SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document.	2019-12-06	5	CVE-2019-19625 MISC MISC
samsung -- s6_edge	Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call.	2019-12-09	4.6	CVE-2015-7892 MISC MISC MISC
sitevision -- sitevision	SiteVision 4 has Incorrect Access Control.	2019-12-06	6.5	CVE-2019-12734 MISC FULLDISC FULLDISC MISC MISC MISC
symantec -- messaging_gateway	Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.	2019-12-11	6.5	CVE-2019-18377 MISC
tableau -- tableau_server	Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page.	2019-12-11	4.3	CVE-2019-19719 MISC
weidmueller -- multiple_devices	An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device.	2019-12-06	4	CVE-2019-16673 MISC MISC CONFIRM MISC
weidmueller -- multiple_devices	An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext.	2019-12-06	5	CVE-2019-16672 MISC MISC CONFIRM MISC
weidmueller -- multiple_devices	An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network.	2019-12-06	5	CVE-2019-16674 MISC MISC CONFIRM MISC
weidmueller -- multiple_devices	An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption.	2019-12-06	6.8	CVE-2019-16671 MISC MISC CONFIRM MISC
xfig_project -- fig2dev	make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.	2019-12-12	4.3	CVE-2019-19746 MISC
zoho_manageengine -- applications_manager	Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function.	2019-12-11	6.5	CVE-2019-19650 CONFIRM

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
atlassian -- fisheye_and_crucible	The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch.	2019-12-11	3.5	CVE-2019-15007 MISC MISC
atlassian -- jira	In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test issue.	2019-12-09	3.5	CVE-2019-19678 MISC
atlassian -- jira	In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action for a new Test Issue.	2019-12-09	3.5	CVE-2019-19679 MISC
cloud_foundry -- uaa_release	Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters.	2019-12-06	3.5	CVE-2019-11293 CONFIRM
google -- android	In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139803872	2019-12-06	2.1	CVE-2019-2229 MISC
google -- android	In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-140768453	2019-12-06	3.3	CVE-2019-2227 MISC
google -- android	In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-141955555	2019-12-06	2.1	CVE-2019-2231 MISC
google -- chrome	Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code.	2019-12-10	2.1	CVE-2019-13762 MISC MISC
ibm -- planning_analytics	IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519.	2019-12-09	3.5	CVE-2019-4611 XF CONFIRM
ibm -- spectrum_scale	IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247.	2019-12-11	3.5	CVE-2019-4665 XF CONFIRM
ibm -- watson_assistant	IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162807.	2019-12-09	3.5	CVE-2019-4428 XF CONFIRM
ibm -- websphere_application_server	IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245.	2019-12-10	3.5	CVE-2019-4663 XF CONFIRM
microsoft -- multiple_office_products	An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1463.	2019-12-10	2.1	CVE-2019-1400 MISC
microsoft -- multiple_office_products	An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1400.	2019-12-10	2.1	CVE-2019-1463 MISC
microsoft -- multiple_windows_products	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1472.	2019-12-10	2.1	CVE-2019-1474 MISC
microsoft -- multiple_windows_products	An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1474.	2019-12-10	2.1	CVE-2019-1472 MISC
microsoft -- multiple_windows_products	A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers, aka 'Microsoft Defender Security Feature Bypass Vulnerability'.	2019-12-10	2.1	CVE-2019-1488 MISC
microsoft -- multiple_windows_products	An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.	2019-12-10	2.1	CVE-2019-1469 MISC
microsoft -- skype_for_business_server	A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'.	2019-12-10	3.5	CVE-2019-1490 MISC
monkey_project -- monkey_http_daemon	Monkey HTTP Daemon has local security bypass	2019-12-10	3.6	CVE-2013-2183 MISC MISC MISC MISC
nopcommerce -- nopcommerce	nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/[id] Admin/Blog/BlogPostEdit/[id]. NOTE: the vendor reportedly considers this a "feature" because the affected components are an HTML content editor.	2019-12-09	3.5	CVE-2019-19682 MISC
qualcomm -- multiple_snapdragon_products	Use after free issue occurs when command destructors access dynamically allocated response buffer which is already deallocated during previous command teardwon sequence in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8098, MSM8909W, Nicobar, QCS405, QCS605, SDA845, SDM660, SDM670, SDM710, SDM845, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130	2019-12-12	2.1	CVE-2019-10484 CONFIRM
qualcomm -- multiple_snapdragon_products	Null pointer dereference issue in kernel due to missing check related to LLC support in GPU in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM670, SDM710, SM6150, SM7150, SM8150	2019-12-12	2.1	CVE-2019-10545 CONFIRM
qualcomm -- multiple_snapdragon_products	Crafted image that has a valid signature from a non-QC entity can be loaded which can read/write memory that belongs to the secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130	2019-12-12	3.6	CVE-2019-2338 CONFIRM
sangoma -- freepbx	In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account.	2019-12-06	3.5	CVE-2019-19551 CONFIRM
sangoma -- freepbx	In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account.	2019-12-06	3.5	CVE-2019-19552 MISC
sap -- adaptive_server_enterprise	SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure.	2019-12-11	2.1	CVE-2019-0402 CONFIRM CONFIRM
symantec -- messaging_gateway	Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.	2019-12-11	3.5	CVE-2019-18378 MISC
wordpress -- wordpress	The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS.	2019-12-12	3.5	CVE-2019-19198 MISC MISC MISC

Severity Not Yet Assigned

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
advantech -- webaccess	Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages.	2019-12-12	not yet calculated	CVE-2019-3951 MISC
airlive -- poe-2600hd_devices	AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL.	2019-12-11	not yet calculated	CVE-2013-3691 MISC MISC
apache -- mod_wsgi	mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.	2019-12-09	not yet calculated	CVE-2014-0242 MISC MISC MISC MISC
apache -- qpid-cpp	qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors	2019-12-13	not yet calculated	CVE-2014-0212 MISC MISC MISC
apache -- spamassassin	In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places.	2019-12-12	not yet calculated	CVE-2018-11805 MLIST CONFIRM MLIST MLIST MLIST MLIST MISC CONFIRM DEBIAN
apache -- spamassassin	In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.	2019-12-12	not yet calculated	CVE-2019-12420 MLIST MISC MLIST MLIST MLIST MLIST CONFIRM DEBIAN
apple -- safari	A freed memory access vulnerability exists in the SVG Marker Element feature of Apple Safari's WebKit version 13.0.2. A specially crafted HTML web page can cause a use after free, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted HTML web page needs to be opened in the browser.	2019-12-12	not yet calculated	CVE-2019-5144 MISC
atlassian -- multiple_products	An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. It allows locally disabled users to reactivate their accounts just by browsing the affected Jira/Confluence/Bitbucket/Bamboo instance, even when the applicable configuration option of the plugin has been disabled ("Reactivate inactive users"). Exploiting this vulnerability requires an attacker to be authorized by the identity provider and requires that the plugin's configuration option "User Update Method" have the "Update from SAML Attributes" value.	2019-12-13	not yet calculated	CVE-2019-13347 MISC MISC
avaya -- ip_office_application_server	A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated.	2019-12-12	not yet calculated	CVE-2019-7004 CONFIRM
bitwarden -- server	The Bitwarden server through 1.32.0 has a potentially unwanted KDF.	2019-12-12	not yet calculated	CVE-2019-19766 MISC MISC
bson-objectid -- bson-objectid	An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects _bsontype==ObjectID in the user-input object. As a result, objects in arbitrary forms can bypass formatting if they have a valid bsontype.	2019-12-11	not yet calculated	CVE-2019-19729 MISC MISC
chrony -- chrony	chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets.	2019-12-09	not yet calculated	CVE-2015-1853 MISC MISC
coredns -- coredns	The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.	2019-12-13	not yet calculated	CVE-2019-19794 MISC MISC MISC MISC
cyxtera -- appgate_sdp_client	In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Windows, a local or remote user from the same domain can gain privileges.	2019-12-13	not yet calculated	CVE-2019-19793 MISC
data-uuid -- data-uuid	Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks	2019-12-10	not yet calculated	CVE-2013-4184 MISC MISC MISC MISC MISC MISC MISC
dbd-pgpp -- dbd-pgpp	SQL injection vulnerability in DBD::PgPP 0.05 and earlier	2019-12-11	not yet calculated	CVE-2014-7257 MISC MISC
dovecot -- dovecot	In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.	2019-12-13	not yet calculated	CVE-2019-19722 CONFIRM CONFIRM CONFIRM CONFIRM
duplicity -- duplicity	duplicity 0.6.24 has improper verification of SSL certificates	2019-12-13	not yet calculated	CVE-2014-3495 MISC MISC MISC MISC
egain -- mail	The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. (Also, the message parameter can have initial HTML comment characters.)	2019-12-13	not yet calculated	CVE-2019-17123 MISC
enshrined -- svg-sanitize	It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the sanitizer.	2019-12-11	not yet calculated	CVE-2019-10772 MISC
envoy_proxy -- envoy	An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used to bypass Envoy's access control mechanisms such as path based routing. An attacker can also modify requests from other users that happen to be proximal temporally and spatially.	2019-12-13	not yet calculated	CVE-2019-18801 MISC MISC MISC CONFIRM MISC
envoy_proxy -- envoy	An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request's Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process.	2019-12-13	not yet calculated	CVE-2019-18838 MISC MISC CONFIRM MISC
envoy_proxy -- envoy	An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one could bypass "example.com" matchers.	2019-12-13	not yet calculated	CVE-2019-18802 MISC MISC MISC MISC
erlang -- erlang	inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.	2019-12-10	not yet calculated	CVE-2016-1000107 MISC MISC MISC MISC
firecracker -- firecracker	Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes.	2019-12-11	not yet calculated	CVE-2019-18960 MISC MISC MISC CONFIRM CONFIRM
foreman -- foreman	Foreman has improper input validation which could lead to partial Denial of Service	2019-12-11	not yet calculated	CVE-2014-0091 MISC MISC MISC
grandstream -- multiple_products	Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session.	2019-12-11	not yet calculated	CVE-2013-3542 MISC MISC
hammer_cli_foreman_gem_for_ruby_on_rails -- hammer_cli_foreman_gem_for_ruby_on_rails	rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable	2019-12-13	not yet calculated	CVE-2014-0241 MISC MISC
hostapd -- hostapd	An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.	2019-12-12	not yet calculated	CVE-2019-5061 MISC
hostapd -- hostapd	An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service.	2019-12-12	not yet calculated	CVE-2019-5062 MISC
huawei -- campusinsight	There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database to crash.	2019-12-13	not yet calculated	CVE-2019-5278 MISC
huawei -- cloudengine	CloudEngine 12800 has a DoS vulnerability. An attacker of a neighboring device sends a large number of specific packets. As a result, a memory leak occurs after the device uses the specific packet. As a result, the attacker can exploit this vulnerability to cause DoS attacks on the target device.	2019-12-13	not yet calculated	CVE-2019-5248 MISC
huawei -- cloudusm-eua	Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.	2019-12-13	not yet calculated	CVE-2019-5277 MISC
huawei -- e5572-855	E5572-855 with versions earlier than 8.0.1.3(H335SP1C233) has an improper authentication vulnerability. The device does not perform a sufficient authentication when doing certain operations, successful exploit could allow an attacker to cause the device to reboot after launch a man in the middle attack.	2019-12-13	not yet calculated	CVE-2019-5253 MISC
huawei -- mate_20_pro_smartphone	Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation of certain privilege, the attacker could trick the user into installing a malicious application before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function.	2019-12-13	not yet calculated	CVE-2019-5250 MISC
huawei -- multiple_products	There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks.	2019-12-13	not yet calculated	CVE-2019-19397 MISC
huawei -- multiple_products	Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a DoS vulnerability. An attacker may send crafted messages from a FTP client to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the system out-of-bounds read and result in a denial of service condition of the affected service.	2019-12-13	not yet calculated	CVE-2019-5255 MISC
huawei -- multiple_products	Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace) have a resource management vulnerability. An attacker who logs in to the board may send crafted messages from the internal network.	2019-12-13	not yet calculated	CVE-2019-5257 MISC
huawei -- multiple_products	Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a buffer overflow vulnerability. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the affected board to be abnormal.	2019-12-13	not yet calculated	CVE-2019-5258 MISC
huawei -- multiple_products	Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the affected board to be abnormal.	2019-12-13	not yet calculated	CVE-2019-5254 MISC
huawei -- multiple_products	Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device to be abnormal.	2019-12-13	not yet calculated	CVE-2019-5291 MISC
huawei -- multiple_products	Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a null pointer dereference vulnerability. The system dereferences a pointer that it expects to be valid, but is NULL. A local attacker could exploit this vulnerability by sending crafted parameters. A successful exploit could cause a denial of service and the process reboot.	2019-12-13	not yet calculated	CVE-2019-5256 MISC
huawei -- multiple_smartphones	Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.	2019-12-14	not yet calculated	CVE-2019-5235 MISC
huawei -- multiple_smartphones	There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure.	2019-12-13	not yet calculated	CVE-2019-5264 MISC
huawei -- multiple_smartphones	There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.	2019-12-14	not yet calculated	CVE-2019-5252 MISC
huawei -- multiple_smartphones	There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure.	2019-12-13	not yet calculated	CVE-2019-5251 MISC
huawei -- s5700_and_s6700_switches	Huawei S5700 and S6700 have a DoS security vulnerability. Attackers with certain permissions perform specific operations on affected devices. Because the pointer in the program is not processed properly, the vulnerability can be exploited to cause the device to be abnormal.	2019-12-13	not yet calculated	CVE-2019-5290 MISC
huawei -- y9_2019_and_honor_view_20_smartphones	Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability. Successful exploit may cause an infinite loop and the device to reboot.	2019-12-13	not yet calculated	CVE-2019-5260 MISC
ibm -- case_manager	The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and IBM Case Manager 5.1.1 through 5.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162772.	2019-12-13	not yet calculated	CVE-2019-4426 XF CONFIRM CONFIRM
ibm -- datapower_gateway	IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.	2019-12-09	not yet calculated	CVE-2019-4621 XF CONFIRM
ibm -- db2_high_performance_unload	IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 168298.	2019-12-12	not yet calculated	CVE-2019-4606 XF CONFIRM
idrix -- veracrypt	VeraCrypt 1.24 allows Local Privilege Escalation during execution of VeraCryptExpander.exe.	2019-12-13	not yet calculated	CVE-2019-19501 MISC MISC
kde -- kde_workspace	kde-workspace before 4.10.5 has a memory leak in plasma desktop	2019-12-10	not yet calculated	CVE-2013-4133 MISC MISC MISC MISC MISC MISC MISC
labf -- aceaxe_plus	The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server.	2019-12-13	not yet calculated	CVE-2019-19782 MISC MISC
last.fm -- last.fm_app_for_macos	The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts.	2019-12-10	not yet calculated	CVE-2019-19251 MISC
lead_technologies -- leadtools	An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability.	2019-12-12	not yet calculated	CVE-2019-5085 CONFIRM
lead_technologies -- leadtools	An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability.	2019-12-12	not yet calculated	CVE-2019-5090 CONFIRM
lead_technologies -- leadtools	An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability.	2019-12-12	not yet calculated	CVE-2019-5154 CONFIRM
lead_technologies -- leadtools	An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability.	2019-12-12	not yet calculated	CVE-2019-5093 CONFIRM
lead_technologies -- leadtools	An exploitable heap out of bounds write vulnerability exists in the UI tag parsing functionality of the DICOM image format of LEADTOOLS 20.0.2019.3.15. A specially crafted DICOM image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a DICOM image to trigger this vulnerability.	2019-12-12	not yet calculated	CVE-2019-5092 CONFIRM
lead_technologies -- leadtools	An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability.	2019-12-12	not yet calculated	CVE-2019-5091 CONFIRM
lenovo-- energy_management_driver_for_windows_10	A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a client utility. Lenovo XClarity Energy Manager is not affected.	2019-12-10	not yet calculated	CVE-2019-6183 CONFIRM
lenovo-- power_management_driver	A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.	2019-12-10	not yet calculated	CVE-2019-6192 MISC CONFIRM
libsixel_project -- libsixel	An issue was discovered in libsixel 1.8.2. There is a heap-based buffer over-read in the function load_sixel at loader.c.	2019-12-13	not yet calculated	CVE-2019-19778 MISC
libssh -- libssh	A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.	2019-12-10	not yet calculated	CVE-2019-14889 CONFIRM UBUNTU CONFIRM
linux -- linux_kernel	In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).	2019-12-12	not yet calculated	CVE-2019-19768 MISC
linux -- linux_kernel	In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).	2019-12-12	not yet calculated	CVE-2019-19769 MISC
linux -- linux_kernel	In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file).	2019-12-12	not yet calculated	CVE-2019-19770 MISC
linux -- linux_kernel	The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.	2019-12-12	not yet calculated	CVE-2019-19767 MISC MISC MISC MISC MISC
mcafee -- techcheck	DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker.	2019-12-11	not yet calculated	CVE-2019-3667 CONFIRM
mcollective -- mcollective	mcollective has a default password set at install	2019-12-13	not yet calculated	CVE-2014-0175 MISC MISC MISC
mediawiki -- mediawiki	includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php.	2019-12-11	not yet calculated	CVE-2013-4303 MISC MISC MISC MISC MISC
mediawiki -- mediawiki	MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.	2019-12-11	not yet calculated	CVE-2019-19709 MISC MISC
micro_focus -- acutoweb	Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under.	2019-12-11	not yet calculated	CVE-2019-17087 CONFIRM
microsoft -- visual_studio_2019_and_visual_studio_live_share	A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'.	2019-12-10	not yet calculated	CVE-2019-1486 MISC
minerstat -- msos	minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product.	2019-12-12	not yet calculated	CVE-2019-19750 MISC
modoboa -- modoboa	The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML documents that are emailed to the address in the rua field of the DMARC records of a domain.	2019-12-10	not yet calculated	CVE-2019-19702 MISC
moxa -- eds-g508e_and_eds-g512e_and_eds-g516e_devices	On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.	2019-12-11	not yet calculated	CVE-2019-19707 MISC
multiple_vendors -- multiple_products	A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.	2019-12-11	not yet calculated	CVE-2019-14899 CONFIRM MISC
node-connect -- node-connect	node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware	2019-12-11	not yet calculated	CVE-2013-7370 MISC MISC MISC MISC MISC MISC MISC
node-connect -- node-connect	node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)	2019-12-11	not yet calculated	CVE-2013-7371 MISC MISC MISC MISC MISC MISC
node.js -- node.js	The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets.	2019-12-12	not yet calculated	CVE-2019-19771 MISC MISC
nopcommerce -- nopcommerce	RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions.	2019-12-09	not yet calculated	CVE-2019-19685 MISC
nopcommerce -- nopcommerce	RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs.	2019-12-09	not yet calculated	CVE-2019-19683 MISC
npm -- cli	Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user?s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.	2019-12-13	not yet calculated	CVE-2019-16776 MISC CONFIRM
npm -- cli	Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user?s system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.	2019-12-13	not yet calculated	CVE-2019-16775 MISC CONFIRM
npm -- cli	Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.	2019-12-13	not yet calculated	CVE-2019-16777 MISC CONFIRM
omniauth-facebook_gem_for_ruby_on_rails -- omniauth-facebook_gem_for_ruby_on_rails	RubyGem omniauth-facebook has an access token security vulnerability	2019-12-11	not yet calculated	CVE-2013-4593 MISC MISC MISC MISC
openbsd -- openbsd	lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.	2019-12-10	not yet calculated	CVE-2012-1577 CONFIRM MISC MISC MISC
openbsd -- openbsd	OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.	2019-12-12	not yet calculated	CVE-2019-19726 MISC FULLDISC BUGTRAQ CONFIRM MISC
openshift-origin-controller_gem_for_ruby_on_rails -- openshift-origin-controller_gem_for_ruby_on_rails	rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection	2019-12-10	not yet calculated	CVE-2013-2095 MISC MISC
openstack -- keystone	OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.)	2019-12-09	not yet calculated	CVE-2019-19687 MLIST MISC MISC MISC MISC CONFIRM
pen -- pen	Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities	2019-12-13	not yet calculated	CVE-2014-2387 MISC MISC MISC MISC MISC MISC MISC
phpfastcache -- phpfastcache	In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver.	2019-12-12	not yet calculated	CVE-2019-16774 MISC MISC CONFIRM
puppet -- puppet_enterprise	The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1.9.	2019-12-12	not yet calculated	CVE-2019-10694 MISC
puppet -- puppet_enterprise	When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user?s username and password were exposed in the job?s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the puppetlabs/cd4pe module.	2019-12-12	not yet calculated	CVE-2019-10695 MISC
python-keystoneclient -- python-keystoneclient	python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass	2019-12-10	not yet calculated	CVE-2013-2166 MISC MISC MISC MISC MISC MISC MISC MISC
python-keystoneclient -- python-keystoneclient	python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass	2019-12-10	not yet calculated	CVE-2013-2167 MISC MISC MISC MISC MISC MISC MISC MISC MISC
qualcomm -- snapdragon_connectivity	Driver may access an invalid address while processing IO control due to lack of check of address validation in Snapdragon Connectivity in QCA6390	2019-12-12	not yet calculated	CVE-2019-10618 CONFIRM
red_hat -- cloudform_management_engine	CFME: CSRF protection vulnerability via permissive check of the referrer header	2019-12-13	not yet calculated	CVE-2014-0197 MISC MISC
red_hat -- openshift	Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.	2019-12-11	not yet calculated	CVE-2014-0163 MISC MISC
red_hat -- 3scale	A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.	2019-12-12	not yet calculated	CVE-2019-14849 CONFIRM
relialble_controls -- licensemanager	Reliable Controls LicenseManager versions 3.4 and prior may allow an authenticated user to insert malicious code into the system root path, which may allow execution of code with elevated privileges of the application.	2019-12-11	not yet calculated	CVE-2019-18245 MISC
samba -- samba	All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.	2019-12-10	not yet calculated	CVE-2019-14861 CONFIRM FEDORA CONFIRM UBUNTU UBUNTU CONFIRM
samba -- samba	All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.	2019-12-10	not yet calculated	CVE-2019-14870 CONFIRM FEDORA CONFIRM UBUNTU UBUNTU CONFIRM
samurai -- samurai	samurai 0.7 has a heap-based buffer overflow in canonpath in util.c via a crafted build file.	2019-12-13	not yet calculated	CVE-2019-19795 MISC
sap -- businessobjects_business_intelligence_platform	Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery.	2019-12-11	not yet calculated	CVE-2019-0398 CONFIRM CONFIRM
sap -- businessobjects_business_intelligence_platform	SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability.	2019-12-11	not yet calculated	CVE-2019-0395 CONFIRM CONFIRM
sap -- enable_now	SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.	2019-12-11	not yet calculated	CVE-2019-0403 CONFIRM CONFIRM
sap -- enable_now	SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure.	2019-12-11	not yet calculated	CVE-2019-0404 CONFIRM CONFIRM
sap -- enable_now	SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure.	2019-12-11	not yet calculated	CVE-2019-0405 CONFIRM CONFIRM
sap -- portfolio_and_project_management	SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure.	2019-12-11	not yet calculated	CVE-2019-0399 CONFIRM CONFIRM
secureworks -- red_cloak_windows_agent	In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file.	2019-12-06	not yet calculated	CVE-2019-19620 MISC MISC
siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server	A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The user configuration menu in the web interface of the SiNVR 3 Central Control Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other SiNVR 3 CCS users.	2019-12-12	not yet calculated	CVE-2019-13947 CONFIRM
siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server	A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with network access to the CCS server could exploit this vulnerability to list arbitrary directories or read files outside of the CCS application context.	2019-12-12	not yet calculated	CVE-2019-18338 CONFIRM
siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server	A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SFTP service (default port 22/tcp) of the SiNVR 3 Central Control Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server.	2019-12-12	not yet calculated	CVE-2019-18342 CONFIRM
siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server	A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). Both the SiNVR 3 Video Server and the Central Control Server (CCS) store user and device passwords by applying weak cryptography. A local attacker could exploit this vulnerability to extract the passwords from the user database and/or the device configuration files to conduct further attacks.	2019-12-12	not yet calculated	CVE-2019-18340 CONFIRM
siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server	A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The HTTP service (default port 5401/tcp) of the SiNVR 3 Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiNVR users database, including the passwords of all users in obfuscated cleartext.	2019-12-12	not yet calculated	CVE-2019-18339 CONFIRM
siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server	A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext.	2019-12-12	not yet calculated	CVE-2019-18337 CONFIRM
siemens -- sinvr_3_central_control_server_and_sinvr_3_video_server	A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SFTP service (default port 22/tcp) of the SiNVR 3 Central Control Server (CCS) contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server could exploit this vulnerability to read data from the EDIR directory (for example, the list of all configured stations).	2019-12-12	not yet calculated	CVE-2019-18341 CONFIRM
siemens -- sppa-t3000_application_server	A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain access to directory listings of the server by sending specifically crafted packets to 80/tcp, 8095/tcp or 8080/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18332 CONFIRM
siemens -- sppa-t3000_application_server	A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain access to filenames on the server by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18333 CONFIRM
siemens -- sppa-t3000_application_server	A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could be able to enumerate valid user names by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18334 CONFIRM
siemens -- sppa-t3000_application_server	A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specifically crafted packets to 80/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18335 CONFIRM
siemens -- sppa-t3000_application_server	A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could be able to upload arbitrary files without authentication. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18320 CONFIRM
siemens -- sppa-t3000_application_server	A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain access to path and filenames on the server by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18331 CONFIRM
siemens -- sppa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18326 CONFIRM
siemens -- sppa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18323 CONFIRM
siemens -- sppa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18329 CONFIRM
siemens -- sppa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18329. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18330 CONFIRM
siemens -- sppa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18328 CONFIRM
siemens -- sppa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18327 CONFIRM
siemens -- sppa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18325 CONFIRM
siemens -- sppa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18324 CONFIRM
siemens -- sppa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18321. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18322 CONFIRM
siemens -- sppa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18322. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18321 CONFIRM
siemens -- en100_ethernet_modules	A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated to the web interface. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security. vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-13943 CONFIRM
siemens -- en100_ethernet_modules	A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). An unauthorized user could exploit a buffer overflow vulnerability in the webserver. Specially crafted packets sent could cause a Denial-of-Service condition and if certain conditions are met, the affected devices must be restarted manually to fully recover. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-13942 CONFIRM
siemens -- en100_ethernet_modules	A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). A vulnerability in the integrated web server of the affected devices could allow unauthorized attackers to obtain sensitive information about the device, including logs and configurations. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-13944 CONFIRM
siemens -- multiple_desigo_px_products	A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server (All firmware versions < V6.00.320). The device contains a vulnerability that could allow an attacker to cause a denial of service condition on the device's web server by sending a specially crafted HTTP message to the web server port (tcp/80). The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device's web service. While the device itself stays operational, the web server responds with HTTP status code 404 (Not found) to any further request. A reboot is required to recover the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-13927 MISC
siemens -- simatic_s7-1200_cpu_and_simatic_s7-200_smart_cpu	A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of S7-1200 CPUs that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-13945 MISC
siemens -- spa-t3000_application_server	A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18286. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18287 MISC CONFIRM
siemens -- spa-t3000_application_server	A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18316 CONFIRM
siemens -- spa-t3000_application_server	A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with valid authentication at the RMI interface could be able to gain remote code execution through an unsecured file upload. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18288 MISC CONFIRM
siemens -- spa-t3000_application_server	A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18318. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18319 CONFIRM
siemens -- spa-t3000_application_server	A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18318 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18317 CONFIRM
siemens -- spa-t3000_application_server	A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server can cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18318 CONFIRM
siemens -- spa-t3000_application_server	A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted objects via RMI. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18314 CONFIRM
siemens -- spa-t3000_application_server	A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The AdminService is available without authentication on the Application Server. An attacker can use methods exposed via this interface to receive password hashes of other users and to change user passwords. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18284 MISC CONFIRM
siemens -- spa-t3000_application_server	A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18287. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18286 MISC CONFIRM
siemens -- spa-t3000_application_server	A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 8888/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18315 CONFIRM
siemens -- spa-t3000_application_server	A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The AdminService is available without authentication on the Application Server. An attacker can gain remote code execution by sending specifically crafted objects to one of its functions. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18283 MISC CONFIRM
siemens -- spa-t3000_application_server	A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The RMI communication between the client and the Application Server is unencrypted. An attacker with access to the communication channel can read credentials of a valid user. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18285 MISC CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18294 MISC CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18299 MISC CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18293, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18289 MISC CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18302 MISC CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18295. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18296 MISC CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18301 MISC CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18298 MISC CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18300 MISC CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18292 MISC CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18295 MISC CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18293 MISC CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and low privileges could gain root privileges by sending specifically crafted packets to a named pipe. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18297 MISC CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18303 MISC CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18291 MISC CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18309. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18308 CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to enumerate running RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18312 CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18310. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18311 CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18308. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18309 CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18304 MISC CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18311. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18310 CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18306 MISC CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18305 MISC CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could gain remote code execution by sending specifically crafted objects to one of the RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18313 CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18290 MISC CONFIRM
siemens -- spa-t3000_ms3000_migration_server	A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18306. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-18307 MISC CONFIRM
siemens -- xhq	A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-13930 CONFIRM
siemens -- xhq	A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow for an an attacker to craft the input in a form that is not expected, causing the application to behave in unexpected ways for legitimate users. Successful exploitation requires for an attacker to be authenticated to the web interface. A successful attack could cause the application to have unexpected behavior. This could allow the attacker to modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-13931 CONFIRM
siemens -- xhq	A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web application requests could be manipulated, causing the the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated. A successful attack could allow the import of scripts or generation of malicious links. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known.	2019-12-12	not yet calculated	CVE-2019-13932 CONFIRM
skymee -- petwant_pf-103_and_petalk_ai	The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.	2019-12-13	not yet calculated	CVE-2019-16737 MISC
skymee -- petwant_pf-103_and_petalk_ai	processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.	2019-12-13	not yet calculated	CVE-2019-16730 MISC MISC
skymee -- petwant_pf-103_and_petalk_ai	The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings.	2019-12-13	not yet calculated	CVE-2019-16731 MISC
skymee -- petwant_pf-103_and_petalk_ai	Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user.	2019-12-13	not yet calculated	CVE-2019-16732 MISC
skymee -- petwant_pf-103_and_petalk_ai	processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.	2019-12-13	not yet calculated	CVE-2019-16733 MISC
skymee -- petwant_pf-103_and_petalk_ai	A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user.	2019-12-13	not yet calculated	CVE-2019-16735 MISC
skymee -- petwant_pf-103_and_petalk_ai	The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.	2019-12-13	not yet calculated	CVE-2019-17364 MISC
skymee -- petwant_pf-103_and_petalk_ai	Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.	2019-12-13	not yet calculated	CVE-2019-16734 MISC
skymee -- petwant_pf-103_and_petalk_ai	A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user.	2019-12-13	not yet calculated	CVE-2019-16736 MISC
smokeping -- smokeping	smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790)	2019-12-11	not yet calculated	CVE-2013-4158 MISC MISC MISC MISC MISC MISC MISC MISC
snakeyaml -- snakeyaml	The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.	2019-12-12	not yet calculated	CVE-2017-18640 MISC MISC
sqlite -- sqlite	alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.	2019-12-09	not yet calculated	CVE-2019-19645 MISC
sqlite -- sqlite	pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.	2019-12-09	not yet calculated	CVE-2019-19646 MISC MISC MISC
squiz -- squiz_matrix_content_management_system	An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/page_templates/page_remote_content/page_remote_content.inc POST parameter during processing of a Remote Content page type. This unserialization can be used to trigger the inclusion of arbitrary files on the filesystem (local file inclusion), and results in remote code execution.	2019-12-11	not yet calculated	CVE-2019-19373 FULLDISC MISC MISC
squiz -- squiz_matrix_content_management_system	An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server during interaction with the File Upload field type, when a custom form exists. (This is related to an information disclosure issue within the File Upload field type that allows users to view the full path to uploaded files, including the product's web root directory.)	2019-12-11	not yet calculated	CVE-2019-19374 FULLDISC MISC MISC
stb_image.h -- stb_image.h	stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.	2019-12-13	not yet calculated	CVE-2019-19777 MISC
supermicro -- x8sti-f_motherboards	On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareName. The attacker can achieve a persistent backdoor.	2019-12-08	not yet calculated	CVE-2019-19642 MISC
suphp -- suphp	suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution	2019-12-13	not yet calculated	CVE-2014-1867 MISC MISC MISC MISC
symantec -- industrial_control_system_protection	Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication.	2019-12-09	not yet calculated	CVE-2019-18380 CONFIRM
telerik -- telerik_ui_for_asp.net_ajax	Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (In 2019.3.1023 but not earlier versions, a non-default setting can prevent exploitation.)	2019-12-11	not yet calculated	CVE-2019-18935 MISC MISC MISC MISC
telerik -- telerik_ui_for_asp.net_ajax	Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart. All RadChart versions were affected. To avoid this vulnerability, you must remove RadChart's HTTP handler from a web.config (its type is Telerik.Web.UI.ChartHttpHandler).	2019-12-13	not yet calculated	CVE-2019-19790 MISC MISC
tematres -- tematres	TemaTres 3.0 has reflected XSS via the replace_string or search_string parameter to the vocab/admin.php?doAdmin=bulkReplace URI.	2019-12-13	not yet calculated	CVE-2019-14344 MISC MISC
temenos -- channels	An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer() to traverse the file system and access files or directories that are outside of the restricted directory because WealthT24/GetImage is used with the docDownloadPath and uploadLocation parameters.	2019-12-09	not yet calculated	CVE-2019-14251 MISC
thales_dis -- safenet_sentinel_ldk_license_manager	SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using symbolic links, leading to a privilege escalation. This vulnerability could also be used by an attacker to execute a malicious DLL, which could impact the integrity and availability of the system.	2019-12-11	not yet calculated	CVE-2019-18232 MISC
virustotal -- yara	In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.	2019-12-09	not yet calculated	CVE-2019-19648 MISC
wolfssl -- wolfssl_and_wolfcrypt	wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces.	2019-12-11	not yet calculated	CVE-2019-14317 MISC
wordpress -- wordpress	Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977.	2019-12-11	not yet calculated	CVE-2013-5978 MISC MISC MISC MISC MISC MISC MISC
wordpress -- wordpress	The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter (and/or the quiz_id parameter). The component is: admin/quiz-options-page.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.	2019-12-13	not yet calculated	CVE-2019-17599 MISC MISC MISC MISC
xen -- xen	An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable.	2019-12-11	not yet calculated	CVE-2019-19582 MISC
xen -- xen	An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.	2019-12-11	not yet calculated	CVE-2019-19580 MISC
xen -- xen	An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest's address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable.	2019-12-11	not yet calculated	CVE-2019-19577 MISC
xen -- xen	An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. "Linear pagetables" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the "depth" of such chains by allowing pages to either point to other pages of the same level, or be pointed to by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some "linear_pt_entry" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable.	2019-12-11	not yet calculated	CVE-2019-19578 MISC
xen -- xen	An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable.	2019-12-11	not yet calculated	CVE-2019-19581 MISC
xen -- xen	An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability.	2019-12-11	not yet calculated	CVE-2019-19583 MISC
yabasic -- yabasic	Yabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source file.	2019-12-13	not yet calculated	CVE-2019-19796 MISC
yabasic -- yabasic	Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file.	2019-12-11	not yet calculated	CVE-2019-19720 MISC MISC
yachtcontrol -- yachtcontrol	Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's.	2019-12-10	not yet calculated	CVE-2019-17270 MISC EXPLOIT-DB
yaws -- yaws	yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.	2019-12-10	not yet calculated	CVE-2016-1000108 MISC CONFIRM MISC MISC
zabbix -- zabbix	Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.	2019-12-11	not yet calculated	CVE-2013-5743 CONFIRM CONFIRM CONFIRM CONFIRM
zoho manageengine -- eventlog_analyzer	An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, and recover the MD5 hashes of the accounts used to authenticate the ManageEngine platform to the managed machines on the network (most often administrative accounts). Specifically, this bypasses these restrictions: a query cannot mention password, and a query result cannot have a password column.	2019-12-13	not yet calculated	CVE-2019-19774 MISC MISC

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Microsoft Releases Information on CVE-2019-1491

December 18, 2019, 7:38 am

≫ Next: Google Releases Security Updates for Chrome for Windows, Mac, and Linux

≪ Previous: Vulnerability Summary for the Week of December 9, 2019

Original release date: December 18, 2019 | Last revised: December 19, 2019

Microsoft has released information about CVE-2019-1491, a vulnerability in SharePoint Server. An attacker could exploit this vulnerability to obtain sensitive information.

Microsoft released security updates for this vulnerability as part of its December 2019 Security Updates. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft Security Advisory for CVE-2019-1491 and to apply the December updates, if not already installed.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Google Releases Security Updates for Chrome for Windows, Mac, and Linux

December 18, 2019, 7:49 am

≫ Next: Drupal Releases Security Updates

≪ Previous: Microsoft Releases Information on CVE-2019-1491

Original release date: December 18, 2019

Google has released security updates for Chrome version 79.0.3945.88 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

↧

Drupal Releases Security Updates

December 19, 2019, 7:43 am

≫ Next: Vulnerability Summary for the Week of December 30, 2019

≪ Previous: Google Releases Security Updates for Chrome for Windows, Mac, and Linux

Original release date: December 19, 2019

Drupal has released security updates to address vulnerabilities in Drupal 7.x, 8.7.x, and 8.8.x. An attacker could exploit some of these vulnerabilities to modify data on an affected website.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Drupal Security Advisories and apply the necessary updates:

• SA-CORE-2019-012
• SA-CORE-2019-011
• SA-CORE-2019-010
• SA-CORE-2019-009

This product is provided subject to this Notification and this Privacy & Use policy.

↧