Vulnerability Summary for the Week of June 3, 2019
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by Ug-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of Ug- CERT analysis.
High Vulnerabilities
C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS CVE- logistics mobile app) allows an 2019- ais -- 2019- anonymous attacker to execute 7.5 10123 logistic_software 05-31 arbitrary code in the context of the MISC user of the MSSQL database. The MISC default user for the database is the 'sa' user.
CVE- Apcupsd 0.3.91_5, as used in pfSense 2019- apcupsd -- through 2.4.4-RELEASE-p3 and other 2019- 12585 7.5 apcupsd products, has an Arbitrary Command 06-02 MISC Execution issue in apcupsd_status.php. MISC MISC C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 CVE- atlassian -- (fixed version for 5.16.x), from 6.0.0 2019- 2019- 9.0 bitbucket before 6.0.3 (fixed version for 6.0.x), 06-03 3397 and from 6.1.0 before 6.1.2 (the fixed MISC version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool.
Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary CVE- plugins, which permits remote code 2019- execution on systems running a 2019- atlassian -- crowd 7.5 11580 vulnerable version of Crowd or Crowd 06-03 BID Data Center. All versions of Crowd MISC from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
version for 3.4.x) are affected by this vulnerability.
CVE- aubio v0.4.0 to v0.4.8 has a Buffer 2019- 2018- aubio -- aubio 7.5 Overflow (issue 1 of 3). 06-07 19800 MISC
CVE- 2019- 11356 FEDO RA The CalDAV feature in httpd in Cyrus FEDO IMAP 2.5.x through 2.5.12 and 3.0.x RA through 3.0.9 allows remote attackers 2019- BUG cyrus -- imap 7.5 to execute arbitrary code via a crafted 06-03 TRA HTTP PUT operation for an event Q with a long iCalendar property name. MISC MISC MISC MISC DEBI AN
CVE- 2019- 10149 A flaw was found in Exim versions SUSE 4.87 to 4.91 (inclusive). Improper MISC validation of recipient address in 2019- exim -- exim 7.5 MLIS deliver_message() function in 06-05 T /src/deliver.c may lead to remote MLIS command execution. T MLIS T C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
MLIS T BID CONF IRM BUG TRA Q GENT OO UBU NTU DEBI AN CONF IRM
In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' CVE- permissions. Under those facebook -- 2019- 2019- circumstances osquery will load said 9.3 osquery 06-03 3567 malicious executable with SYSTEM MISC permissions. The solution is to migrate installations to the 'Program Files' directory on Windows which restricts unprivileged write access. This issue affects osquery prior to v3.4.0.
aa_read_header in libavformat/aadec.c CVE- in FFmpeg before 3.2.14 does not 2019- 2019- ffmpeg -- ffmpeg check for sscanf failure and 7.5 12730 06-04 consequently allows use of MISC uninitialized variables. MISC C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
Incorrect access control was discovered in the stdonato Dashboard CVE- glpi_dashboard_p plugin through 0.9.7 for GLPI, 2019- 2019- roject -- 7.5 affecting df.php, issue.php, load.php, 06-02 12530 glpi_dashboard mem.php, traf.php, and uptime.php in MISC front/sh.
CVE- In Godot through 3.1, remote code 2019- godotengine -- execution is possible due to the 2019- 7.5 10069 godot deserialization policy not being 05-31 MISC applied correctly. MISC
CVE- HotelDruid before v2.3.1 has SQL 2019- hoteldruid -- Injection via the 2019- 7.5 9086 hoteldruid /visualizza_tabelle.php anno 06-07 MISC parameter. MISC
CVE- HotelDruid before v2.3.1 has SQL 2019- hoteldruid -- 2019- Injection via the /tab_tariffe.php 7.5 9087 hoteldruid 06-07 numtariffa1 parameter. MISC MISC
A remote cross site scripting vulnerability was identified in HPE CVE- hp -- Integrated Lights-Out 4 (iLO 4) earlier 2019- 2019- integrated_lights- than v2.61b for Gen9 servers and 7.6 11982 06-05 out_4_firmware Integrated Lights-Out 5 (iLO 5) for CONF Gen10 Servers earlier than version IRM v1.39. C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
A remote buffer overflow vulnerability was identified in HPE CVE- hp -- Integrated Lights-Out 4 (iLO 4) earlier 2019- 2019- integrated_lights- than v2.61b for Gen9 servers and 8.3 11983 06-05 out_4_firmware Integrated Lights-Out 5 (iLO 5) for CONF Gen10 Servers earlier than version IRM v1.39.
CVE- A remote code execution vulnerability hp -- 2018- was identified in HPE Intelligent 2019- 10. intelligent_manag 7121 Management Center (IMC) PLAT 06-05 0 ement_center CONF earlier than version 7.3 E0506P09. IRM
A remote denial of service CVE- hp -- vulnerability was identified in HPE 2018- 2019- intelligent_manag Intelligent Management Center (IMC) 7.8 7123 06-05 ement_center PLAT earlier than version 7.3 CONF E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2018- was identified in HPE Intelligent 2019- 10. intelligent_manag 7124 Management Center (IMC) PLAT 06-05 0 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11941 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM hp -- CVE- A remote code execution vulnerability 2019- intelligent_manag 9.0 2019- was identified in HPE Intelligent 06-05 ement_center 11942 C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
Management Center (IMC) PLAT CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11943 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- 10. intelligent_manag 11944 Management Center (IMC) PLAT 06-05 0 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- 10. intelligent_manag 11945 Management Center (IMC) PLAT 06-05 0 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11947 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11948 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- 10. intelligent_manag 11949 Management Center (IMC) PLAT 06-05 0 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11950 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11951 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11952 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11953 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11954 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11955 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11956 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.3 11957 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11958 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11959 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11960 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11961 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11962 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11963 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11964 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11965 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
A remote privilege escalation CVE- hp -- vulnerability was identified in HPE 2019- 2019- intelligent_manag Intelligent Management Center (IMC) 9.0 11966 06-05 ement_center PLAT earlier than version 7.3 CONF E0506P09. IRM C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11967 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11968 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11969 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
A SQL injection code execution CVE- hp -- vulnerability was identified in HPE 2019- 2019- intelligent_manag Intelligent Management Center (IMC) 9.0 11970 06-05 ement_center PLAT earlier than version 7.3 CONF E0506P09. IRM
A SQL injection code execution CVE- hp -- vulnerability was identified in HPE 2019- 2019- intelligent_manag Intelligent Management Center (IMC) 9.0 11971 06-05 ement_center PLAT earlier than version 7.3 CONF E0506P09. IRM
A SQL injection code execution CVE- hp -- vulnerability was identified in HPE 2019- 2019- intelligent_manag Intelligent Management Center (IMC) 9.0 11972 06-05 ement_center PLAT earlier than version 7.3 CONF E0506P09. IRM C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
A SQL injection code execution CVE- hp -- vulnerability was identified in HPE 2019- 2019- intelligent_manag Intelligent Management Center (IMC) 9.0 11973 06-05 ement_center PLAT earlier than version 7.3 CONF E0506P09. IRM
A SQL injection code execution CVE- hp -- vulnerability was identified in HPE 2019- 2019- intelligent_manag Intelligent Management Center (IMC) 9.0 11974 06-05 ement_center PLAT earlier than version 7.3 CONF E0506P09. IRM
A SQL injection code execution CVE- hp -- vulnerability was identified in HPE 2019- 2019- intelligent_manag Intelligent Management Center (IMC) 9.0 11975 06-05 ement_center PLAT earlier than version 7.3 CONF E0506P09. IRM
A SQL injection code execution CVE- hp -- vulnerability was identified in HPE 2019- 2019- intelligent_manag Intelligent Management Center (IMC) 9.0 11976 06-05 ement_center PLAT earlier than version 7.3 CONF E0506P09. IRM
A SQL injection code execution CVE- hp -- vulnerability was identified in HPE 2019- 2019- intelligent_manag Intelligent Management Center (IMC) 9.0 11977 06-05 ement_center PLAT earlier than version 7.3 CONF E0506P09. IRM
A SQL injection code execution CVE- hp -- vulnerability was identified in HPE 2019- 2019- intelligent_manag Intelligent Management Center (IMC) 9.0 11978 06-05 ement_center PLAT earlier than version 7.3 CONF E0506P09. IRM C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
A SQL injection code execution CVE- hp -- vulnerability was identified in HPE 2019- 2019- intelligent_manag Intelligent Management Center (IMC) 9.0 11979 06-05 ement_center PLAT earlier than version 7.3 CONF E0506P09. IRM
CVE- A remote code exection vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11980 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
A SQL injection code execution CVE- hp -- vulnerability was identified in HPE 2019- 2019- intelligent_manag Intelligent Management Center (IMC) 9.0 11984 06-05 ement_center PLAT earlier than version 7.3 CONF E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11985 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 11986 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5338 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5339 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5340 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5341 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5342 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5343 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5344 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5345 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5346 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
A remote authentication bypass CVE- hp -- vulnerability was identified in HPE 2019- 2019- 10. intelligent_manag Intelligent Management Center (IMC) 5347 06-05 0 ement_center PLAT earlier than version 7.3 CONF E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5348 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5349 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5350 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5351 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- 10. intelligent_manag 5352 Management Center (IMC) PLAT 06-05 0 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5353 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5354 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
A remote denial of service CVE- hp -- vulnerability was identified in HPE 2019- 2019- intelligent_manag Intelligent Management Center (IMC) 7.8 5355 06-05 ement_center PLAT earlier than version 7.3 CONF E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- 10. intelligent_manag 5356 Management Center (IMC) PLAT 06-05 0 ement_center CONF earlier than version 7.3 E0506P09. IRM C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5357 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- 10. intelligent_manag 5358 Management Center (IMC) PLAT 06-05 0 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5359 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5360 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5361 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5362 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5363 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5364 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5365 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5366 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- 10. intelligent_manag 5367 Management Center (IMC) PLAT 06-05 0 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5368 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5369 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5370 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5371 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5372 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5373 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5374 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5375 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5376 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5377 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5378 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5379 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5380 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5381 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5382 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5383 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5384 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5385 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5386 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- 10. intelligent_manag 5387 Management Center (IMC) PLAT 06-05 0 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5388 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
CVE- A remote code execution vulnerability hp -- 2019- was identified in HPE Intelligent 2019- intelligent_manag 9.0 5389 Management Center (IMC) PLAT 06-05 ement_center CONF earlier than version 7.3 E0506P09. IRM
A remote command injection CVE- hp -- vulnerability was identified in HPE 2019- 2019- 10. intelligent_manag Intelligent Management Center (IMC) 5390 06-05 0 ement_center PLAT earlier than version 7.3 CONF E0506P09. IRM
CVE- A stack buffer overflow vulnerability hp -- 2019- was identified in HPE Intelligent 2019- 10. intelligent_manag 5391 Management Center (IMC) PLAT 06-05 0 ement_center CONF earlier than version 7.3 E0506P09. IRM
Some Huawei S series switches have a CVE- DoS vulnerability. An unauthenticated 2019- huawei -- 2019- remote attacker can send crafted 7.8 5285 s12700_firmware 06-04 packets to the affected device to CONF exploit this vulnerability. Due to IRM C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
insufficient verification of the packets, successful exploitation may cause the device reboot and denial of service (DoS) condition. (Vulnerability ID: HWPSIRT-2019-03109)
Open directories in Ivanti LANDESK Management Suite (LDMS, aka CVE- ivanti -- Endpoint Manager) 10.0.1.168 Service 2019- 2019- landesk_manage 7.5 Update 5 may lead to remote 06-03 12375 ment_suite information disclosure and arbitrary MISC code execution.
A vulnerable upl/async_upload.asp web API endpoint in Ivanti CVE- ivanti -- LANDESK Management Suite 2019- 2019- landesk_manage (LDMS, aka Endpoint Manager) 7.5 12377 06-03 ment_suite 10.0.1.168 Service Update 5 allows MISC arbitrary file upload, which may lead MISC to arbitrary remote code execution.
CVE- Jector Smart TV FM-K75 devices 2019- jector -- fm- allow remote code execution because 2019- 10. 9871 k75_firmware there is an adb open port with root 05-31 0 MISC permission. MISC
Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vulnerability through its CVE- kromtech -- `com.mackeeper.AdwareAnalyzer.Ad 2019- 10. 2018- mackeeper wareAnalyzerPrivilegedHelper` 06-05 0 10171 component. The MISC AdwareAnalzyerPrivilegedHelper tool implements an XPC service that C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
allows an unprivileged application to connect and execute shell scripts as the root user.
An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A lack of encryption in how the user login cookie (admin-auth) is stored on a victim's computer results in the admin password being discoverable by a local attacker, and usable to gain CVE- linksys -- administrative access to the victim's 2019- 2019- wrt1900acs_firm router. The admin password is stored 7.2 7311 06-06 ware in base64 cleartext in an "admin-auth" MISC cookie. An attacker sniffing the MISC network at the time of login could acquire the router's admin password. Alternatively, gaining physical access to the victim's computer soon after an administrative login could result in compromise.
An issue was discovered in dlpar_parse_cc_property in CVE- arch/powerpc/platforms/pseries/dlpar.c 2019- in the Linux kernel through 5.1.6. linux -- 2019- 12614 There is an unchecked kstrdup of 7.8 linux_kernel 06-03 BID prop->name, which might allow an MISC attacker to cause a denial of service MISC (NULL pointer dereference and system crash).
An issue was discovered in CVE- linux -- get_vdev_port_node_info in 2019- 2019- 7.8 linux_kernel arch/sparc/kernel/mdesc.c in the Linux 06-03 12615 kernel through 5.1.6. There is an BID C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
unchecked kstrdup_const of MISC node_info->vdev_port.name, which MISC might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).
CVE- 2019- 3846 A flaw that allowed an attacker to CONF corrupt memory and possibly escalate linux -- 2019- IRM privileges was found in the mwifiex 8.3 linux_kernel 06-03 FEDO kernel module while connecting to a RA malicious wireless network. FEDO RA MISC
Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service CVE- Manager, versions 9.30, 9.31, 9.32, microfocus -- 2019- 2019- 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.0 service_manager 06-03 11646 9.52, 9.60, 9.61. This vulnerability MISC could allow Remote unauthorized command execution and unauthorized disclosure of information.
CVE- 2019- northern -- Northern.tech CFEngine Enterprise 2019- 9.0 9929 cfengine 3.12.1 has Insecure Permissions. 06-06 MISC MISC
The Orpak SiteOmat OrCU 2019- 10. CVE- orpak -- siteomat component is vulnerable to code 06-03 0 2017- C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
injection, for all versions prior to 14853 2017-09-25, due to a search query that BID uses a direct shell command. By MISC tampering with the request, an attacker MISC is able to run shell commands and receive valid output from the device.
CVE- A stack buffer overflow exists in one 2017- of the Orpak SiteOmat CGI 2019- 14854 orpak -- siteomat components, allowing for remote code 7.5 06-03 MISC execution. The vulnerability affects all BID versions prior to 2017-09-25. MISC
An issue was discovered in CVE- phpMyAdmin before 4.9.0.1. A 2019- phpmyadmin -- vulnerability was reported where a 2019- 11768 7.5 phpmyadmin specially crafted database name can be 06-05 BID used to trigger an SQL injection attack CONF through the designer feature. IRM
CVE- 2019- primasystems -- Prima Systems FlexAir devices have 2019- 7672 7.5 flexair Hard-coded Credentials. 06-05 MISC MISC MISC
CVE- On Prima Systems FlexAir devices 2019- through 2.4.9api3, an authenticated primasystems -- 2019- 9189 user can upload Python (.py) scripts 9.0 flexair 06-05 MISC and execute arbitrary code with root MISC privileges. MISC C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
The ImageMagick plugin that is installed by default in Pydio through 8.2.2 does not perform the appropriate validation and sanitization of user supplied input in the plugin's configuration options, allowing CVE- arbitrary shell commands to be entered 2019- 2019- pydio -- pydio that result in command execution on 9.0 05-31 10048 the underlying operating system, with MISC the privileges of the local user running the web server. The attacker must be authenticated into the application with an administrator user account in order to be able to edit the affected plugin configuration.
An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP CVE- code by placing it on the fourth line of 2019- a .php file, as demonstrated by a 2019- 9642 pydio -- pydio PoC.php created by the guest account, 7.5 06-05 MISC with execution via a CONF proxy.php?hash=../../../../../var/lib/pydi IRM o/data/personal/guest/PoC.php request. This is related to plugins/action.share/src/Store/ShareSt ore.php.
In QEMU 3.1.0, load_device_tree in CVE- device_tree.c calls the deprecated 2019- 2018- qemu -- qemu 7.5 load_image function, which has a 05-31 20815 buffer overflow risk. MISC C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted CVE- user to follow a malicious link. 2019- 2019- rakuten -- viber 9.3 Successful exploitation could cause 06-02 12569 the application to load libraries from MISC the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user, if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.
A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the CVE- target destination. If that destination 2019- rubygems -- was hidden behind a symlink, a 2019- 8320 8.8 rubygems malicious gem could delete arbitrary 06-06 CONF files on the user's machine, presuming IRM the attacker could guess at paths. MISC Given how frequently gem is run as sudo, and how predictable paths are on modern systems (/tmp, /usr, etc.), this could likely lead to data loss or an unusable system. C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE CVE- Small 05.01 build 1137 devices allows 2019- remote attackers to execute or include 2019- saet -- webapp 7.5 9106 local .php files, as demonstrated by 05-31 MISC menu=php://filter/convert.base64- MISC encode/resource=index.php to read index.php.
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka CVE- anti CSRF) module in Sitecore CMS 2019- 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 2019- 9874 sitecore -- cms 7.5 allows an unauthenticated attacker to 05-31 MISC execute arbitrary code by sending a MISC serialized .NET object in the HTTP MISC POST parameter __CSRFTOKEN.
In SweetScape 010 Editor 9.0.1, CVE- improper validation of arguments in 2019- the internal implementation of the sweetscape -- 2019- 12553 StrCat function (provided by the 7.5 010_editor 06-05 MISC scripting engine) allows an attacker to CONF overwrite arbitrary memory, which IRM could lead to code execution.
In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule CVE- update function. Updates are 2019- downloaded over HTTP, including titanhq -- 2019- 6800 scripts which are subsequently 8.5 spamtitan 06-05 MISC executed with root permissions. An CONF attacker with a privileged network IRM position is trivially able to inject arbitrary commands. C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
The function getopt_simple as described in Advanced Bash Scripting CVE- tldp -- Guide (ISBN 978-1435752184) allows 2019- 10. 2019- advanced_bash- privilege escalation and execution of 05-31 0 9891 scripting_guide commands when used in a shell script MISC called, for example, via sudo.
On Ubiquiti airCam 3.1.4 devices, a Denial of Service vulnerability exists in the RTSP Service provided by the ubnt-streamer binary. The issue can be CVE- ui -- triggered via malformed RTSP 2019- 2019- 7.8 aircam_firmware requests that lead to an invalid 06-04 12727 memory read. To exploit the MISC vulnerability, an attacker must craft an RTSP request with a large number of headers.
CVE- 2019- getchar.c in Vim before 8.1.1365 and 12735 Neovim before 0.3.6 allows remote MISC attackers to execute arbitrary OS 2019- MISC vim -- vim commands via the :source! command 9.3 06-05 MISC in a modeline, as demonstrated by MISC execute in Vim, and assert_fails or MISC nvim_input in Neovim. FEDO RA
A SQL injection vulnerability in /client/api/json/v2/nfareports/compare CVE- zohocorp -- Report in Zoho ManageEngine 2019- 2019- manageengine_ne NetFlow Analyzer 12.3 allows 7.5 12196 06-05 tflow_analyzer attackers to execute arbitrary SQL BID commands via the DeviceID MISC parameter. C Sourc Primary VS Publi e & Vendor -- Description S shed Patch Product Sc Info ore
The rpWLANRedirect.asp ASP page is accessible without authentication on CVE- ZyXEL P-660HN-T1 V2 2019- (2.00(AAKK.3)) devices. After zyxel -- p-660hn- 2019- 10. 6725 accessing the page, the admin user's t1_firmware 05-31 0 BUG password can be obtained by viewing TRA the HTML source code, and the Q interface of the modem can be accessed as admin.
Medium Vulnerabilities
C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
CVE- 2019- 1258 Apcupsd 0.3.91_5, as used in 4 2019 pfSense through 2.4.4-RELEASE- MIS apcupsd -- apcupsd -06- 4.3 p3 and other products, has an XSS C 02 issue in apcupsd_status.php. MIS C MIS C
ATutor 2.2.4 allows Arbitrary File 2019 CVE- atutor -- atutor Upload and Directory Traversal, -06- 6.8 2019- resulting in remote code execution 03 1216 C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
via a ".." pathname in a ZIP archive 9 to the MIS mods/_core/languages/language_im C port.php (aka Import New MIS Language) or C mods/_standard/patcher/index_admi MIS n.php (aka Patcher) component. C
CVE- 2018- 2019 aubio v0.4.0 to v0.4.8 has a NULL 1980 aubio -- aubio -06- 5.0 pointer dereference (issue 1 of 6). 1 07 MIS C
CVE- 2018- 2019 aubio v0.4.0 to v0.4.8 has a Buffer 1980 aubio -- aubio -06- 5.0 Overflow (issue 2 of 3). 2 07 MIS C
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CVE- Bitdefender SafePay 23.0.10.34. 2019- User interaction is required to 6736 exploit this vulnerability in that the 2019 CON bitdefender -- safepay target must visit a malicious page or -06- 6.8 FIR open a malicious file. The specific 03 M flaw exists within the processing of MIS tiscript. When processing the C System.Exec method the application does not properly validate a user- supplied string before using it to C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN- 7234.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to CVE- exploit this vulnerability in that the 2019- target must visit a malicious page or 6737 open a malicious file. The specific 2019 CON bitdefender -- safepay flaw exists within the processing of -06- 6.8 FIR TIScript. The issue lies in the 03 M handling of the openFile method, MIS which allows for an arbitrary file C write with attacker controlled data. An attacker can leverage this vulnerability execute code in the context of the current process. Was ZDI-CAN-7247.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CVE- Bitdefender SafePay 23.0.10.34. 2019- User interaction is required to 6738 2019 exploit this vulnerability in that the CON bitdefender -- safepay -06- 6.8 target must visit a malicious page or FIR 03 open a malicious file. The specific M flaw exists within the processing of MIS TIScript. When processing the C launch method the application does not properly validate a user-supplied C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
string before using it to execute a system call. An attacker can leverage this vulnerability execute code in the context of the current process. Was ZDI-CAN-7250.
CVE- 2019- 1254 8 Bludit before 3.9.0 allows remote CON code execution for an authenticated 2019 FIR bludit -- bludit user by uploading a php file while -06- 6.5 M changing the logo through 03 MIS /admin/ajax/upload-logo. C CON FIR M
Bludit prior to 3.9.1 allows a non- CVE- privileged user to change the 2019- password of any account, including 1274 2019 admin. This occurs because of bl- 2 bludit -- bludit -06- 6.5 kernel/admin/controllers/user- MIS 05 password.php Insecure Direct C Object Reference (a modified MIS username POST parameter). C
A vulnerability in the web-based CVE- management interface of Cisco 2019- cisco -- Enterprise Chat and Email (ECE) 2019 1870 enterprise_chat_and_ Center could allow an -06- 4.3 BID email unauthenticated, remote attacker to 05 CISC conduct a cross-site scripting (XSS) O attack against a user of the web- C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web- based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface or allow the attacker to access sensitive browser-based information.
A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross- site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is CVE- due to insufficient CSRF protections 2019- cisco -- for the web-based management 2019 1881 industrial_network_di interface of the affected device. An -06- 6.8 BID rector attacker could exploit this 05 CISC vulnerability by persuading a user of O the interface to follow a malicious link. A successful exploit could allow the attacker to use a web browser and the privileges of the user to perform arbitrary actions on an affected device. For more information about CSRF attacks and potential mitigations, see C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
Understanding Cross-Site Request Forgery Threat Vectors.
A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain CVE- sequences of actions are processed 2019- during an SSH login event on the 2019 cisco -- 1842 affected device. An attacker could -06- 5.5 ios_xr_firmware BID exploit this vulnerability by 05 CISC initiating an SSH session to the O device with a specific sequence that presents the two usernames. A successful exploit could result in logging data misrepresentation, user enumeration, or, in certain circumstances, a command authorization bypass. See the Details section for more information.
A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and CVE- Presence (Unified CM IM&P) 2019- cisco -- Service, Cisco TelePresence Video 2019 1845 telepresence_video_c Communication Server (VCS), and -06- 5.0 BID ommunication_server Cisco Expressway Series could 05 CISC allow an unauthenticated, remote O attacker to cause a service outage for users attempting to authenticate, resulting in a denial of service (DoS) C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
condition. The vulnerability is due to insufficient controls for specific memory operations. An attacker could exploit this vulnerability by sending a malformed Extensible Messaging and Presence Protocol (XMPP) authentication request to an affected system. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing users from successfully authenticating. Exploitation of this vulnerability does not impact users who were authenticated prior to an attack.
A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send CVE- arbitrary network requests. The 2019- cisco -- 2019 vulnerability is due to improper 1872 telepresence_video_c -06- 5.0 restrictions on network services in BID ommunication_server 05 the affected software. An attacker CISC could exploit this vulnerability by O sending malicious requests to the affected system. A successful exploit could allow the attacker to send arbitrary network requests sourced from the affected system. C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to access sensitive system CVE- information. The vulnerability is due 2019- cisco -- 2019 to improper access control to files 1868 webex_meetings_ser -06- 5.0 within the web-based management BID ver 05 interface. An attacker could exploit CISC this vulnerability by sending a O malicious request to an affected device. A successful exploit could allow the attacker to access sensitive system information.
An Incorrect Access Control CVE- vulnerability has been identified in 2018- Citrix XenMobile Server 10.8.0 1857 before Rolling Patch 6 and 10.9.0 2019 citrix -- 1 before Rolling Patch 3. An attacker -06- 6.4 xenmobile_server BID can impersonate and take actions on 05 CON behalf of any Mobile Application FIR Management (MAM) enrolled M device.
CVE- 2018- 5798 This CVE relates to an unspecified 2019 cloudera -- MIS cross site scripting vulnerability in -06- 4.3 cloudera_manager C Cloudera Manager. 07 CON FIR M C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer CVE- over-read due to the server not 2019 2019- dameware -- properly validating -06- 5.8 3956 remote_mini_control CltDHPubKeyLen during key 07 MIS negotiation, which could crash the C application or leak sensitive information.
Dameware Remote Mini Control version 12.1.0.34 and prior contains CVE- an unauthenticated remote buffer 2019 2019- dameware -- over-read due to the server not -06- 5.8 3957 remote_mini_control properly validating RsaSignatureLen 07 MIS during key negotiation, which could C crash the application or leak sensitive information.
CVE- 2019- 1230 An issue was discovered in Django 8 1.11 before 1.11.21, 2.1 before MLIS 2.1.9, and 2.2 before 2.2.2. The T clickable Current URL value BID displayed by the 2019 CON djangoproject -- AdminURLFieldWidget displays the -06- 4.3 FIR django provided value without validating it 03 M as a safe URL. Thus, an unvalidated CON value stored in the database, or a FIR value provided as a URL query M parameter payload, could result in CON an clickable JavaScript link. FIR M MIS C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
C MIS C MLIS T CON FIR M
In DouCo DouPHP v1.5 Release CVE- 20190516, remote attackers can 2019- 2019 view the database backup file via a 1256 douco -- douphp -06- 5.0 brute-force guessing approach for 4 02 data/backup/DyyyymmddThhmmss. MIS sql filenames. C
CVE- Jenkins InfluxDB Plugin 1.21 and 2019- earlier stored credentials 1032 unencrypted in its global 2019 9 eficode -- influxdb configuration file on the Jenkins -05- 4.0 MLIS master where they can be viewed by 31 T users with access to the master file BID system. MIS C
CVE- Evernote 7.9 on macOS allows 2019- attackers to execute arbitrary 1003 2019 programs by embedding a reference 8 evernote -- evernote -05- 4.4 to a local executable file such as the MIS 31 /Applications/Calculator.app/Conten C ts/MacOS/Calculator file. MIS C C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
MIS C
ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory CVE- traversal vulnerability, which allows 2019- remote attackers to view and 1231 exagrid -- 2019 retrieve verbose logging 0 backup_appliance_fir -06- 5.0 information. Files within this MIS mware 03 directory were observed to contain C sensitive run-time information, MIS including Base64 encoded 'support' C credentials, leading to administrative access of the device.
CVE- 2019- In Firejail before 0.9.60, seccomp 1258 filters are writable inside the jail, 9 2019 firejail_project -- leading to a lack of intended MIS -06- 4.6 firejail seccomp restrictions for a process C 02 that is joined to the jail after a filter MIS has been modified by an attacker. C MIS C
An Improper Limitation of a CVE- Pathname to a Restricted Directory 2018- ("Path Traversal") in Fortinet 2019 1337 FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 fortinet -- fortios -06- 5.0 9 under SSL VPN web portal allows 04 CON an unauthenticated attacker to FIR download system files via special M crafted HTTP resource requests. C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
A Cross-site Scripting (XSS) CVE- vulnerability in Fortinet FortiOS 2018- 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and 1338 2019 below versions under SSL VPN web 0 fortinet -- fortios -06- 4.3 portal allows attacker to execute BID 04 unauthorized malicious script code CON via the error or message handling FIR parameters. M
CVE- A buffer overflow vulnerability in 2018- Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 1338 to 5.6.7, 5.4 and below versions 2019 1 fortinet -- fortios under SSL VPN web portal allows a -06- 5.0 BID non-authenticated attacker to 04 CON perform a Denial-of-service attack FIR via special craft message payloads. M
An Improper Authorization CVE- vulnerability in Fortinet FortiOS 2018- 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 2019 1338 5.4.1 to 5.4.10 under SSL VPN web fortinet -- fortios -06- 5.0 2 portal allows an unauthenticated 04 CON attacker to modify the password of FIR an SSL VPN web portal user via M specially crafted HTTP requests.
A Host Header Redirection CVE- vulnerability in Fortinet FortiOS all 2018- versions below 6.0.5 under SSL 2019 1338 VPN web portal allows a remote fortinet -- fortios -06- 5.8 4 attacker to potentially poison HTTP 04 CON cache and subsequently redirect SSL FIR VPN web portal users to arbitrary M web domains. C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
A reflected Cross-Site-Scripting CVE- (XSS) vulnerability in Fortinet 2019- FortiOS 5.2.0 to 6.0.4 under SSL 2019 5586 VPN web portal may allow an fortinet -- fortios -06- 4.3 BID attacker to execute unauthorized 04 CON malicious script code via the FIR "param" parameter of the error M process HTTP requests.
Lack of root file system integrity CVE- checking in Fortinet FortiOS VM 2019- application images all versions 2019 5587 fortinet -- fortios below 6.0.5 may allow attacker to -06- 4.0 BID implant malicious programs into the 04 CON installing image by reassembling the FIR image through specific methods. M
A reflected Cross-Site-Scripting CVE- (XSS) vulnerability in Fortinet 2019- FortiOS 6.0.0 to 6.0.4 under SSL 2019 5588 VPN web portal may allow an fortinet -- fortios -06- 4.3 BID attacker to execute unauthorized 04 CON malicious script code via the "err" FIR parameter of the error process HTTP M requests.
This vulnerability allows remote attackers to disclose sensitive CVE- information on vulnerable 2019- installations of Foxit PhantomPDF 2019 6752 foxitsoftware -- 9.3.10826. User interaction is -06- 4.3 MIS foxit_reader required to exploit this vulnerability 03 C in that the target must visit a MIS malicious page or open a malicious C file. The specific flaw exists within C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7620.
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.3.0.10826. User interaction is required to exploit this vulnerability in that the target must visit a CVE- malicious page or open a malicious 2019- file. The specific flaw exists within 2019 6753 foxitsoftware -- the handling of the Stuff method. -06- 4.3 MIS foxit_reader The issue results from the lack of 03 C proper validation of user-supplied MIS data, which can result in an integer C overflow before writing to memory. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7561.
This vulnerability allows remote CVE- attackers to execute arbitrary code 2019 2019- foxitsoftware -- on vulnerable installations of Foxit -06- 6.8 6754 foxit_reader Reader 9.3.10826. User interaction 03 MIS is required to exploit this C C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
vulnerability in that the target must MIS visit a malicious page or open a C malicious file. The specific flaw exists within the localFileStorage method. The issue results from the lack of proper validation of a user- supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7407.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must CVE- visit a malicious page or open a 2019- malicious file. The specific flaw 2019 6755 foxitsoftware -- exists within -06- 6.8 MIS foxit_reader ConvertToPDF_x86.dll. The issue 03 C results from the lack of proper MIS validation of user-supplied data, C which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7613.
This vulnerability allows remote CVE- attackers to disclose sensitive 2019 2019- foxitsoftware -- information on vulnerable -06- 4.3 6756 foxit_reader installations of Foxit PhantomPDF 03 MIS 9.4.0.16811. User interaction is C C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
required to exploit this vulnerability MIS in that the target must visit a C malicious page or open a malicious file. The specific flaw exists within the parsing of HTML files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7769.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must CVE- visit a malicious page or open a 2019- malicious file. The specific flaw 2019 6757 foxitsoftware -- exists within -06- 6.8 MIS foxit_reader ConvertToPDF_x86.dll. The issue 03 C results from the lack of validating MIS the existence of an object prior to C performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7696.
This vulnerability allows remote CVE- 2019 foxitsoftware -- attackers to disclose sensitive 2019- -06- 4.3 foxit_reader information on vulnerable 6758 03 installations of Foxit Reader MIS C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
9.4.16811. User interaction is C required to exploit this vulnerability MIS in that the target must visit a C malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7701.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must CVE- visit a malicious page or open a 2019- malicious file. The specific flaw 2019 6759 foxitsoftware -- exists within -06- 6.8 MIS foxit_reader ConvertToPDF_x86.dll. The issue 03 C results from the lack of proper MIS validation of user-supplied data, C which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7614. C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must CVE- visit a malicious page or open a 2019- malicious file. The specific flaw 2019 6760 foxitsoftware -- exists within -06- 6.8 MIS foxit_reader ConvertToPDF_x86.dll. The issue 03 C results from the lack of proper MIS validation of user-supplied data, C which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7694.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must CVE- visit a malicious page or open a 2019- malicious file. The specific flaw 2019 6761 foxitsoftware -- exists within the XFA -06- 6.8 MIS foxit_reader CXFA_FFDocView object. The 03 C issue results from the lack of MIS validating the existence of an object C prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7777. C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must CVE- visit a malicious page or open a 2019- malicious file. The specific flaw 2019 6762 foxitsoftware -- exists within the conversion of -06- 6.8 MIS foxit_reader HTML files to PDF. The issue 03 C results from the lack of validating MIS the existence of an object prior to C performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7844.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must CVE- visit a malicious page or open a 2019- malicious file. The specific flaw 2019 6763 foxitsoftware -- exists within the -06- 6.8 MIS foxit_reader ToggleFormsDesign method of the 03 C Foxit.FoxitReader.Ctl ActiveX MIS object. The issue results from the C lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
current process. Was ZDI-CAN- 7874.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must CVE- visit a malicious page or open a 2019- malicious file. The specific flaw 2019 6764 foxitsoftware -- exists within the processing of XFA -06- 6.8 MIS foxit_reader Template objects. The issue results 03 C from the lack of proper validation of MIS user-supplied data, which can result C in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7972.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this CVE- vulnerability in that the target must 2019- visit a malicious page or open a 2019 6765 foxitsoftware -- malicious file. The specific flaw -06- 6.8 MIS foxit_reader exists within the conversion of 03 C HTML files to PDF. The issue MIS results from the lack of proper C validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
vulnerability to execute code in the context of the current process. Was ZDI-CAN-8170.
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a CVE- malicious page or open a malicious 2019- file. The specific flaw exists within 2019 6766 foxitsoftware -- the removeField method when -06- 4.3 MIS foxit_reader processing AcroForms. The issue 03 C results from the lack of validating MIS the existence of an object prior to C performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8162.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit CVE- Reader 9.4.1.16828. User interaction 2019- is required to exploit this 2019 6767 foxitsoftware -- vulnerability in that the target must -06- 6.8 MIS foxit_reader visit a malicious page or open a 03 C malicious file. The specific flaw MIS exists within the removeField C method when processing AcroForms. The issue results from the lack of validating the existence C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN- 8163.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must CVE- visit a malicious page or open a 2019- malicious file. The specific flaw 2019 6768 foxitsoftware -- exists within the removeField -06- 6.8 MIS foxit_reader method when processing 03 C AcroForms. The issue results from MIS the lack of validating the existence C of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN- 8164.
This vulnerability allows remote attackers to execute arbitrary code CVE- on vulnerable installations of Foxit 2019- Reader 9.4.1.16828. User interaction 2019 6769 foxitsoftware -- is required to exploit this -06- 6.8 MIS foxit_reader vulnerability in that the target must 03 C visit a malicious page or open a MIS malicious file. The specific flaw C exists within the removeField method when processing C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN- 8165.
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a CVE- malicious page or open a malicious 2019- file. The specific flaw exists within 2019 6770 foxitsoftware -- the resetForm method when -06- 4.3 MIS foxit_reader processing AcroForms. The issue 03 C results from the lack of validating MIS the existence of an object prior to C performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8229.
This vulnerability allows remote CVE- attackers to disclose sensitive 2019- information on vulnerable 2019 6771 foxitsoftware -- installations of Foxit Reader -06- 4.3 MIS foxit_reader 2019.010.20098. User interaction is 03 C required to exploit this vulnerability MIS in that the target must visit a C C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
malicious page or open a malicious file. The specific flaw exists within the handling of the value property of a Field object within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8230.
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. User interaction is required to exploit this vulnerability in that the target must visit a CVE- malicious page or open a malicious 2019- file. The specific flaw exists within 2019 6772 foxitsoftware -- the removeField method when -06- 4.3 MIS foxit_reader processing AcroForms. The issue 03 C results from the lack of validating MIS the existence of an object prior to C performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8231.
This vulnerability allows remote 2019 CVE- foxitsoftware -- attackers to disclose sensitive -06- 4.3 2019- foxit_reader information on vulnerable 03 6773 C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
installations of Foxit Reader MIS 9.4.1.16828. User interaction is C required to exploit this vulnerability MIS in that the target must visit a C malicious page or open a malicious file. The specific flaw exists within the handling of the richValue property of a Field object within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8272.
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the CVE- target must visit a malicious page or 2019- open a malicious file. The specific 2019 6746 foxitsoftware -- flaw exists within the handling of -06- 4.3 MIS foxit_studio_photo TIF files. The issue results from the 03 C lack of proper validation of user- MIS supplied data, which can result in a C read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7634. C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must CVE- visit a malicious page or open a 2019- malicious file. The specific flaw 2019 6747 foxitsoftware -- exists within the handling of EZI -06- 6.8 MIS foxit_studio_photo files. The issue results from the lack 03 C of proper validation of user-supplied MIS data, which can result in a write past C the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7636.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must CVE- visit a malicious page or open a 2019- malicious file. The specific flaw 2019 6748 foxitsoftware -- exists within the handling of EZI -06- 6.8 MIS foxit_studio_photo files. The issue results from the lack 03 C of proper validation of user-supplied MIS data, which can result in a write past C the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7637. C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must CVE- visit a malicious page or open a 2019- malicious file. The specific flaw 2019 6749 foxitsoftware -- exists within the handling of EZIX -06- 6.8 MIS foxit_studio_photo files. The issue results from the lack 03 C of proper validation of user-supplied MIS data, which can result in a write past C the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7638.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must CVE- visit a malicious page or open a 2019- malicious file. The specific flaw 2019 6750 foxitsoftware -- exists within the handling of EZI -06- 6.8 MIS foxit_studio_photo files. The issue results from the lack 03 C of proper validation of user-supplied MIS data, which can result in a write past C the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7639. C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6.779. User interaction is required to exploit this vulnerability in that the target must CVE- visit a malicious page or open a 2019- malicious file. The specific flaw 2019 6751 foxitsoftware -- exists within the handling of JPG -06- 6.8 MIS foxit_studio_photo files. The issue results from the lack 03 C of proper validation of user-supplied MIS data, which can result in a write past C the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7632.
CVE- 2019- In Gardener before 0.20.0, incorrect 1249 access control in seed clusters 4 allows information disclosure by 2019 MIS sending HTTP GET requests from gardener -- gardener -06- 5.0 C one's own shoot clusters to foreign 05 MIS shoot clusters. This occurs because C traffic from shoot to seed via the CON VPN endpoint is not blocked. FIR M
CVE- 2019 2019- gilacms -- gila_cms Gila CMS 1.9.1 has XSS. -06- 4.3 9647 05 MIS C C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
MIS C
CVE- Jenkins Gitea Plugin 1.1.1 and 2019- earlier did not implement trusted 1033 revisions, allowing attackers without 2019 0 gitea -- gitea commit access to the Git repo to -05- 5.0 MLIS change Jenkinsfiles even if Jenkins 31 T is configured to consider them to be BID untrusted. MIS C
There is an out-of-bounds read vulnerability in the function CVE- FlateStream::getChar() located at 2019- Stream.cc in Xpdf 4.01.01. It can, 2019 glyphandcog -- 1251 for example, be triggered by sending -06- 5.8 xpdfreader 5 a crafted PDF document to the 01 MIS pdftoppm tool. It might allow an C attacker to cause Information Disclosure or a denial of service.
CVE- 2019- Grails before 3.3.10 used cleartext 1272 HTTP to resolve the SDKMan 2019 8 grails -- grails notification service. NOTE: users' -06- 6.8 MIS apps were not resolving 04 C dependencies over cleartext HTTP. MIS C C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
A Path Traversal vulnerability in Controllers/LetsEncryptController.c CVE- s in LetsEncryptController in 2019- GrandNode 4.40 allows remote, 1227 unauthenticated attackers to retrieve 2019 grandnode -- 6 arbitrary files on the web server via -06- 5.0 grandnode MIS specially crafted 05 C LetsEncrypt/Index?fileName= MIS HTTP requests. A patch for this C issue was made on 2019-05-30 in GrandNode 4.40.
CVE- A remote disclosure of information 2018- hp -- vulnerability was identified in HPE 2019 7122 intelligent_managem Intelligent Management Center -06- 5.0 CON ent_center (IMC) PLAT earlier than version 7.3 05 FIR E0506P09. M
CVE- A remote code execution 2018- hp -- vulnerability was identified in HPE 2019 7125 intelligent_managem Intelligent Management Center -06- 6.5 CON ent_center (IMC) PLAT earlier than version 7.3 05 FIR E0506P09. M
CVE- A remote credential disclosure 2019- hp -- vulnerability was identified in HPE 2019 1194 intelligent_managem Intelligent Management Center -06- 6.8 6 ent_center (IMC) PLAT earlier than version 7.3 05 CON E0506P09. FIR M C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
CVE- A disclosure of information 2019- hp -- vulnerability was identified in HPE 2019 5392 intelligent_managem Intelligent Management Center -06- 5.0 CON ent_center (IMC) PLAT earlier than version 7.3 05 FIR E0506P09. M
CVE- A remote code execution 2019- hp -- vulnerability was identified in HPE 2019 5393 intelligent_managem Intelligent Management Center -06- 6.8 CON ent_center (IMC) PLAT earlier than version 7.3 05 FIR E0506P09. M
There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200- S, AR3200, SRG1300, SRG2300 CVE- and SRG3300 Huawei routers. The 2019- vulnerability is due to the affected 2019 huawei -- ar1200- 5300 software improperly verifying -06- 4.6 s_firmware CON digital signatures for the software 04 FIR image in the affected device. A local M attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device.
IBM Maximo Asset Management CVE- 7.6 could allow a an authenticated 2019 2018- ibm -- control_desk user to replace a target page with a -06- 4.0 2028 phishing site which could allow the 05 XF attacker to obtain highly sensitive CON C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
information. IBM X-Force ID: FIR 155554. M
CVE- IBM Maximo Asset Management 2019- 7.6 Work Centers' application does 2019 4056 not validate file type upon upload, ibm -- control_desk -06- 4.0 XF allowing attackers to upload 05 CON malicious files. IBM X-Force ID: FIR 156565. M
CVE- IBM InfoSphere Information Server 2019- ibm -- 11.7.1 containers are vulnerable to 2019 4185 infosphere_informati privilege escalation due to an -06- 5.4 XF on_server insecurely configured component. 05 CON IBM X-Force ID: 158975. FIR M
CVE- 2019- IceWarp Mail Server through 10.4.4 1259 is prone to a local file inclusion 2019 icewarp -- 3 vulnerability via -06- 5.0 mail_server MIS webmail/calendar/minimizer/index.p 03 C hp?style=..%5c directory traversal. MIS C
ikiwiki before 3.20170111.1 and CVE- 3.2018x and 3.2019x before 2019 2019- 3.20190226 allows SSRF via the ikiwiki -- ikiwiki -06- 5.0 9187 aggregate plugin. The impact also 05 MIS includes reading local files via file: C URIs. C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
CVE- 2019- 1224 2019 3 Istio 1.1.x through 1.1.6 has istio -- istio -06- 5.4 MIS Incorrect Access Control. 05 C CON FIR M
CVE- Improper access control and open 2019- directories in Ivanti LANDESK 1237 ivanti -- Management Suite (LDMS, aka 2019 3 landesk_management Endpoint Manager) 10.0.1.168 -06- 5.0 MIS _suite Service Update 5 may lead to 03 C remote disclosure of administrator MIS passwords. C
A SQL Injection vulnerability exists in Ivanti LANDESK Management CVE- Suite (LDMS, aka Endpoint 2019- Manager) 10.0.1.168 Service Update 1237 ivanti -- 2019 5 due to improper username 4 landesk_management -06- 6.8 sanitization in the Basic MIS _suite 03 Authentication implementation in C core/provisioning.secure/Provisionin MIS gSecure.asmx in C Provisioning.Secure.dll.
An XML external entities (XXE) CVE- jenkins -- vulnerability in Jenkins Pipeline 2019 2019- pipeline_maven_inte Maven Integration Plugin 1.7.0 and -05- 5.5 1032 gration earlier allowed attackers able to 31 7 control a temporary directory's MLIS C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
content on the agent running the T Maven build to have Jenkins parse a BID maliciously crafted XML file that MIS uses external entities for extraction C of secrets from the Jenkins master, server-side request forgery, or denial-of-service attacks.
CVE- 2019- Jenkins Pipeline Remote Loader 1032 Plugin 1.4 and earlier provided a jenkins -- 2019 8 custom whitelist for script security pipeline_remote_load -05- 6.5 MLIS that allowed attackers to invoke er 31 T arbitrary methods, bypassing typical BID sandbox protection. MIS C
CVE- 2019- A cross-site request forgery 1032 jenkins -- vulnerability in Jenkins Warnings 2019 6 warnings_next_gener NG Plugin 5.0.0 and earlier allowed -05- 4.3 MLIS ation attackers to reset warning counts for 31 T future builds. BID MIS C
A cross-site request forgery CVE- vulnerability in Jenkins Artifactory 2019- Plugin 3.2.2 and earlier in 2019 1032 jfrog -- artifactory ArtifactoryBuilder.DescriptorImpl# -05- 4.3 1 doTestConnection allowed users 31 MLIS with Overall/Read access to connect T to an attacker-specified URL using BID C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
attacker-specified credentials IDs MIS obtained through another method, C capturing credentials stored in MIS Jenkins. C
A missing permission check in CVE- Jenkins Artifactory Plugin 3.2.2 and 2019- earlier in 1032 ArtifactoryBuilder.DescriptorImpl# 2 doTestConnection allowed users 2019 MLIS jfrog -- artifactory with Overall/Read access to connect -05- 4.0 T to an attacker-specified URL using 31 BID attacker-specified credentials IDs MIS obtained through another method, C capturing credentials stored in MIS Jenkins. C
CVE- 2019- A missing permission check in 1032 Jenkins Artifactory Plugin 3.2.3 and 3 earlier in various 2019 MLIS jfrog -- artifactory 'fillCredentialsIdItems' methods -05- 4.0 T allowed users with Overall/Read 31 BID access to enumerate credentials ID MIS of credentials stored in Jenkins. C MIS C
A cross-site request forgery CVE- vulnerability in Jenkins Artifactory 2019- 2019 Plugin 3.2.2 and earlier in 1032 jfrog -- artifactory -05- 4.3 ReleaseAction#doSubmit, 4 31 GradleReleaseApiAction#doStaging MLIS , T C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
MavenReleaseApiAction#doStaging BID , and MIS UnifiedPromoteBuildAction#doSub C mit allowed attackers to schedule a release build, perform release staging for Gradle and Maven projects, and promote previously staged builds, respectively.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the way the product CVE- handles URIs within certain 2019 2019- malwarebytes -- schemes. The product does not warn -06- 6.8 6739 antimalware the user that a dangerous navigation 03 MIS is about to take place. Because C special characters in the URI are not sanitized, this could lead to the execution of arbitrary commands. An attacker can leverage this vulnerability to execute code in the context of the current user at medium integrity. Was ZDI-CAN- 7162.
An issue was discovered in CVE- MantisBT through 1.3.14, and 2.0.0. 2019 2018- mantisbt -- mantisbt Using a crafted request on -06- 4.0 9839 bug_report_page.php (modifying the 06 CON 'm_id' parameter), any user with FIR C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
REPORTER access or above is able M to view any private issue's details MIS (summary, description, steps to C reproduce, additional information) when cloning it. By checking the 'Copy issue notes' and 'Copy attachments' checkboxes and completing the clone operation, this data also becomes public (except private notes).
Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, CVE- 88SS1092, 88SS1095, 88SS9174, 2019- 88SS9175, 88SS9187, 88SS9188, 2019 1063 marvell -- 88SS9189, 88SS9190, 88SS1085, -06- 4.9 6 88ss1074_firmware 88SS1087, 88SS1090, 88SS1100, 04 CON 88SS1084, 88SS1088, & 88SS1098) FIR devices allow reprogramming flash M memory to bypass the secure boot protection mechanism.
CVE- 2019- 3578 2019 MyBB 1.8.19 has XSS in the MIS mybb -- mybb -06- 4.3 resetpassword function. C 06 CON FIR M
MyBB 1.8.19 allows remote CVE- 2019 attackers to obtain sensitive 2019- mybb -- mybb -06- 5.0 information because it discloses the 3579 06 username upon receiving a MIS C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
password-reset request that lacks the C code parameter. CON FIR M
NVIDIA Vibrante Linux version CVE- 1.1, 2.0, and 2.2 contains a 2019 2017- nvidia -- vulnerability in the user space driver -06- 4.6 6261 vibrante_linux in which protection mechanisms are 05 MIS insufficient, may lead to denial of C service or information disclosure.
An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a CVE- customer user can use the search 2019 2019- otrs -- otrs result screens to disclose -06- 4.0 9753 information from invalid system 03 MIS entities. Following is the list of C affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items.
A deserialization vulnerability exists in the way parso through 0.4.0 CVE- handles grammar parsing from the 2019- cache. Cache loading relies on 2019 1276 parso_project -- parso pickle and, provided that an evil -06- 6.0 0 pickle can be written to a cache 06 MIS grammar file and that its parsing can C be triggered, this flaw leads to Arbitrary Code Execution. C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
CVE- 2018- 1946 admin\db\DoSql.php in EmpireCMS 2 through 7.5 allows remote attackers MIS to execute arbitrary PHP code via 2019 C phome -- empirecms SQL injection that uses a .php -06- 6.5 MIS filename in a SELECT INTO 07 C OUTFILE statement to MIS admin/admin.php. C MIS C
An issue was discovered in phpMyAdmin before 4.9.0. A CVE- vulnerability was found that allows 2019- an attacker to trigger a CSRF attack 1261 against a phpMyAdmin user. The 6 attacker can trick the user, for 2019 phpmyadmin -- BID instance through a broken tag -06- 4.3 phpmyadmin MIS pointing at the victim's 05 C phpMyAdmin database, and the CON attacker can potentially deliver a FIR payload (such as a specific INSERT M or DELETE statement) to the victim.
Telerik Fiddler v5.0.20182.28034 CVE- doesn't verify the hash of 2019- EnableLoopback.exe before running 2019 1209 progress -- fiddler it, which could lead to code -06- 6.8 7 execution or local privilege 03 MIS escalation by replacing the original C EnableLoopback.exe. C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 CVE- before 8.2R12.1, 8.3 before 8.3R7.1, 2019- and 9.0 before 9.0R3.4 and Pulse 1150 Policy Secure (PPS) before 2019 9 pulsesecure -- 5.1R15.1, 5.2 before 5.2R12.1, 5.3 -06- 6.5 MIS pulse_connect_secure before 5.3R15.1, 5.4 before 5.4R7.1, 03 C and 9.0 before 9.0R3.2, an CON authenticated attacker (via the admin FIR web interface) can exploit Incorrect M Access Control to execute arbitrary code on the appliance.
The "action" get_sess_id in the web application of Pydio through 8.2.2 CVE- discloses the session cookie value in 2019- the response body, enabling scripts 2019 1004 pydio -- pydio to get access to its value. This -05- 6.4 5 identifier can be reused by an 31 MIS attacker to impersonate a user and C perform actions on behalf of him/her (if the session is still active).
CVE- An unauthenticated attacker can 2019- obtain information about the Pydio 2019 1004 pydio -- pydio 8.2.2 configuration including -05- 5.0 6 session timeout, libraries, and 31 MIS license information. C
It is possible for an attacker with CVE- regular user access to the web 2019 2019- pydio -- pydio application of Pydio through 8.2.2 to -05- 4.9 1004 trick an administrator user into 31 9 opening a link shared through the C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
application, that in turn opens a MIS shared file that contains JavaScript C code (that is executed in the context of the victim user to obtain sensitive information such as session identifiers and perform actions on behalf of him/her).
A code injection issue was discovered in PyXDG before 0.26 CVE- via crafted Python code in a 2019- Category element of a Menu XML 1276 document in a .menu file. 2019 1 python -- pyxdg XDG_CONFIG_DIRS must be set -06- 5.1 MIS up to trigger xdg.Menu.parse 06 C parsing within the directory MIS containing this file. This is due to a C lack of sanitization in xdg/Menu.py before an eval call.
An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. CVE- An attacker could cause new 2019- 2019 amphorae to run based on any 3895 redhat -- openstack -06- 6.8 arbitrary image. This meant that a CON 03 remote attacker could upload a new FIR amphorae image and, if requested to M spawn new amphorae, Octavia would then pick up the compromised image. C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
rkt through version 1.30.0 does not CVE- isolate processes in containers that 2019- are run with `rkt enter`. Processes 1014 run with `rkt enter` are given all 2019 4 redhat -- rkt capabilities during stage 2 (the -06- 6.9 CON actual environment in which the 03 FIR applications run). Compromised M containers could exploit this flaw to MIS access host resources. C
rkt through version 1.30.0 does not CVE- isolate processes in containers that 2019- are run with `rkt enter`. Processes 1014 run with `rkt enter` do not have 2019 5 redhat -- rkt seccomp filtering during stage 2 (the -06- 6.9 CON actual environment in which the 03 FIR applications run). Compromised M containers could exploit this flaw to MIS access host resources. C
rkt through version 1.30.0 does not CVE- isolate processes in containers that 2019- are run with `rkt enter`. Processes 1014 run with `rkt enter` are not limited 2019 7 redhat -- rkt by cgroups during stage 2 (the actual -06- 6.9 CON environment in which the 03 FIR applications run). Compromised M containers could exploit this flaw to MIS access host resources. C
The WebApp v04.68 in the CVE- supervisor on SAET Impianti 2019 2019- saet -- webapp Speciali TEBE Small 05.01 build -05- 5.0 9105 1137 devices allows remote 31 MIS attackers to make several types of C C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
API calls without authentication, as MIS demonstrated by retrieving C password hashes via an inc/utils/REST_API.php?command= CallAPI&customurl=alladminusers call.
CVE- 2019- Deserialization of Untrusted Data in 9875 the anti CSRF module in Sitecore 2019 MIS through 9.1 allows an authenticated sitecore -- cms -05- 6.5 C attacker to execute arbitrary code by 31 MIS sending a serialized .NET object in C an HTTP POST parameter. MIS C
CVE- 2019- 1000 9 MIS A Directory Traversal issue was C discovered in the Web GUI in Titan FUL FTP Server 2019 Build 3505. When LDIS an authenticated user attempts to 2019 southrivertech -- C preview an uploaded file (through -06- 4.0 titan_ftp_server CON PreviewHandler.ashx) by using a 03 FIR \..\..\ technique, arbitrary files can be M loaded in the server response outside MIS the root directory. C EXP LOIT -DB EXP C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
LOIT -DB
CVE- In SweetScape 010 Editor 9.0.1, 2019- improper validation of arguments in 1255 the internal implementation of the 2019 4 sweetscape -- WSubStr function (provided by the -06- 5.0 MIS 010_editor scripting engine) allows an attacker 05 C to cause a denial of service by CON crashing the application. FIR M
CVE- In SweetScape 010 Editor 9.0.1, 2019- improper validation of arguments in 1255 the internal implementation of the 2019 5 sweetscape -- SubStr function (provided by the -06- 5.0 MIS 010_editor scripting engine) allows an attacker 05 C to cause a denial of service by CON crashing the application. FIR M
An improper authorization check in CVE- the User API in TheHive before 2017- 2.13.4 and 3.x before 3.3.1 allows 1837 2019 thehive-project -- users with read-only or read/write 6 -06- 6.5 thehive access to escalate their privileges to MIS 02 the administrator's privileges. This C affects MIS app/controllers/UserCtrl.scala. C C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
CVE- An issue was discovered in Tiny C 2019- Compiler (aka TinyCC or TCC) 1249 0.9.27. Compiling a crafted source 2019 5 file leads to a one-byte out-of- tinycc -- tinycc -05- 4.3 BID bounds write in the gsym_addr 31 MIS function in x86_64-gen.c. This C occurs because tccasm.c mishandles MIS section switches. C
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially CVE- crafted arguments from a specially 2019 2019- crafted directory to cause a heap tuxera -- ntfs-3g -06- 4.4 9755 buffer overflow, resulting in a crash 05 MIS or the ability to execute arbitrary C code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.
CVE- VFront 0.99.5 has stored XSS via 2019- the admin/sync_reg_tab.php azzera 2019 9838 vfront -- vfront parameter, which is mishandled -06- 4.3 MIS during admin/error_log.php 03 C rendering. MIS C
CVE- VFront 0.99.5 has Reflected XSS 2019 2019- vfront -- vfront via the admin/menu_registri.php -06- 4.3 9839 descrizione_g parameter or the 03 MIS C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
admin/sync_reg_tab.php azzera C parameter. MIS C
vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 CVE- and probably prior versions. This 2019 2018- vtiger -- vtiger_crm vulnerability could allow remote -06- 4.3 8047 unauthenticated attackers to inject 06 MIS arbitrary web script or HTML via C index.php?module=Contacts&view= List (app parameter).
Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile CVE- (default 2019- $HOME/.config/Yubico/u2f_keys) 1220 as root (unless openasuser was 9 enabled), and does not properly MLIS 2019 verify that the path lacks symlinks T yubico -- pam-u2f -06- 5.0 pointing to other files on the system CON 04 owned by root. If the debug option FIR is enabled in the PAM M configuration, part of the file CON contents of a symlink target will be FIR logged, possibly revealing sensitive M information.
In Yubico pam-u2f 1.0.7, when CVE- configured with debug and a custom 2019- 2019 debug log file is set using 1221 yubico -- pam-u2f -06- 5.5 debug_file, that file descriptor is not 0 04 closed when a new process is MLIS spawned. This leads to the file T C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
descriptor being inherited into the CON child process; the child process can FIR then read from and write to it. This M can leak sensitive information and CON also, if written to, be used to fill the FIR disk or plant misinformation. M
CVE- 2019- An issue was discovered in Zoho 1253 zohocorp -- 2019 ManageEngine ServiceDesk Plus 8 manageengine_servic -06- 4.3 9.3. There is XSS via the MIS edesk_plus 05 SiteLookup.do search field. C MIS C
CVE- 2019- An issue was discovered in Zoho 1254 zohocorp -- ManageEngine ServiceDesk Plus 2019 1 manageengine_servic 9.3. There is XSS via the -06- 4.3 MIS edesk_plus SolutionSearch.do searchText 05 C parameter. MIS C
CVE- 2019- An issue was discovered in Zoho 1254 zohocorp -- ManageEngine ServiceDesk Plus 2019 2 manageengine_servic 9.3. There is XSS via the -06- 4.3 MIS edesk_plus SearchN.do userConfigID 05 C parameter. MIS C C Sour VS Publ ce & Primary S Description ishe Patc Vendor -- Product Sc d h or Info e
CVE- 2019- An issue was discovered in Zoho 1254 zohocorp -- ManageEngine ServiceDesk Plus 2019 3 manageengine_servic 9.3. There is XSS via the -06- 4.3 MIS edesk_plus PurchaseRequest.do 05 C serviceRequestId parameter. MIS C
Low Vulnerabilities
CV Source Primary Publis SS Description & Patch Vendor -- Product hed Sco Info re
PHP Scripts Mall Chartered Accountant : Auditor CVE- chartered_accountant_:_auditor_we Website 2.0.1 2019- bsite_project -- 2019- has Stored 3.5 7553 chartered_accountant_:_auditor_we 06-06 XSS in the MISC bsite Profile Update MISC page via the My Name field.
A vulnerability CVE- in Cisco 2019- cisco -- industrial_network_director 3.5 2019- Industrial 06-05 1882 Network CV Source Primary Publis SS Description & Patch Vendor -- Product hed Sco Info re
Director could BID allow an CISCO authenticated, remote attacker to conduct stored cross- site scripting (XSS) attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by sending requests containing malicious values to the affected system. A successful exploit could allow the attacker to conduct XSS attacks.
CMS Made CVE- cmsmadesimple -- Simple 2.2.10 2019- 2019- 3.5 cms_made_simple has XSS via 06-05 11226 the m1_name MISC CV Source Primary Publis SS Description & Patch Vendor -- Product hed Sco Info re
parameter in FULLDI "Add Article" SC under Content MISC -> Content Manager -> News.
IBM InfoSphere Information Server 11.7.1.0 stores a CVE- common hard 2019- ibm -- coded 2019- 4220 infosphere_information_server_on_ 2.1 encryption key 06-05 XF cloud that could be CONFI used to decrypt RM sensitive information. IBM X-Force ID: 159229.
An issue was discovered in PHP Scripts Mall Investment MLM Software CVE- 2.0.2. Stored 2019- investment_mlm_project -- 2019- XSS was found 3.5 7552 investment_mlm 06-06 in the the My MISC Profile Section. MISC This is due to lack of sanitization in the Edit Name section. CV Source Primary Publis SS Description & Patch Vendor -- Product hed Sco Info re
Use of a hard- coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint CVE- Manager) 2019- 2019- ivanti -- landesk_management_suite 10.0.1.168 3.5 06-03 12376 Service Update MISC 5 may lead to full managed endpoint compromise by an authenticated user with read privileges.
A cross-site scripting vulnerability in Jenkins Warnings NG CVE- Plugin 5.0.0 2019- and earlier jenkins -- 2019- 10325 allowed 3.5 warnings_next_generation 05-31 MLIST attacker with BID Job/Configure MISC permission to inject arbitrary JavaScript in build overview pages.
In Liferay 2019- CVE- liferay -- liferay_portal 2.6 Portal before 06-03 2019- CV Source Primary Publis SS Description & Patch Vendor -- Product hed Sco Info re
7.1 CE GA4, 6588 an XSS CONFI vulnerability RM exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call
Marvell SSD Controller (88SS1074, CVE- 88SS1079, 2019- 2019- marvell -- 88ss1074_firmware 88SS1080, 2.1 10637 06-05 88SS1093, CONFI 88SS1092, RM 88SS1095, 88SS9174, CV Source Primary Publis SS Description & Patch Vendor -- Product hed Sco Info re
88SS9175, 88SS9187, 88SS9188, 88SS9189, 88SS9190, 88SS1085, 88SS1087, 88SS1090, 88SS1100, 88SS1084, 88SS1088, & 88SS1098) devices are vulnerable in manipulating a combination of IO pins to bypass the secure boot protection mechanism.
admin\db\DoS ql.php in CVE- EmpireCMS 2018- through 7.5 2019- 19461 phome -- empirecms allows XSS via 3.5 06-07 MISC crafted SQL MISC syntax to MISC admin/admin.p hp.
CVE- Prima Systems 2019- FlexAir 2019- 7671 primasystems -- flexair devices allow 3.5 06-05 MISC Authenticated MISC Stored XSS. MISC CV Source Primary Publis SS Description & Patch Vendor -- Product hed Sco Info re
A stored XSS vulnerability exists in the web application of Pydio through 8.2.2 that can be exploited by levering the file upload and file preview features of the application. An authenticated attacker can upload an HTML file containing CVE- JavaScript 2019- 2019- pydio -- pydio code and 3.5 05-31 10047 afterwards a MISC file preview URL can be used to access the uploaded file. If a malicious user shares an uploaded HTML file containing JavaScript code with another user of the application, and tricks an authenticated victim into accessing a CV Source Primary Publis SS Description & Patch Vendor -- Product hed Sco Info re
URL that results in the HTML code being interpreted by the web browser, then the included JavaScript code is executed under the context of the victim user session.
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_su br.c) in QEMU CVE- 3.0.0 uses 2019- 2019- qemu -- qemu 2.1 uninitialized 06-03 9824 data in an MISC snprintf call, leading to Information disclosure.
In Vijeo Citect 7.30 and 7.40, CVE- and 2019- CitectSCADA 10981 7.30 and 7.40, 2019- schneider-electric -- citectscada 2.1 BID a vulnerability 05-31 MISC has been CONFI identified that RM may allow an authenticated CV Source Primary Publis SS Description & Patch Vendor -- Product hed Sco Info re
local user access to Citect user credentials.
The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class- CVE- wp-statistics- 2019- pages.php. 2019- 12566 veronalabs -- wp_statistics 3.5 This is related 06-02 MISC to an account MISC with the Editor MISC role creating a post with a title that contains JavaScript, to attack an admin user.
Severity Not Yet Assigned So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
Anviz Global M3 Outdoor RFID Access C Control executes any command received V no from any source. No E- t authentication/encryption is done. 20 20 ye anviz -- Attackers can fully interact with the 19 19 t m3_outdoor_rfid_acc device: for example, send the "open door" - - ca ess_control command, download the users list (which 06 11 lc includes RFID codes and passcodes in - 52 ul cleartext), or update/create users. The same 06 3 at attack can be executed on a local network M ed and over the internet (if the device is IS exposed on a public IP address). C
C V E- no 20 t 19 20 ye - 19 Stored XSS was discovered in AUO Solar t 11 au_optronics -- - Data Recorder before 1.3.0 via the ca 36 data_recorder 06 protect/config.htm addr parameter. lc 8 - ul M 03 at IS ed C M IS C
An issue was discovered in AUO Solar 20 no C au_optronics -- Data Recorder before 1.3.0. The web portal 19 t V data_recorder uses HTTP Basic Authentication and - ye E-
provides the account and password in the 06 t 20 So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
WWW-Authenticate attribute. By using - ca 19 this account and password, anyone can 03 lc - login successfully. ul 11 at 36 ed 7 M IS C M IS C M IS C
C V E- no 20 t 19 An issue was discovered in Carel pCOWeb 20 ye - prior to B1.2.4. In 19 t 11 carel_industries -- /config/pw_changeusers.html the device - ca 36 pcoweb stores cleartext passwords, which may 06 lc 9 allow sensitive information to be read by - ul M someone with access to the device. 03 at IS ed C M IS C carel_industries -- Stored XSS was discovered in Carel 20 no C pcoweb pCOWeb prior to B1.2.4, as demonstrated 19 t V So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
by the config/pw_snmp.html "System - ye E- contact" field. 06 t 20 - ca 19 03 lc - ul 11 at 37 ed 0 M IS C M IS C
C V E- 20 19 no - t 12 20 ye 73 chartkick_gem_for_r 19 t 2 uby_on_rails -- The Chartkick gem through 3.1.0 for Ruby - ca C chartkick_gem_for_r allows XSS. 06 lc O uby_on_rails - ul N 06 at FI ed R M C O N FI So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
R M
C A vulnerability in the software update V feature of Cisco Industrial Network E- Director could allow an authenticated, no 20 remote attacker to execute arbitrary code. t 20 19 The vulnerability is due to improper ye cisco -- 19 - validation of files uploaded to the affected t industrial_network_d - 18 application. An attacker could exploit this ca irector 06 61 vulnerability by authenticating to the lc - BI affected system using administrator ul 05 D privileges and uploading an arbitrary file. at CI A successful exploit could allow the ed S attacker to execute arbitrary code with C elevated privileges. O
A vulnerability in the BIOS upgrade utility C of Cisco Unified Computing System (UCS) V C-Series Rack Servers could allow an E- authenticated, local attacker to install no 20 compromised BIOS firmware on an t 20 19 cisco -- affected device. The vulnerability is due to ye 19 - unified_computing_s insufficient validation of the firmware t - 18 ystem_c- image file. An attacker could exploit this ca 06 80 series_rack_servers vulnerability by executing the BIOS lc - BI upgrade utility with a specific set of ul 05 D options. A successful exploit could allow at CI the attacker to bypass the firmware ed S signature-verification process and install C compromised BIOS firmware on an O affected device. So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C V E- 20 no 19 t - 20 ye 95 19 citrix -- Citrix Application Delivery Management t 48 - application_delivery_ (ADM) 12.1.x before 12.1.50.33 has ca C 06 management Incorrect Access Control. lc O - ul N 05 at FI ed R M M IS C
C V E- no 20 t 19 20 ye - Citrix SD-WAN Center 10.2.x before 19 citrix -- sd- t 10 10.2.1 and NetScaler SD-WAN Center - wan_center_and_nets ca 88 10.0.x before 10.0.7 allow Command 06 caler_sd-wan_center lc 3 Injection. - ul C 03 at O ed N FI R M So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
M IS C M IS C M IS C
C V E- 20 An SQL injection vulnerability was found 18 no in Cloudera Data Science Workbench - t (CDSW) 1.4.0 through 1.4.2. This would 20 20 ye allow any authenticated user to run 19 09 cloudera -- t arbitrary queries against CDSW's internal - 1 data_science_workbe ca database. The database contains user 06 C nch lc contact information, encrypted CDSW - O ul passwords (in the case of local 07 N at authentication), API keys, and stored FI ed Kerberos keytabs. R M M IS C
In Cloudera Navigator Key Trustee KMS 20 no C cloudera -- 5.12 and 5.13, incorrect default ACL 19 t V navigator_key_truste values allow remote access to purge and - ye E- e_kms undelete API calls on encryption zone 06 t 20 So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
keys. The Navigator Key Trustee KMS - ca 18 includes 2 API calls in addition to those in 07 lc - Apache Hadoop KMS: purge and undelete. ul 61 The KMS ACL values for these commands at 85 are keytrustee.kms.acl.PURGE and ed M keytrustee.kms.acl.UNDELETE IS respectively. The default value for the C ACLs in Key Trustee KMS 5.12.0 and C 5.13.0 is "*" which allows anyone with O knowledge of the name of an encryption N zone key and network access to the Key FI Trustee KMS to make those calls against R known encryption zone keys. This can M result in the recovery of a previously deleted, but not purged, key (undelete) or the deletion of a key in active use (purge) resulting in loss of access to encrypted HDFS data.
C V E- no 20 t 20 19 libqb before 1.0.5 allows local users to ye 19 - overwrite arbitrary files via a symlink t clusterlabs -- libqb - 12 attack, because it uses predictable ca 06 77 filenames (under /dev/shm and /tmp) lc - 9 without O_EXCL. ul 07 M at IS ed C M IS So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C M IS C M IS C
C Dameware Remote Mini Control version no V 12.1.0.34 and prior contains a t E- 20 unauthenticated remote heap overflow due ye 20 dameware -- 19 to the server not properly validating t 19 dameware_remote_m - RsaPubKeyLen during key negotiation. An ca - ini_control 06 unauthenticated remote attacker can cause lc 39 - a heap buffer overflow by specifying a ul 55 07 large RsaPubKeyLen, which could cause a at M denial of service. ed IS C
C V Dell EMC OpenManage Server no E- Administrator (OMSA) versions prior to t 20 9.1.0.3 and prior to 9.2.0.4 contain a web 20 ye 19 parameter tampering vulnerability. A 19 dell_emc -- t - remote unauthenticated attacker could - openmanage_server_ ca 37 potentially manipulate parameters of web 06 administrator lc 23 requests to OMSA to create arbitrary files - ul BI with empty content or delete the contents 06 at D of any existing file, due to improper input ed C parameter validation O N So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
FI R M
C V E- Dell EMC OpenManage Server 20 no Administrator (OMSA) versions prior to 19 t 9.1.0.3 and prior to 9.2.0.4 contain an 20 - ye dell_emc -- XML external entity (XXE) injection 19 37 t openmanage_server_ vulnerability. A remote unauthenticated - 22 ca administrator attacker could potentially exploit this 06 BI lc vulnerability to read arbitrary server - D ul system files by supplying specially crafted 06 C at document type definitions (DTDs) in an O ed XML request. N FI R M
C In Hoteldruid before 2.3.1, a division by V no zero was discovered in $num_tabelle in E- t tab_tariffe.php (aka the numtariffa1 20 20 ye parameter) due to the mishandling of non- 19 19 digitaldruid.net -- t numeric values, as demonstrated by the - - hoteldruid ca /tab_tariffe.php?anno=[YEAR]&numtariff 06 90 lc a1=1a URI. It could allow an administrator - 84 ul to conduct remote denial of service 07 M at (disrupting certain business functions of IS ed the product). C M So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
IS C
C V A number of stored XSS vulnerabilities no E- have been identified in the web t 20 20 configuration feature in ENTTEC Datagate ye 19 19 Mk2 70044_update_05032019-482 that t enttec -- - - could allow an unauthenticated threat actor ca datagate_mk2 06 12 to inject malicious code directly into the lc - 77 application. This affects, for example, the ul 07 4 Profile Description field in JSON data to at M the Profile Editor. ed IS C
An issue was discovered on the ENTTEC C Datagate MK2, Storm 24, Pixelator, and E- V no Streamer MK2 with firmware E- t 70044_update_05032019-482. They 20 20 ye include a hard-coded SSH backdoor for 19 19 t enttec -- remote SSH and SCP access as the root - - ca multiple_products user. A command in the relocate and 06 12 lc relocate_revB scripts copies the hardcoded - 77 ul key to the root user's authorized_keys file, 07 6 at enabling anyone with the associated private M ed key to gain remote root access to all IS affected products. C
An issue was discovered on the ENTTEC 20 no C enttec -- Datagate MK2, Storm 24, Pixelator, and E- 19 t V multiple_products Streamer MK2 with firmware - ye E- So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
70044_update_05032019-482. They 06 t 20 replace secure and protected directory - ca 19 permissions (set as default by the 07 lc - underlying operating system) with highly ul 12 insecure read, write, and execute directory at 77 permissions for all users. By default, ed 7 /usr/local and all of its subdirectories M should have permissions set to only allow IS non-privileged users to read and execute C from the tree structure, and to deny users from creating or editing files in this location. The ENTTEC firmware startup script permits all users to read, write, and execute (rwxrwxrwx) from the /usr, /usr/local, /usr/local/dmxis, and /usr/local/bin/ directories.
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E- C Streamer MK2 with firmware V 70044_update_05032019-482. They allow no E- high-privileged root access by www-data t 20 20 via sudo without requiring appropriate ye 19 19 enttec -- access control. (Furthermore, the user t - - multiple_products account that controls the web application ca 06 12 service is granted full access to run any lc - 77 system commands with elevated privilege, ul 07 5 without the need for password at M authentication. Should vulnerabilities be ed IS identified and exploited within the web C application, it may be possible for a threat actor to create or run high-privileged So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
binaries or executables that are available within the operating system of the device.)
C V no E- t A command injection can occur for 20 20 ye specially crafted PDF files in Foxit Reader 19 18 t foxit_software -- SDK (ActiveX) Professional 5.4.0.1031 - - ca reader when using the Open File action on a Field. 06 19 lc An attacker can leverage this to gain - 45 ul remote code execution. 07 1 at M ed IS C
C A use after free in the TextBox field V no Mouse Enter action in E- t IReader_ContentProvider can occur for 20 20 ye specially crafted PDF files in Foxit Reader 19 18 t foxit_software -- SDK (ActiveX) Professional 5.4.0.1031. - - ca reader An attacker can leverage this to gain 06 19 lc remote code execution. Relative to CVE- - 45 ul 2018-19444, this has a different free 07 2 at location and requires different JavaScript M ed code for exploitation. IS C
Freenet 1483 has a MIME type bypass that 20 no C freenet -- freenet allows arbitrary JavaScript execution via a 19 t V
crafted Freenet URI. - ye E- So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
06 t 20 - ca 19 05 lc - ul 96 at 73 ed M IS C M IS C M IS C
C V E- 20 19 no - t Gallagher Command Centre before 20 12 ye 7.80.939, 7.90.x before 7.90.961, and 8.x 19 49 gallagher -- t before 8.00.1128 allows arbitrary event - 2 command_centre ca creation and information disclosure via the 06 C lc FT Command Centre Service and FT - O ul Controller Service services. 06 N at FI ed R M C O N So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
FI R M
C no V Gemalto Admin Control Center, all t E- 20 versions prior to 7.92, uses cleartext HTTP ye 20 19 to communicate with www3.safenet- t 19 gemalto -- - inc.com to obtain language packs. This ca - admin_control_center 06 allows attacker to do man-in-the-middle lc 82 - (MITM) attack and replace original ul 82 07 language pack by malicious one. at M ed IS C
C no V t E- 20 ye 20 Hasplm cookie in Gemalto Admin Control 19 t 19 gemalto -- Center, all versions prior to 7.92, does not - ca - admin_control_center have 'HttpOnly' flag. This allows malicious 06 lc 82 javascript to steal it. - ul 83 07 at M ed IS C
20 no C gemalto -- Gemalto DS3 Authentication Server 2.6.1- 19 t V ds3_authentication_s SP01 has Broken Access Control. - ye E- erver 06 t 20 So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
- ca 19 05 lc - ul 91 at 58 ed M IS C M IS C
C V E- no 20 t 20 19 ye 19 - gemalto -- t Gemalto DS3 Authentication Server 2.6.1- - 91 ds3_authentication_s ca SP01 allows Local File Disclosure. 06 57 erver lc - M ul 05 IS at C ed M IS C
no C 20 t V 19 gemalto -- ye E- Gemalto DS3 Authentication Server 2.6.1- - ds3_authentication_s t 20 SP01 allows OS Command Injection. 06 erver ca 19 - lc - 05 ul 91 So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
at 56 ed M IS C M IS C
C V E- In callGenIDChangeListeners and related no 20 functions of SkPixelRef.cpp, there is a t 20 19 possible use after free due to a race ye 19 - condition. This could lead to remote code t - 20 google -- android execution with no additional execution ca 06 95 privileges needed. User interaction is lc - C needed for exploitation. Product: Android. ul 07 O Versions: Android-9. Android ID: A- at N 124232283. ed FI R M
C In uvc_parse_standard_control of no V uvc_driver.c, there is a possible out-of- t 20 E- bound read due to improper input ye 19 20 validation. This could lead to local t - 19 google -- android information disclosure with no additional ca 06 - execution privileges needed. User lc - 21 interaction is not needed for exploitation. ul 07 01 Product: Android. Versions: Android at C kernel. Android ID: A-111760968. ed O So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
N FI R M
C V In parseMPEGCCData of E- NuPlayerCCDecoder.cpp, there is a no 20 possible out of bounds write due to missing t 20 19 bounds checks. This could lead to remote ye 19 - code execution with no additional t - 20 google -- android execution privileges needed. User ca 06 94 interaction is needed for exploitation. lc - C Product: Android. Versions: Android-7.0 ul 07 O Android-7.1.1 Android-7.1.2 Android-8.0 at N Android-8.1 Android-9. Android ID: A- ed FI 129068792. R M
In the Bluetooth Low Energy (BLE) C specification, there is a provided example V no Long Term Key (LTK). If a BLE device E- t were to use this as a hardcoded LTK, it is 20 20 ye theoretically possible for a proximate 19 19 t attacker to remotely inject keystrokes on a - - google -- android ca paired Android host due to improperly 06 21 lc used crypto. User interaction is not needed - 02 ul for exploitation. Product: Android. 07 C at Versions: Android-7.0 Android-7.1.1 O ed Android-7.1.2 Android-8.0 Android-8.1 N Android-9. Android ID: A-128843052. FI So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
R M
C V In isSeparateProfileChallengeAllowed of E- DevicePolicyManagerService.java, there is no 20 a possible permissions bypass due to a t 20 19 missing permission check. This could lead ye 19 - to local escalation of privilege, with no t - 20 google -- android additional permissions required. User ca 06 92 interaction is not needed for exploitation. lc - C Product: Android. Versions: Android-7.0 ul 07 O Android-7.1.1 Android-7.1.2 Android-8.0 at N Android-8.1 Android-9. Android ID: A- ed FI 128599668. R M
C V In nfa_rw_store_ndef_rx_buf of E- no nfa_rw_act.cc, there is a possible out-of- 20 t bound write due to a missing bounds 20 19 ye check. This could lead to local escalation 19 - t of privilege with no additional execution - 20 google -- android ca privileges needed. User interaction is 06 99 lc needed for exploitation. Product: Android. - C ul Versions: Android-7.0 Android-7.1.1 07 O at Android-7.1.2 Android-8.0 Android-8.1 N ed Android-9. Android ID: A-123583388. FI R M So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C V In areNotificationsEnabledForPackage of E- NotificationManagerService.java, there is a no 20 possible permissions bypass due to a t 20 19 missing permissions check. This could lead ye 19 - to local escalation of privilege, with no t - 20 google -- android additional privileges needed. User ca 06 98 interaction is not needed for exploitation. lc - C Product: Android. Versions: Android-7.0 ul 07 O Android-7.1.1 Android-7.1.2 Android-8.0 at N Android-8.1 Android-9. Android ID: A- ed FI 128599467. R M
C V In HAliasAnalyzer.Query of hydrogen- E- alias-analysis.h, there is possible memory no 20 corruption due to type confusion. This t 20 19 could lead to remote code execution from a ye 19 - malicious proxy configuration, with no t - 20 google -- android additional execution privileges needed. ca 06 97 User interaction is not needed for lc - C exploitation. Product: Android. Versions: ul 07 O Android-7.0 Android-7.1.1 Android-7.1.2 at N Android-8.0 Android-8.1 Android-9. ed FI Android ID: A-117606285. R M
In 20 no C google -- android GetPermittedAccessibilityServicesForUser 19 t V of DevicePolicyManagerService.java, there - ye E- So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
is a possible permissions bypass due to a 06 t 20 missing permission check. This could lead - ca 19 to local escalation of privilege, with no 07 lc - additional permissions required. User ul 20 interaction is not needed for exploitation. at 91 Product: Android. Versions: Android-7.0 ed C Android-7.1.1 Android-7.1.2 Android-8.0 O Android-8.1. Android ID: A-128599660. N FI R M
C V E- no In huff_dec_1D of nlc_dec.cpp, there is a 20 t possible out of bounds write due to a 20 19 ye missing bounds check. This could lead to 19 - t remote code execution with no additional - 20 google -- android ca execution privileges needed. User 06 93 lc interaction is needed for exploitation. - C ul Product: Android. Versions: Android-9. 07 O at Android ID: A-119292397. N ed FI R M
In EffectRelease of EffectBundle.cpp, 20 no C there is a possible memory corruption due 19 t V google -- android to a double free. This could lead to local - ye E- escalation of privilege in the audio server 06 t 20 with no additional execution privileges - ca 19 needed. User interaction is not needed for 07 lc - So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
exploitation. Product: Android. Versions: ul 20 Android-7.0 Android-7.1.1 Android-7.1.2 at 96 Android-8.0 Android-8.1 Android-9. ed C Android ID: A-123237974. O N FI R M
C V In isPackageDeviceAdminOnAnyUser of E- PackageManagerService.java, there is a no 20 possible permissions bypass due to a t 20 19 missing permissions check. This could lead ye 19 - to local escalation of privilege, with no t google -- android - 20 additional permissions required. User ca 06 90 interaction is not needed for exploitation. lc - C Product: Android. Versions: Android-7.0 ul 07 O Android-7.1.1 Android-7.1.2 Android-8.0 at N Android-8.1 Android-9. Android ID: A- ed FI 128599183 R M
XSS exists in the HAPI FHIR testpage no C overlay module of the HAPI FHIR library t V 20 before 3.8.0. The attack involves ye E- 19 unsanitized HTTP parameters being output t 20 - hapi_fhir -- hapi_fhir in a form page, allowing attackers to leak ca 19 06 cookies and other sensitive information lc - - from ca/uhn/fhir/to/BaseController.java via ul 12 05 a specially crafted URL. (This module is at 74 not generally used in production systems ed 1 So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
so the attack surface is expected to be low, M but affected systems are recommended to IS upgrade immediately.) C M IS C M IS C
C V E- no 20 t 19 HashiCorp Consul 1.4.0 through 1.5.0 has 20 ye - Incorrect Access Control. Keys not 19 t 12 matching a specific ACL rule used for - hashicorp -- consul ca 29 prefix matching in a policy can be deleted 06 lc 1 by a token using that policy even with - ul C default deny settings configured. 06 at O ed N FI R M hewlett_packard_ente no C 20 rprise -- t V The HPE Nonstop Maintenance Entity 19 integrated_maintenan ye E- family of products are vulnerable to local - ce_entity_and_maint t 20 disclosure of information, such as system 06 enance_entity_and_bl ca 19 layout and configuration. - ade_maintenance_ent lc - 05 ity ul 53 So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
at 94 ed C O N FI R M
C V E- no 20 t 19 20 ye - hewlett_packard_ente A security vulnerability in HPE Smart 19 t 11 rprise -- Update Manager (SUM) prior to v8.4 could - ca 98 smart_update_manag allow local unauthorized elevation of 06 lc 7 er privilege. - ul C 05 at O ed N FI R M
no C t V 20 ye E- hewlett_packard_ente A Remote Unauthorized Access 19 t 20 rprise -- vulnerability was identified in HPE Smart - ca 19 smart_update_manag Update Manager (SUM) earlier than 06 lc - er version 8.3.5. - ul 11 05 at 98 ed 8 So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C O N FI R M
C V E- Multi modules of MailSherlock MSR35 no 20 and MSR45 lead to a CSRF vulnerability. t 20 19 It allows attacker to add malicious email ye 19 - hgiga -- sources into whitelist via t - 98 oaklouds_mailsherloc user/save_list.php?ACSION=&type=email ca 06 82 k &category=white&locate=big5&cmd=add lc - M [email protected]&ne ul 03 IS w_memo=&add=%E6%96%B0%E5%A2 at C %9E without any authorizes. ed M IS C
C no V Multi modules of MailSherlock MSR35 t E- and MSR45 lead to a CSRF vulnerability. 20 ye 20 It allows attacker to elevate privilege of 19 hgiga -- t 19 specific account via - oaklouds_mailsherloc ca - useradmin/cf_new.cgi?chief=&wk_group= 06 k lc 98 full&cf_name=test&cf_account=test&cf_e - ul 83 mail=&cf_acl=Management&apply_lang= 03 at M &dn= without any authorizes. ed IS C So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
M IS C
C V E- 20 19 no - t Privilege escalation due to insecure 20 12 ye directory permissions affecting 19 17 htc_corporation -- t ViveportDesktopService in HTC - 7 viveport ca VIVEPORT before 1.0.0.36 allows local 06 M lc attackers to escalate privileges via DLL - IS ul hijacking. 03 C at M ed IS C M IS C
C no V t Privilege escalation in the "HTC Account 20 E- ye Service" and "ViveportDesktopService" in 19 20 htc_corporation -- t HTC VIVEPORT before 1.0.0.36 allows - 19 viveport ca local attackers to escalate privileges to 06 - lc SYSTEM via reconfiguration of either - 12 ul service. 03 17 at 6 ed M So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
IS C M IS C
C V E- no There is an improper authentication 20 t vulnerability in some Huawei AP products 20 19 ye before version V200R009C00SPC800. 19 - huawei -- t Due to the improper implementation of - 52 ap_products ca authentication for the serial port, an 06 98 lc attacker could exploit this vulnerability by - C ul connecting to the affected products and 04 O at running a series of commands. N ed FI R M
C V no The image processing module of some E- t Huawei Mate 10 smartphones versions 20 20 ye before ALP-L29 9.0.0.159(C185) has a 19 19 huawei -- t memory double free vulnerability. An - - mate_10_smartphone ca attacker tricks a user into installing a 06 53 s lc malicious application, and the application - 05 ul can call special API, which could trigger 06 C at double free and cause a system crash. O ed N FI So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
R M
C V There is a Factory Reset Protection (FRP) E- bypass security vulnerability in P20 no 20 Huawei smart phones versions before t 20 19 Emily-AL00A ye 19 - 9.0.0.167(C00E81R1P21T8). When re- t huawei -- - 53 configuring the mobile phone using the ca p20_smartphones 06 06 FRP function, an attacker can delete the lc - C activation lock after a series of operations. ul 04 O As a result, the FRP function is bypassed at N and the attacker gains access to the ed FI smartphone. R M
C V E- Emily-L29C Huawei phones versions no 20 earlier than 9.0.0.159 (C185E2R1P12T8) t 20 19 have a Factory Reset Protection (FRP) ye 19 - bypass security vulnerability. Before the t huawei -- emily- - 52 FRP account is verified and activated ca l29c_smartphones 06 97 during the reset process, the attacker can lc - C perform some special operations to bypass ul 04 O the FRP function and obtain the right to at N use the mobile phone. ed FI R M So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C V Huawei Honor V10 smartphones versions E- earlier than Berkeley-AL20 no 20 9.0.0.125(C00E125R2P14T8) have an t 20 19 authorization bypass vulnerability. Due to ye huawei -- 19 - improper authorization implementation t honor_v10_smartpho - 52 logic, attackers can bypass certain ca nes 06 95 authorization scopes of smart phones by lc - C performing specific operations. This ul 06 O vulnerability can be exploited to perform at N operations beyond the scope of ed FI authorization. R M
C V There is a DoS vulnerability in RTSP E- no module of Leland-AL00A Huawei smart 20 t phones versions earlier than Leland- 20 19 ye AL00A 9.1.0.111(C00E111R2P10T8). 19 - huawei -- t Remote attackers could trick the user into - 52 leland_al00a_smartp ca opening a malformed RTSP media stream 06 84 hones lc to exploit this vulnerability. Successful - C ul exploit could cause the affected phone 04 O at abnormal, leading to a DoS condition. N ed (Vulnerability ID: HWPSIRT-2019-02004) FI R M
There is a double free vulnerability on 20 no C huawei -- certain drivers of Huawei Mate10 19 t V mate10_smartphones smartphones versions earlier than ALP- - ye E- So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
AL00B 9.0.0.181(C00E87R2P20T8). An 06 t 20 attacker tricks the user into installing a - ca 19 malicious application, which makes 06 lc - multiple processes operate the same ul 52 resource at the same time. Successful at 19 exploit could cause a denial of service ed C condition. O N FI R M
C V E- There is a use after free vulnerability on no 20 certain driver component in Huawei t 20 19 Mate10 smartphones versions earlier than ye 19 - huawei -- ALP-AL00B 9.0.0.167(C00E85R2P20T8). t - 52 mate10_smartphones An attacker tricks the user into installing a ca 06 14 malicious application, which make the lc - C software to reference memory after it has ul 06 O been freed. Successful exploit could cause at N a denial of service condition. ed FI R M
Mate20 Huawei smartphones versions 20 no C earlier than HMA-AL00C00B175 have an 19 t V huawei -- out-of-bounds read vulnerability. An - ye E- mate20_smartphones attacker with a high permission runs some 06 t 20 specific commands on the smartphone. - ca 19 Due to insufficient input verification, 04 lc - So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
successful exploit may cause out-of- ul 52 bounds read of the memory and the system at 96 abnormal. ed C O N FI R M
C V There is Factory Reset Protection (FRP) E- no bypass security vulnerability in P20 20 t Huawei smart phones versions earlier than 20 19 ye Emily-AL00A 9.0.0.167 19 - t huawei -- (C00E81R1P21T8). When re-configuring - 52 ca p20_smartphones the mobile phone using the factory reset 06 83 lc protection (FRP) function, an attacker can - C ul login the Talkback mode and can perform 04 O at some operations to access the setting page. N ed As a result, the FRP function is bypassed. FI R M
There is a man-in-the-middle (MITM) no C vulnerability on Huawei P30 smartphones t V 20 versions before ELE-AL00 ye E- 19 9.1.0.162(C01E160R1P12/C01E160R2P1), t 20 huawei -- - and P30 Pro versions before VOG-AL00 ca 19 p30_smartphones 06 9.1.0.162 lc - - (C01E160R1P12/C01E160R2P1). When ul 52 04 users establish connection and transfer data at 15 through Huawei Share, an attacker could ed C So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
sniff, spoof and do a series of operations to O intrude the Huawei Share connection and N launch a man-in-the-middle attack to FI obtain and tamper the data. (Vulnerability R ID: HWPSIRT-2019-03109) M
Some Huawei 4G LTE devices, P30 versions before ELE-AL00 C 9.1.0.162(C01E160R1P12/C01E160R2P1) V and P30 Pro versions before VOG-AL00 E- 9.1.0.162(C01E160R1P12/C01E160R2P1), no 20 are exposed to a message replay t 20 19 vulnerability. For the sake of better ye 19 - huawei -- compatibility, these devices implement a t - 53 p30_and_p30_pro_4g less strict check on the NAS message ca 06 07 _lte_devices sequence number (SN), specifically NAS lc - C COUNT. As a result, an attacker can ul 04 O construct a rogue base station and replay at N the GUTI reallocation command message ed FI in certain conditions to tamper with R GUTIs, or replay the Identity request M message to obtain IMSIs. (Vulnerability ID: HWPSIRT-2019-04107)
no C There is a privilege escalation vulnerability t V in Huawei PCManager versions earlier 20 ye E- than PCManager 9.0.1.50. The attacker can 19 t 20 tricking a user to install and run a - huawei -- pcmanager ca 19 malicious application to exploit this 06 lc - vulnerability. Successful exploitation may - ul 52 cause the attacker to obtain a higher 06 at 41 privilege. ed C So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
O N FI R M
C V E- no There is a code execution vulnerability in 20 t Huawei PCManager versions earlier than 20 19 ye PCManager 9.0.1.50. The attacker can 19 - t tricking a user to install and run a - 52 huawei -- pcmanager ca malicious application to exploit this 06 42 lc vulnerability. Successful exploitation may - C ul cause the attacker to execute malicious 06 O at code and read/write memory. N ed FI R M
C V no There is an information leak vulnerability E- t in some Huawei phones, versions earlier 20 20 ye than Jackman-L21 8.2.0.155(C185R1P2). 19 19 huawei -- t When a local attacker uses the camera of a - - y9_2019_smartphone ca smartphone, the attacker can exploit this 06 52 s lc vulnerability to obtain sensitive - 81 ul information by performing a series of 04 C at operations. O ed N FI So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
R M
There is a race condition vulnerability on C Huawei Honor V10 smartphones versions V earlier than Berkeley-AL20 E- 9.0.0.156(C00E156R2P14T8), Honor 10 no 20 smartphones versions earlier than t 20 19 Columbia-AL10B ye 19 - huawei -- 9.0.0.156(C00E156R1P20T8) and Honor t - 52 honor_v10_smartpho Play smartphones versions earlier than ca 06 16 nes Cornell-AL00A lc - C 9.0.0.156(C00E156R1P13T8). An attacker ul 06 O tricks the user into installing a malicious at N application, which makes multiple ed FI processes to operate the same variate at the R same time. Successful exploit could cause M execution of malicious code.
C V E- Mate 9 Pro Huawei smartphones earlier no 20 than LON-L29C 8.0.0.361(C636) versions t 20 19 have an information leak vulnerability due ye 19 - huawei -- to the lack of input validation. An attacker t - 52 mate_9_pro_smartph tricks the user who has root privilege to ca 06 44 ones install an application on the smart phone, lc - C and the application can read some process ul 04 O information, which may cause sensitive at N information leak. ed FI R M So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C V E- no There is an information disclosure 20 t vulnerability on Mate 9 Pro Huawei 20 19 ye smartphones versions earlier than LON- 19 - huawei -- t AL00B9.0.1.150 (C00E61R1P8T8). An - 52 mate_9_pro_smartph ca attacker could view the photos after a 06 17 ones lc series of operations without unlocking the - C ul screen lock. Successful exploit could cause 04 O at an information disclosure condition. N ed FI R M
C V E- 20 no 19 t IBM InfoSphere Information Server 11.5 20 - ye ibm -- and 11.7 is affected by an information 19 42 t infosphere_informati disclosure vulnerability. Sensitive - 57 ca on_server information in an error message may be 06 X lc used to conduct further attacks against the - F ul system. IBM X-Force ID: 159945. 06 C at O ed N FI R M So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C V E- 20 no IBM Intelligent Operations Center (IOC) 19 t 5.1.0 through 5.2.0 is vulnerable to cross- 20 - ye site scripting. This vulnerability allows 19 40 ibm -- t users to embed arbitrary JavaScript code in - 70 intelligent_operations ca the Web UI thus altering the intended 06 X _center lc functionality potentially leading to - F ul credentials disclosure within a trusted 07 C at session. IBM X-Force ID: 157015. O ed N FI R M
C V E- 20 no 19 t 20 - IBM Intelligent Operations Center (IOC) ye 19 40 ibm -- 5.1.0 through 5.2.0 does not properly t - 69 intelligent_operations validate file types, allowing an attacker to ca 06 X _center upload malicious content. IBM X-Force lc - F ID: 157014. ul 07 C at O ed N FI R M So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C V E- 20 no 19 t 20 - IBM Intelligent Operations Center (IOC) ye 19 40 ibm -- 5.1.0 through 5.2.0 is vulnerable to user t - 68 intelligent_operations enumeration, allowing an attacker to brute ca 06 X _center force into the system. IBM X-Force ID: lc - F 157013. ul 07 C at O ed N FI R M
C V E- 20 no 19 t IBM Intelligent Operations Center (IOC) 20 - ye 5.1.0 through 5.2.0 does not require that 19 40 ibm -- t users should have strong passwords by - 67 intelligent_operations ca default, which makes it easier for attackers 06 X _center lc to compromise user accounts. IBM X- - F ul Force ID: 157012. 07 C at O ed N FI R M So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C V E- 20 no 19 t IBM Intelligent Operations Center (IOC) 20 - ye ibm -- 5.1.0 through 5.2.0 could allow an 19 40 t intelligent_operations authenciated user to create arbitrary users - 66 ca _center which could cause ID management issues 06 X lc and result in code execution. IBM X-Force - F ul ID: 157011. 07 C at O ed N FI R M
C V IBM Jazz for Service Management 1.1.3, E- 1.1.3.1, and 1.1.3.2 could allow a remote 20 attacker to conduct phishing attacks, using no 19 an open redirect attack. By persuading a t 20 - victim to visit a specially-crafted Web site, ye ibm -- 19 42 a remote attacker could exploit this t jazz_for_serivce_ma - 01 vulnerability to spoof the URL displayed to ca nagement 06 X redirect a user to a malicious Web site that lc - F would appear to be trusted. This could ul 05 C allow the attacker to obtain highly sensitive at O information or conduct further attacks ed N against the victim. IBM X-Force ID: FI 159122. R M So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C V E- 20 no 19 t 20 - IBM Maximo Asset Management 7.6 could ye ibm -- 19 40 allow a physical user of the system to t maximo_asset_mana - 48 obtain sensitive information from a ca gement 06 X previous user of the same machine. IBM lc - F X-Force ID: 156311. ul 05 C at O ed N FI R M
C V E- 20 no IBM Security Information Queue (ISIQ) 19 t 1.0.0, 1.0.1, and 1.0.2 is missing the HTTP 20 - ye Strict Transport Security header. Users can 19 41 ibm -- t navigate by mistake to the unencrypted - 62 security_information ca version of the web application or accept 06 X _queue lc invalid certificates. This leads to sensitive - F ul data being sent unencrypted over the wire. 06 C at IBM X-Force ID: 158661. O ed N FI R M So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C V E- 20 no 19 t 20 - IBM Security Information Queue (ISIQ) ye 19 42 ibm -- 1.0.0, 1.0.1, and 1.0.2 allows web pages to t - 18 security_information be stored locally which can be read by ca 06 X _queue another user on the system. IBM X-Force lc - F ID: 159227. ul 06 C at O ed N FI R M
C V E- 20 no 19 t 20 - IBM Security Information Queue (ISIQ) ye 19 42 ibm -- 1.0.0, 1.0.1, and 1.0.2 generates an error t - 19 security_information message that includes sensitive information ca 06 X _queue that could be used in further attacks against lc - F the system. IBM X-Force ID: 159228. ul 06 C at O ed N FI R M So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C V E- 20 no 19 t IBM Security Information Queue (ISIQ) 20 - ye 1.0.0, 1.0.1, and 1.0.2 discloses sensitive 19 41 ibm -- t information to unauthorized users. The - 61 security_information ca information can be used to mount further 06 X _queue lc attacks on the system. IBM X-Force ID: - F ul 158660. 06 C at O ed N FI R M
C V E- 20 IBM Security Information Queue (ISIQ) no 19 1.0.0, 1.0.1, and 1.0.2 could allow a remote t 20 - attacker to hijack the clicking action of the ye 19 42 ibm -- victim. By persuading a victim to visit a t - 17 security_information malicious Web site, a remote attacker ca 06 X _queue could exploit this vulnerability to hijack lc - F the victim's click actions and possibly ul 06 C launch further attacks against the victim. at O IBM X-Force ID: 159226. ed N FI R M So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C V E- 20 19 - Due to unencrypted and unauthenticated 12 data communication, the wireless presenter no 50 Inateck WP1001 v1.3C is prone to t 20 5 keystroke injection attacks. Thus, an ye 19 M inateck -- attacker is able to send arbitrary keystrokes t - IS wp1001_wireless_pre to a victim's computer system, e.g., to ca 06 C senter install malware when the target system is lc - B unattended. In this way, an attacker can ul 07 U remotely take control over the victim's at G computer that is operated with an affected ed T receiver of this device. R A Q M IS C
C Due to unencrypted and unauthenticated no V data communication, the wireless presenter t 20 E- Inateck WP2002 is prone to keystroke ye inateck -- 19 20 injection attacks. Thus, an attacker is able t wp2002_wireless_pre - 19 to send arbitrary keystrokes to a victim's ca senter 06 - computer system, e.g., to install malware lc - 12 when the target system is unattended. In ul 07 50 this way, an attacker can remotely take at 4 control over the victim's computer that is ed M So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
operated with an affected receiver of this IS device. C B U G T R A Q M IS C
C V E- no 20 t 20 19 Kyocera Command Center RX ye 19 - TASKalfa4501i and TASKalfa5052ci t kyocera -- - 64 allows remote attackers to abuse the Test ca command_center_rx 06 52 button in the machine address book to lc - M obtain a cleartext FTP or SMB password. ul 06 IS at C ed M IS C
Due to unencrypted and unauthenticated no C 20 logitech -- data communication, the wireless presenter t V 19 r700_laser_presentati Logitech R700 Laser Presentation Remote ye E- - on_remote R-R0010 is prone to keystroke injection t 20 06 attacks. Thus, an attacker is able to send ca 19 So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
arbitrary keystrokes to a victim's computer - lc - system, e.g., to install malware when the 07 ul 12 target system is unattended. In this way, an at 50 attacker can remotely take control over the ed 6 victim's computer that is operated with an M affected receiver of this device. IS C B U G T R A Q M IS C
C V E- no 20 t 18 Maccms through 8.0 allows XSS via the 20 ye - site_keywords field to 19 t 19 maccms -- maccms index.php?m=system-config because of - ca 46 tpl/module/system.php and 06 lc 5 tpl/html/system_config.html, related to - ul M template/paody/html/vod_index.html. 07 at IS ed C M IS C So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C V E- no 20 In UrBackup 2.2.6, an attacker can send a t 18 20 malformed request to the client over the ye - 19 network, and trigger a t 20 martin_raiber -- - fileservplugin/CClientThread.cpp ca 01 urbackup 06 CClientThread::GetFileHashAndMetadata lc 4 - NULL pointer dereference, leading to ul M 07 shutting down the client application. at IS ed C M IS C
C V E- no 20 t 20 19 ye 19 - micro_focus -- Micro Focus Solution Business Manager t - 34 solution_business_m versions prior to 11.4.2 is susceptible to ca 06 77 anager open redirect. lc - C ul 07 O at N ed FI R M
An issue was discovered on Moxa AWK- 20 no C moxa -- awk-3121 3121 1.14 devices. The device by default 19 t V So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
allows HTTP traffic thus providing an - ye E- insecure communication mechanism for a 06 t 20 user connecting to the web server. This - ca 18 allows an attacker to sniff the traffic easily 07 lc - and allows an attacker to compromise ul 10 sensitive data such as credentials. at 69 ed 0 M IS C B U G T R A Q
C V E- no 20 An issue was discovered on Moxa AWK- t 18 20 3121 1.14 devices. It is intended that an ye - 19 administrator can download /systemlog.log t 10 - moxa -- awk-3121 (the system log). However, the same ca 69 06 functionality allows an attacker to lc 1 - download the file without any ul M 07 authentication or authorization. at IS ed C B U G So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
T R A Q
C V E- 20 18 no - t 10 An issue was discovered on Moxa AWK- 20 ye 69 3121 1.14 devices. The session cookie 19 t 2 "Password508" does not have an HttpOnly - moxa -- awk-3121 ca M flag. This allows an attacker who is able to 06 lc IS execute a cross-site scripting attack to steal - ul C the cookie very easily. 07 at B ed U G T R A Q
An issue was discovered on Moxa AWK- C no 3121 1.14 devices. It provides ping 20 V t functionality so that an administrator can 19 E- ye execute ICMP calls to check if the network - 20 moxa -- awk-3121 t is working correctly. However, the same 06 18 ca functionality allows an attacker to execute - - lc commands on the device. The POST 07 10 ul parameter "srvName" is susceptible to a 69 So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
buffer overflow. By crafting a packet that at 3 contains a string of 516 characters, it is ed M possible for an attacker to execute the IS attack. C B U G T R A Q
C V E- An issue was discovered on Moxa AWK- 20 3121 1.14 devices. The device provides a 18 Wi-Fi connection that is open and does not no - use any encryption mechanism by default. t 10 An administrator who uses the open 20 ye 69 wireless connection to set up the device 19 t 4 can allow an attacker to sniff the traffic - moxa -- awk-3121 ca M passing between the user's computer and 06 lc IS the device. This can allow an attacker to - ul C steal the credentials passing over the HTTP 07 at B connection as well as TELNET traffic. ed U Also an attacker can MITM the response G and infect a user's computer very easily as T well. R A Q So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C V E- An issue was discovered on Moxa AWK- 20 3121 1.14 devices. It provides alert 18 functionality so that an administrator can no - send emails to his/her account when there t 10 20 are changes to the device's network. ye 69 19 However, the same functionality allows an t 5 - moxa -- awk-3121 attacker to execute commands on the ca M 06 device. The POST parameters lc IS - "to1,to2,to3,to4" are all susceptible to ul C 07 buffer overflow. By crafting a packet that at B contains a string of 678 characters, it is ed U possible for an attacker to execute the G attack. T R A Q
C An issue was discovered on Moxa AWK- V 3121 1.14 devices. The device provides a no E- web interface to allow an administrator to t 20 20 manage the device. However, this interface ye 18 19 is not protected against CSRF attacks, t - - moxa -- awk-3121 which allows an attacker to trick an ca 10 06 administrator into executing actions lc 69 - without his/her knowledge, as ul 6 07 demonstrated by the at M forms/iw_webSetParameters and ed IS forms/webSetMainRestart URIs. C B So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
U G T R A Q
C V E- 20 An issue was discovered on Moxa AWK- 18 3121 1.14 devices. The Moxa AWK 3121 no - provides certfile upload functionality so t 10 that an administrator can upload a 20 ye 69 certificate file used for connecting to the 19 t 9 wireless network. However, the same - moxa -- awk-3121 ca M functionality allows an attacker to execute 06 lc IS commands on the device. The POST - ul C parameter "iw_privatePass" is susceptible 07 at B to this injection. By crafting a packet that ed U contains shell metacharacters, it is possible G for an attacker to execute the attack. T R A Q
An issue was discovered on Moxa AWK- 20 no C 3121 1.14 devices. The Moxa AWK 3121 19 t V provides ping functionality so that an - ye E- moxa -- awk-3121 administrator can execute ICMP calls to 06 t 20 check if the network is working correctly. - ca 18 However, the same functionality allows an 07 lc - So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
attacker to execute commands on the ul 10 device. The POST parameter "srvName" is at 69 susceptible to this injection. By crafting a ed 7 packet that contains shell metacharacters, it M is possible for an attacker to execute the IS attack. C B U G T R A Q
C V E- 20 18 An issue was discovered on Moxa AWK- no - 3121 1.14 devices. The device enables an t 10 unencrypted TELNET service by default. 20 ye 69 This allows an attacker who has been able 19 t 8 to gain an MITM position to easily sniff - moxa -- awk-3121 ca M the traffic between the device and the user. 06 lc IS Also an attacker can easily connect to the - ul C TELNET daemon using the default 07 at B credentials if they have not been changed ed U by the user. G T R A Q So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C V E- 20 18 no - An issue was discovered on Moxa AWK- t 10 3121 1.19 devices. It provides functionality 20 ye 70 so that an administrator can change the 19 t 0 name of the device. However, the same - moxa -- awk-3121 ca M functionality allows an attacker to execute 06 lc IS XSS by injecting an XSS payload. The - ul C POST parameter "iw_board_deviceName" 07 at B is susceptible to this injection. ed U G T R A Q
C An issue was discovered on Moxa AWK- V 3121 1.14 devices. It provides functionality no E- so that an administrator can run scripts on t 20 the device to troubleshoot any issues. 20 ye 18 However, the same functionality allows an 19 t - attacker to execute commands on the - moxa -- awk-3121 ca 10 device. The POST parameter 06 lc 70 "iw_filename" is susceptible to buffer - ul 1 overflow. By crafting a packet that 07 at M contains a string of 162 characters, it is ed IS possible for an attacker to execute the C attack. B So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
U G T R A Q
C V E- 20 18 An issue was discovered on Moxa AWK- no - 3121 1.14 devices. It provides functionality t 10 20 so that an administrator can run scripts on ye 70 19 the device to troubleshoot any issues. t 2 - moxa -- awk-3121 However, the same functionality allows an ca M 06 attacker to execute commands on the lc IS - device. The POST parameter ul C 07 "iw_filename" is susceptible to command at B injection via shell metacharacters. ed U G T R A Q
An issue was discovered on Moxa AWK- 20 no C 3121 1.14 devices. It provides functionality 19 t V so that an administrator can run scripts on - ye E- moxa -- awk-3121 the device to troubleshoot any issues. 06 t 20 However, the same functionality allows an - ca 18 attacker to execute commands on the 07 lc - So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
device. The POST parameter "iw_serverip" ul 10 is susceptible to buffer overflow. By at 70 crafting a packet that contains a string of ed 3 480 characters, it is possible for an attacker M to execute the attack. IS C B U G T R A Q
C V E- 20 18 Broadcom firmware before summer 2014 no - on Nexus 5 BCM4335C0 2012-12-11, t 20 19 Raspberry Pi 3 BCM43438A1 2014-06-02, ye 19 86 multiple_vendors -- and unspecifed other devices does not t - 0 multiple_devices properly restrict LMP commnds and ca 06 C executes certain memory contents upon lc - O receiving an LMP command, as ul 07 N demonstrated by executing an HCI at FI command. ed R M M IS C So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C V no E- t 20 20 ye NETGEAR Insight Cloud with firmware 19 19 t netgear -- before Insight 5.6 allows remote - - ca insight_cloud authenticated users to achieve command 06 12 lc injection. - 59 ul 03 1 at M ed IS C
C no V t E- 20 ye 20 19 An OS Command Injection has been t 19 nextcloud -- - discovered in the Nextcloud App: Extract ca - nextcloud 06 prior to version 1.2.0. lc 54 - ul 41 07 at M ed IS C
C no lib/Controller/ExtractionController.php in 20 V t the Extract add-on before 1.2.0 for 19 E- ye nextcloud -- Nextcloud allows Remote Code Execution - 20 t nextcloud via shell metacharacters in a RAR filename 06 19 ca via ajax/extractRar.php (nameOfFile and - - lc directory parameters). 05 12 ul 73 So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
at 9 ed M IS C M IS C
C V E- 20 no 19 t - 20 NUUO Network Video Recorder Firmware ye 96 19 nuuo -- 1.7.x through 3.3.x allows unauthenticated t 53 - network_video_recor attackers to execute arbitrary commands ca M 05 der_firmware via shell metacharacters to lc IS - handle_load_config.php. ul C 31 at M ed IS C M IS C
NVIDIA GeForce Experience versions no C 20 prior to 3.19 contains a vulnerability in the t V 19 Web Helper component, in which an ye E- nvidia -- - attacker with local system access can craft t 20 geforce_experience 05 input that may not be properly validated. ca 19 - Such an attack may lead to code execution, lc - 31 denial of service or information disclosure. ul 56 So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
at 78 ed C O N FI R M
C V E- 20 no 17 An insecure communication was found t - 20 between a user and the Orpak SiteOmat ye 14 19 management console for all known t 85 - orpak -- siteomat versions, due to an invalid SSL certificate. ca 2 06 The attack allows for an eavesdropper to lc M - capture the communication and decrypt the ul IS 03 data. at C ed BI D M IS C
no C A SQL injection vulnerability exists in all 20 t V Orpak SiteOmat versions prior to 2017-09- 19 ye E- 25. The vulnerability is in the login page, - orpak -- siteomat t 20 where the authentication validation process 06 ca 17 contains an insecure SELECT query. The - lc - attack allows for authentication bypass. 03 ul 14 So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
at 85 ed 1 BI D M IS C M IS C
C V E- 20 no 17 An authentication bypass was found in an t - unknown area of the SiteOmat source code. 20 ye 14 All SiteOmat BOS versions are affected, 19 t 72 prior to the submission of this exploit. - orpak -- siteomat ca 8 Also, the SiteOmat does not force 06 lc M administrators to switch passwords, leaving - ul IS SSH and HTTP remote authentication open 03 at C to public. ed BI D M IS C
All known versions of the Orpak SiteOmat 20 no C web management console is vulnerable to 19 t V orpak -- siteomat multiple instances of Stored Cross-site - ye E- Scripting due to improper external user- 06 t 20 So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
input validation. An attacker with access to - ca 17 the web interface is able to hijack sessions 03 lc - or navigate victims outside of SiteOmat, to ul 14 a malicious server owned by him. at 85 ed 0 BI D M IS C M IS C
C V no E- Panasonic FPWIN Pro version 7.3.0.0 and t 20 20 prior allows attacker-created project files to ye 19 19 be loaded by an authenticated user t - panasonic -- - triggering incompatible type errors because ca 65 fpwin_pro 06 the resource does not have expected lc 32 - properties. This may lead to remote code ul BI 07 execution. at D ed M IS C
Panasonic FPWIN Pro version 7.3.0.0 and no C 20 prior allows attacker-created project files to t V panasonic -- 19 be loaded by an authenticated user causing ye E- fpwin_pro - heap-based buffer overflows, which may t 20 06 lead to remote code execution. ca 19 So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
- lc - 07 ul 65 at 30 ed BI D M IS C
C V E- 20 19 - no 12 t 13 An unspecified vulnerability in the 20 ye 5 papercut -- application server in PaperCut MF and NG 19 t C papercut_mf_and_pa versions 18.3.8 and earlier and versions - ca O percut_ng 19.0.3 and earlier allows remote attackers 06 lc N to execute arbitrary code via an unspecified - ul FI vector. 06 at R ed M C O N FI R M So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C V E- no 20 t 20 19 ye An issue was discovered in PHP Scripts 19 - phpscriptsmall.com -- t Mall API Based Travel Booking 3.4.7. - 75 api_based_travel_boo ca There is Reflected XSS via the flight- 06 54 king lc results.php d2 parameter. - M ul 06 IS at C ed M IS C
C V E- 20 The Pivotal Ops Manager, 2.2.x versions no 19 prior to 2.2.23, 2.3.x versions prior to t 20 - 2.3.16, 2.4.x versions prior to 2.4.11, and ye 19 37 pivotal -- 2.5.x versions prior to 2.5.3, contain t - 90 pivotal_ops_manager configuration that circumvents refresh ca 06 BI token expiration. A remote authenticated lc - D user can gain access to a browser session ul 06 C that was supposed to have expired, and at O access Ops Manager resources. ed N FI R M So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C V This affects Spring Data JPA in versions E- up to and including 2.1.6, 2.0.14 and no 20 1.11.20. ExampleMatcher using t 20 19 ExampleMatcher.StringMatcher.STARTIN ye 19 - pivotal -- G, t - 38 spring_data_jpa ExampleMatcher.StringMatcher.ENDING ca 06 02 or lc - C ExampleMatcher.StringMatcher.CONTAI ul 03 O NING could return more results than at N anticipated when a maliciously crafted ed FI example value is supplied. R M
C V E- 20 no 19 Progress Sitefinity 10.1.6536 does not t - invalidate session cookies upon logouts. It 20 ye 72 instead tries to overwrite the cookie in the 19 t 15 browser, but it remains valid on the server - progress -- sitefinity ca M side. This means the cookie can be reused 06 lc IS to maintain access to the account, even if - ul C the account credentials and permissions are 06 at C changed. ed O N FI R M So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C V E- 20 19 - 10 16 A security regression of CVE-2019-9636 0 was discovered in python since commit C d537ab0ff9767ef024f26246899728f0116b O 1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 N and from v3.8.0a4 through v3.8.0b1, which FI still allows an attacker to exploit CVE- no R 2019-9636 by abusing the user and t 20 M password parts of a URL. When an ye 19 C application parses user-supplied URLs to t - O python -- python store cookies, authentication credentials, or ca 06 N other kind of information, it is possible for lc - FI an attacker to provide specially crafted ul 07 R URLs to make the application locate host- at M related information (e.g. cookies, ed C authentication data) and send them to a O different host than where it should, unlike N if the URLs had been correctly parsed. The FI result of an attack may vary based on the R application. M C O N FI R M C So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
O N FI R M M IS C
C V The Quest Kace K1000 Appliance, E- versions prior to 9.0.270, allows a remote 20 attacker to exploit the misconfigured 18 Cross-Origin Resource Sharing (CORS) - mechanism. An unauthenticated, remote 54 attacker could exploit this vulnerability to no 06 perform sensitive actions such as adding a t M 20 new administrator account or changing the ye IS 19 quest -- appliance?s settings. A malicious internal t C - kace_k1000_applianc user could also gain administrator ca C 06 e privileges of this appliance and use it to lc O - visit a malicious link that exploits this ul N 03 vulnerability. This could cause the at FI application to perform sensitive actions ed R such as adding a new administrator account M or changing the appliance?s settings. An C unauthenticated, remote attacker could add E an administrator-level account or change R the appliance's settings. T- V N So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
The Quest Kace K1000 Appliance, C versions prior to 9.0.270, allows an V authenticated least privileged user with E- 'User Console Only' rights to potentially 20 inject arbitrary JavaScript code on the 18 tickets page. Script execution could allow a - malicious user of the system to steal 54 session cookies of other users including no 05 Administrator and take over their session. t M 20 This can further be exploited to launch ye IS 19 quest -- other attacks. The software also does not t C - kace_k1000_applianc neutralize or incorrectly neutralizes user- ca C 06 e controllable input before it is placed in lc O - output that is used as a web page that is ul N 03 served to other users. The software does at FI not neutralize or incorrectly neutralizes ed R user-controllable input before it is placed M in output that is used as a web page that is C served to other user. An authenticated user E with 'user console only' rights may inject R arbitrary JavaScript, which could result in T- an attacker taking over a session of others, V including an Administrator. N
no C The Quest Kace K1000 Appliance, t V versions prior to 9.0.270, allows an 20 ye E- authenticated, remote attacker with least 19 quest -- t 20 privileges ('User Console Only' role) to - kace_k1000_applianc ca 18 potentially exploit multiple Blind SQL 06 e lc - Injection vulnerabilities to retrieve - ul 54 sensitive information from the database or 03 at 04 copy the entire database. An authenticated ed C So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
remote attacker could leverage Blind SQL O injections to obtain sensitive data. N FI R M C E R T- V N
C V E- 20 19 - no 12 t 30 20 ye 3 In Rancher 2 through 2.2.3, Project owners 19 t C can inject additional fluentd configuration - rancher -- rancher ca O to read files or execute arbitrary commands 06 lc N inside the fluentd container. - ul FI 06 at R ed M C O N FI R M So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C V E- 20 19 - In Rancher 1 and 2 through 2.2.3, no 12 unprivileged users (if allowed to deploy t 27 nodes) can gain admin access to the 20 ye 4 Rancher management plane because node 19 t C rancher -- rancher driver options intentionally allow posting - ca O certain data to the cloud. The problem is 06 lc N that a user could choose to post a sensitive - ul FI file such as /root/.kube/config or 06 at R /var/lib/rancher/management- ed M state/cred/kubeconfig-system.yaml. C O N FI R M
C no V t E- 20 ye 20 19 SuiteCRM 7.8.x before 7.8.30, 7.10.x t 19 salesagility -- - before 7.10.17, and 7.11.x before 7.11.5 ca - suitecrm 06 allows SQL Injection (issue 2 of 3). lc 12 - ul 60 07 at 0 ed C O So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
N FI R M
C V E- no 20 t 19 20 ye - 19 SuiteCRM 7.8.x before 7.8.30, 7.10.x t 12 salesagility -- - before 7.10.17, and 7.11.x before 7.11.5 ca 60 suitecrm 06 allows SQL Injection (issue 3 of 3). lc 1 - ul C 07 at O ed N FI R M
C V no E- t 20 20 ye 19 19 t salesagility -- SuiteCRM 7.10.x before 7.10.17 and - - ca suitecrm 7.11.x before 7.11.5 allows SQL Injection. 06 12 lc - 59 ul 07 9 at C ed O N So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
FI R M
C V E- no 20 t 19 20 ye - 19 SuiteCRM 7.8.x before 7.8.30, 7.10.x t 12 salesagility -- - before 7.10.17, and 7.11.x before 7.11.5 ca 59 suitecrm 06 allows SQL Injection (issue 1 of 3). lc 8 - ul C 07 at O ed N FI R M
Samsung Galaxy Apps before 4.4.01.7 C allows modification of the hostname used V for load balancing on installations of no E- applications through a man-in-the-middle t 20 20 attack. An attacker may trick Galaxy Apps ye 18 19 into using an arbitrary hostname for which t - samsung -- - the attacker can provide a valid SSL ca 20 galaxy_apps 06 certificate, and emulate the API of the app lc 13 - store to modify existing apps at installation ul 5 07 time. The specific flaw involves an HTTP at M method to obtain the load-balanced ed IS hostname that enforces SSL only after C obtaining a hostname from the load M So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
balancer, and a missing app signature IS validation in the application XML. An C attacker can exploit this vulnerability to achieve Remote Code Execution on the device. The Samsung ID is SVE-2018- 12071.
C This vulnerability allows remote attackers no V to execute arbitrary code on vulnerable t E- installations of Samsung Galaxy S9 prior 20 ye 20 to 1.4.20.2. Authentication is not required 19 t 19 to exploit this vulnerability. The specific - samsung -- galaxy_s9 ca - flaw exists within the handling of the 06 lc 67 GameServiceReceiver update mechanism. - ul 42 An attacker can leverage this vulnerability 03 at M to execute code in the context of the ed IS current process. Was ZDI-CAN-7477. C
This vulnerability allows remote attackers to execute arbitrary code on vulnerable C installations of Samsung Galaxy S9 prior no V to January 2019 Security Update (SMR- t E- JAN-2019 - SVE-2018-13467). User 20 ye 20 interaction is required to exploit this 19 t 19 vulnerability in that the target must visit a - samsung -- galaxy_s9 ca - malicious page or open a malicious file. 06 lc 67 The specific flaw exists within the ASN.1 - ul 40 parser. When parsing ASN.1 strings, the 03 at M process does not properly validate the ed IS length of user-supplied data prior to C copying it to a fixed-length heap-based buffer. An attacker can leverage this So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
vulnerability to execute code in the context of the current process. Was ZDI-CAN- 7472.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable C installations of Samsung Galaxy S9 prior no V to January 2019 Security Update (SMR- t E- JAN-2019 - SVE-2018-13467). User 20 ye 20 interaction is required to exploit this 19 t 19 vulnerability in that the target must connect - samsung -- galaxy_s9 ca - to a wireless network. The specific flaw 06 lc 67 exists within the captive portal. By - ul 41 manipulating HTML, an attacker can force 03 at M a page redirection. An attacker can ed IS leverage this vulnerability to execute code C in the context of the current process. Was ZDI-CAN-7476.
C V no E- t 20 20 The Security Camera CZ application ye 19 19 scamera -- through 1.6.8 for Android stores potentially t - - security_camera_cz_ sensitive recorded video in external data ca 06 12 application storage, which is readable by any lc - 76 application. ul 07 3 at M ed IS C So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C V E- no 20 Sitecore Experience Platform (XP) prior to t 19 20 9.1.1 is vulnerable to remote code ye - 19 execution via deserialization, aka TFS # t 11 sitecore -- - 293863. An authenticated user with ca 08 experience_platform 06 necessary permissions is able to remotely lc 0 - execute OS commands by sending a ul M 06 crafted serialized object. at IS ed C M IS C
C V The local management interface in E- SolarWinds Serv-U FTP Server 15.1.6.25 no 20 has incorrect access controls that permit t 18 20 local users to bypass authentication in the ye - 19 application and execute code in the context t 19 solarwinds -- serv- - of the Windows SYSTEM account, leading ca 99 u_ftp_server 06 to privilege escalation. To exploit this lc 9 - vulnerability, an attacker must have local ul M 07 access the the host running Serv-U, and a at IS Serv-U administrator have an active ed C management console session. M IS C So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C V E- no 20 t 20 19 ye 19 - soyal -- ar- On SOYAL AR-727H and AR-829Ev5 t - 64 727h_and_ar- devices, all CGI programs allow ca 06 51 829ev5_devices unauthenticated POST access. lc - M ul 06 IS at C ed M IS C
C V E- no 20 t 19 Supra Smart Cloud TV allows remote file 20 ye - inclusion in the openLiveURL function, 19 t 12 supra -- which allows a local attacker to broadcast - ca 47 smart_cloud_tv fake video without any authentication via a 06 lc 7 /remote/media_control?action=setUri&uri= - ul M URI. 07 at IS ed C M IS C synaptics -- Incorrect access control in the CxUtilSvc 20 no C sound_device_drivers component of the Synaptics Sound Device 19 t V So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
drivers prior to version 2.29 allows a local - ye E- attacker to increase access privileges to the 06 t 20 Windows Registry via an unpublished API. - ca 19 05 lc - ul 97 at 30 ed C O N FI R M M IS C M IS C
C V no E- t Command injection is possible in 20 20 ye ThinStation through 6.1.1 via shell 19 19 t thinstation -- metacharacters after the cgi- - - ca thinstation bin/CdControl.cgi action= substring, or 06 12 lc after the cgi-bin/VolControl.cgi OK= - 77 ul substring. 07 1 at M ed IS C So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C An issue was discovered in Thomson V Reuters Desktop Extensions 1.9.0.358. An E- unauthenticated directory traversal and no 20 local file inclusion vulnerability in the t 20 19 ThomsonReuters.Desktop.Service.exe and ye 19 - ThomsonReuters.Desktop.exe allows a t thomson_reuters -- - 83 remote attacker to list or enumerate ca desktop 06 85 sensitive contents of files via a \.. to port lc - M 6677. Additionally, this could allow for ul 05 IS privilege escalation by dumping the at C affected machine's SAM and SYSTEM ed M database files, as well as remote code IS execution. C
C TP-Link TL-WR940N is vulnerable to a no V stack-based buffer overflow, caused by t E- 20 improper bounds checking by the ye 20 19 ipAddrDispose function. By sending t 19 tp-link -- tl- - specially crafted ICMP echo request ca - wr940n_router 06 packets, a remote authenticated attacker lc 69 - could overflow a buffer and execute ul 89 06 arbitrary code on the system with elevated at M privileges. ed IS C
Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite 20 no C devices allows remote attackers to execute 19 t V ubiquiti -- arbitrary code with admin credentials, - ye E- edgeos_on_edgeroute because /opt/vyatta/share/vyatta- 06 t 20 r_lite_devices cfg/templates/system/static-host- - ca 18 mapping/host-name/node.def does not 07 lc - So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
sanitize the 'alias' or 'ips' parameter for ul 52 shell metacharacters. at 65 ed M IS C
C no V Ubiquiti UniFi 52 devices, when Hotspot t E- 20 mode is used, allow remote attackers to ye 20 19 bypass intended restrictions on "free time" t 18 ubiquiti -- - Wi-Fi usage by sending a /guest/s/default/ ca - unifi_52_devices 06 request to obtain a cookie, and then using lc 52 - this cookie in a /guest/s/default/login ul 64 07 request with the byfree parameter. at M ed IS C
C V VMware Tools for Windows (10.x before E- no 10.3.10) update addresses an out of bounds 20 t read vulnerability in vm3dmp driver which 20 19 ye is installed with vmtools in Windows guest 19 - t vmware -- tools machines. A local attacker with non- - 55 ca administrative access to a Windows guest 06 22 lc with VMware Tools installed may be able - BI ul to leak kernel information or create a 06 D at denial of service attack on the same C ed Windows guest machine. O N FI So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
R M
C V E- 20 VMware Workstation (15.x before 15.1.0) no 19 contains a use-after-free vulnerability in t 20 - the Advanced Linux Sound Architecture ye 19 55 (ALSA) backend. A malicious user with t vmware -- - 25 normal user privileges on the guest ca workstation 06 BI machine may exploit this issue in lc - D conjunction with other issues to execute ul 06 C code on the Linux host where Workstation at O is installed. ed N FI R M
The WP Live Chat Support Pro plugin C through 8.0.26 for WordPress contains an V arbitrary file upload vulnerability. This no E- results from an incomplete patch for CVE- t 20 20 2018-12426. Arbitrary file upload is ye 19 19 wordpress -- achieved by using a non-blacklisted t - - wordpress executable file extension in conjunction ca 11 06 with a whitelisted file extension, and lc 18 - prepending "magic bytes" to the payload to ul 5 03 pass MIME checks. Specifically, an at M unauthenticated remote user submits a ed IS crafted file upload POST request to the C REST api remote_upload endpoint. The M So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
file contains data that will fool the plugin's IS MIME check into classifying it as an image C (which is a whitelisted file extension) and M finally a trailing .phtml file extension. IS C
C V no E- t CSV Injection (aka Excel Macro Injection 20 20 ye or Formula Injection) exists in the export 19 19 t workday -- workday feature in Workday through 32 via a value - - ca (provided by a low-privileged user in a 06 12 lc contact form field) that is mishandled in a - 13 ul CSV export. 06 4 at M ed IS C
C V E- no 20 t 20 19 ye 19 - t x-cart -- x-cart X-Cart V5 is vulnerable to XSS via the - 72 ca CategoryFilter2 parameter. 06 20 lc - M ul 06 IS at C ed M IS C So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior C to 10.4.0. User interaction is required to no V exploit this vulnerability in that the target t E- 20 must visit a malicious page or open a ye 20 19 malicious file. The specific flaw exists t 19 xiaomi -- - within the WebAssembly.Instance method. ca - mi6_browser 06 The issue results from the lack of proper lc 67 - validation of user-supplied data, which can ul 43 03 result in a write past the end of a heap- at M based buffer. An attacker can leverage this ed IS vulnerability to execute code in the context C of the current process. Was ZDI-CAN- 7466.
C V E- no 20 t 19 Xiaomi Mi 5s Plus devices allow attackers 20 ye - to trigger touchscreen anomalies via a 19 t 12 xiaomi -- radio signal between 198 kHz and 203 - ca 76 mi_5s_plus_devices kHz, as demonstrated by a transmitter and 06 lc 2 antenna hidden just beneath the surface of - ul M a coffee-shop table, aka Ghost Touch. 06 at IS ed C M IS C So C ur P V ce u S & Primary bl Description S Pa Vendor -- Product is Sc tc he or h d e In fo
C V E- no 20 Xiaomi Stock Browser 10.2.4.g on Xiaomi t 18 Redmi Note 5 Pro devices and other Redmi 20 ye - xiaomi -- Android phones allows content provider 19 t 20 redmi_note_5_pro_d injection. In other words, a third-party - ca 52 evices_and_redmi_an application can read the user's cleartext 06 lc 3 droid_phones browser history via an app.provider.query - ul M content://com.android.browser.searchhistor 07 at IS y/searchhistory request. ed C M IS C