advantech — wise-paas/rmm Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information. 2019-10-31 not yet calculated CVE-2019-18229
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC advantech — wise-paas/rmm Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication. 2019-10-31 not yet calculated CVE-2019-13547
MISC
MISC advantech — wise-paas/rmm Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data. 2019-10-31 not yet calculated CVE-2019-18227
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC advantech — wise-paas/rmm Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator. 2019-10-31 not yet calculated CVE-2019-13551
MISC
MISC
MISC
MISC
MISC amd — atidxx64.dll_driver An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. 2019-10-31 not yet calculated CVE-2019-5049
MISC apache — struts Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. 2019-11-01 not yet calculated CVE-2011-3923
MISC
EXPLOIT-DB
BID
MISC
MISC
XF
MISC apak — wholesale_floorplanning_finance Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5 allows XSS via the mainForm:loanNotesnotes:0:rich_text_editor_note_text parameter to WFS/agreementView.faces in the Notes section. Although versions 6.31.8.3 and 6.31.8.5 are confirmed to be affected, all versions with the vulnerable WYSIWYG ?Notes? section are likely affected. 2019-10-31 not yet calculated CVE-2019-17551
MISC archiver — archiver All versions of archiver allow attacker to perform a Zip Slip attack via the “unarchive” functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder. For instance, a zip may hold a file with a “../../file.exe” location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily. 2019-10-29 not yet calculated CVE-2019-10743
MISC
MISC
MISC archos — safe-t_devices On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device’s USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. 2019-11-02 not yet calculated CVE-2019-14358
MISC aruba — instant Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection. 2019-10-30 not yet calculated CVE-2018-16417
BID
CONFIRM
MISC
CONFIRM
MISC atlantis_word_processor — atlantis_word_processor An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the result. Usage of this uninitialized pointer can allow an attacker to corrupt heap memory resulting in code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability. 2019-10-31 not yet calculated CVE-2018-3983
MISC atlassian — infosysta_for_jira An issue was discovered in the Infosysta “In-App & Desktop Notifications” app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI. 2019-11-01 not yet calculated CVE-2019-16908
MISC
MISC atlassian — infosysta_for_jira An issue was discovered in the Infosysta “In-App & Desktop Notifications” app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plugins/servlet/nfj/NotificationSettings URI. 2019-11-01 not yet calculated CVE-2019-16909
MISC
MISC atlassian — infosysta_for_jira An issue was discovered in the Infosysta “In-App & Desktop Notifications” app 1.6.13_J8 for Jira. It is possible to obtain a list of all valid Jira usernames without authentication/authorization via the plugins/servlet/nfj/UserFilter?searchQuery=@ URI. 2019-10-31 not yet calculated CVE-2019-16907
MISC
BUGTRAQ atlassian — infosysta_for_jira An issue was discovered in the Infosysta “In-App & Desktop Notifications” app 1.6.13_J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user’s notifications can be read without authentication/authorization. These notifications are then no longer displayed to the normal user. 2019-10-31 not yet calculated CVE-2019-16906
MISC
BUGTRAQ atlassian — jira An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin. 2019-10-31 not yet calculated CVE-2019-5095
MISC autojump — autojump autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory. 2019-10-31 not yet calculated CVE-2013-2012
MISC
MISC
MISC
CONFIRM
CONFIRM
MISC avast — antivirus A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. 2019-11-01 not yet calculated CVE-2019-18653
MISC
MISC avg_technologies — avg_antivirus A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. 2019-11-01 not yet calculated CVE-2019-18654
MISC
MISC axohelp — axohelp In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled. 2019-10-29 not yet calculated CVE-2019-18604
MISC bitdefender — box_firmware An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefender BOX be in setup mode. 2019-10-31 not yet calculated CVE-2019-12612
CONFIRM centos-webpanel — centos_web_panel Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename within a directory visited by the victim. 2019-10-31 not yet calculated CVE-2019-16295
MISC
CONFIRM cezerin — cezerin Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious customer can manipulate an order (e.g., its payment status or shipping fee) by adding additional attributes to user-input during the PUT /ajax/cart operation for a checkout, because of getValidDocumentForUpdate in api/server/services/orders/orders.js. 2019-10-29 not yet calculated CVE-2019-18608
MISC chicken — chicken OS command injection vulnerability in the “qs” procedure from the “utils” module in Chicken before 4.9.0. 2019-10-31 not yet calculated CVE-2013-2024
MISC
MISC
MISC
MISC
CONFIRM
MISC
MISC chicken — chicken Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of an incomplete fix for CVE-2012-6122. 2019-10-31 not yet calculated CVE-2013-2075
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
MISC
CONFIRM
MISC chicken — chicken A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states “This function wasn’t used for security purposes (and is advertised as being unsuitable).” 2019-10-31 not yet calculated CVE-2012-6124
MISC
MISC
CONFIRM
MISC chicken — chicken Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct “poisoned NUL byte attack.” 2019-10-31 not yet calculated CVE-2012-6123
MISC
MISC
MISC chicken — chicken Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions. 2019-10-31 not yet calculated CVE-2012-6125
MISC
MISC
CONFIRM
CONFIRM
MISC chicken — chicken Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. 2019-10-31 not yet calculated CVE-2012-6122
MISC
MISC
MISC
MISC
MISC
CONFIRM
CONFIRM
MISC compal — ch7465lg_modem The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html. 2019-10-28 not yet calculated CVE-2019-17224
MISC
MISC cujo — smart_firewall An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without prior sanitization, which results in arbitrary Lua script execution in the kernel. An attacker could send an HTTP request to exploit this vulnerability. 2019-10-31 not yet calculated CVE-2018-4031
MISC cujo — smart_firewall An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually exhausts the stack, crashing the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability. 2019-10-31 not yet calculated CVE-2018-4002
MISC debian_project — autokey The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack. 2019-10-30 not yet calculated CVE-2010-0398
MISC
MISC debian_project — burn burn allows file names to escape via mishandled quotation marks 2019-10-31 not yet calculated CVE-2009-5043
MISC debian_project — debian The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1 No ISC releases are affected. Other packages from other distributions who did similar backports for the fix for 2017-3137 may also be affected. 2019-10-30 not yet calculated CVE-2018-5735
CONFIRM debian_project — mumble Mumble: murmur-server has DoS due to malformed client query 2019-10-31 not yet calculated CVE-2010-2490
MISC
MISC
MISC debian_project — overkill overkill has buffer overflow via long player names that can corrupt data on the server machine 2019-10-31 not yet calculated CVE-2009-5041
MISC debian_project — python-docutils python-docutils allows insecure usage of temporary files 2019-10-31 not yet calculated CVE-2009-5042
MISC debian_project — drbd8 drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725. 2019-10-30 not yet calculated CVE-2010-0747
MISC
CONFIRM debian_project — mutt Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. 2019-11-01 not yet calculated CVE-2005-2351
MISC
MISC elastic — elasticsearch Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm. 2019-10-30 not yet calculated CVE-2019-7619
CONFIRM
CONFIRM
CONFIRM elastic — logstash Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding. 2019-10-30 not yet calculated CVE-2019-7620
CONFIRM
CONFIRM
CONFIRM european_commission — eidas_node_integration_package European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected. 2019-10-30 not yet calculated CVE-2019-18633
MISC european_commission — eidas_node_integration_package European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate. 2019-10-30 not yet calculated CVE-2019-18632
MISC f5 — big-ip On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility. 2019-11-01 not yet calculated CVE-2019-6657
CONFIRM f5 — big-ip_afm On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack. 2019-11-01 not yet calculated CVE-2019-6658
CONFIRM facebook — whatsapp The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 (aka SIB12). NOTE: testing inside an RF-isolated shield box suggested that all LTE phones are affected by design (e.g., use of Android versus iOS does not matter); testing in an open RF environment is, of course, contraindicated. 2019-11-02 not yet calculated CVE-2019-18659
MISC fastweb — fastgate_devices Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. An attack does not achieve administrative control of a device; however, the attacker can view all of the web pages of the administration console. 2019-11-02 not yet calculated CVE-2019-18661
MISC
MISC fortinet — fortiextender An OS command injection vulnerability in FortiExtender 4.1.1 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted “execute date” commands. 2019-10-31 not yet calculated CVE-2019-15710
CONFIRM foswiki — foswiki Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. 2019-11-01 not yet calculated CVE-2013-1666
CONFIRM
MISC
MISC
MISC freebsd –freebsd /usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD has XSS via a filename. 2019-11-02 not yet calculated CVE-2019-18667
MISC freebsd — freebsd FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server. 2019-11-01 not yet calculated CVE-2012-2979
MISC
CONFIRM
MISC freetds — freetds FreeTDS through 1.1.11 has a Buffer Overflow. 2019-10-31 not yet calculated CVE-2019-13508
MISC glpi_project — glpi GLPI 0.83.7 has Local File Inclusion in common.tabs.php. 2019-11-01 not yet calculated CVE-2013-2227
MISC
MISC
MISC
MISC
MISC gnome — evince evince is missing a check on number of pages which can lead to a segmentation fault 2019-11-01 not yet calculated CVE-2013-3718
MISC
MISC
MISC
MISC google — nest_cam_iq_indoor An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this vulnerability. 2019-10-31 not yet calculated CVE-2019-5043
MISC grsecurity — pax An exploitable vulnerability exists in the grsecurity PaX patch for the function read_kmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version grsecurity-3.1-4.9.8-201702060653 to grsecurity-3.1-4.9.24-201704252333, grsecurity unofficial from version v4.9.25-unofficialgrsec to v4.9.74-unofficialgrsec. PaX adds a temp buffer to the read_kmem function, which is never freed when an invalid address is supplied. This results in a memory leakage that can lead to a crash of the system. An attacker needs to induce a read to /dev/kmem using an invalid address to exploit this vulnerability. 2019-10-31 not yet calculated CVE-2019-5023
MISC gs-gpl — gs-gpl I race condition in Temp files was found in gs-gpl before 8.56 addons scripts. 2019-11-01 not yet calculated CVE-2005-2352
MISC
MISC honeywell — equip_and_performance_series_ip_cameras Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP. 2019-10-31 not yet calculated CVE-2019-18230
MISC honeywell — equip_and_performance_series_ip_cameras_and_recorders Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products. 2019-10-31 not yet calculated CVE-2019-18226
MISC

honeywell — equip_ip_and_multiple_equip_series_cameras

Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affe products where a specially crafted HTTP packet request could result in a denial of service. 2019-10-31 not yet calculated CVE-2019-18228
MISC hunt_cctv — multiple_cctv_devices Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration. 2019-10-30 not yet calculated CVE-2013-1391
MISC
MISC
BID hyundai — pay_kasse_hk-1000_devices On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device’s USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. 2019-11-02 not yet calculated CVE-2019-14360
MISC icedtea6 — icedtea6 IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services. 2019-10-31 not yet calculated CVE-2010-2783
CONFIRM
MISC
MISC
MISC icedtea6 — icedtea6 IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files. 2019-10-31 not yet calculated CVE-2010-2548
CONFIRM
MISC
MISC ikiwiki — ikiwiki ikiwiki before 3.20110608 allows remote attackers to hijack root’s tty and run symlink attacks. 2019-10-29 not yet calculated CVE-2011-1408
CONFIRM
MISC
MISC
MISC internet_systems_consortium — bind There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation. 2019-11-01 not yet calculated CVE-2019-6470
CONFIRM
CONFIRM
CONFIRM
CONFIRM ipswitch — progress_movieit_transfer In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used. 2019-10-31 not yet calculated CVE-2019-18465
CONFIRM
CONFIRM ipswitch — progress_movieit_transfer In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database or may be able to alter the database. 2019-10-31 not yet calculated CVE-2019-18464
CONFIRM
CONFIRM
CONFIRM
CONFIRM jetbrains — hub In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery. 2019-10-31 not yet calculated CVE-2019-18360
CONFIRM jetbrains — intellij_idea JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution. 2019-10-31 not yet calculated CVE-2019-18361
CONFIRM jetbrains — mps JetBrains MPS before 2019.2.2 exposed listening ports to the network. 2019-10-31 not yet calculated CVE-2019-18362
CONFIRM jetbrains — teaamcity In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions. 2019-10-31 not yet calculated CVE-2019-18367
CONFIRM jetbrains — teaamcity In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. 2019-10-31 not yet calculated CVE-2019-18365
CONFIRM jetbrains — teaamcity In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the “View build runtime parameters and data” permission. 2019-10-31 not yet calculated CVE-2019-18366
CONFIRM jetbrains — toolbox_app In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. 2019-10-31 not yet calculated CVE-2019-18368
CONFIRM jitbit — jitbit A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum (aka ASP.NET forum) 8.3.8 allows remote attackers to inject arbitrary web script or HTML via the gravatar URL parameter. 2019-11-01 not yet calculated CVE-2019-18636
MISC
MISC libvnc — libvnc LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. 2019-10-29 not yet calculated CVE-2019-15681
MISC
MLIST
MLIST linux — linux_kernel ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python’s os.chmod() works when passed a mode of ‘-1’. 2019-11-01 not yet calculated CVE-2013-4367
MISC
MISC magento — magento An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input. 2019-10-30 not yet calculated CVE-2019-8235
CONFIRM manageiq — manageiq_evm Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-11-01 not yet calculated CVE-2013-0186
CONFIRM
MISC mantisbt — mantisbt A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. 2019-10-31 not yet calculated CVE-2013-1931
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC mantisbt — mantisbt A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name. 2019-10-31 not yet calculated CVE-2013-1932
MISC
MISC
MISC
CONFIRM
MISC mantisbt — mantisbt MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. 2019-10-31 not yet calculated CVE-2013-1930
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC mapserver — mapserver Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing. 2019-10-29 not yet calculated CVE-2010-1678
MISC
MISC
CONFIRM maxthon — maxthon_browser_for_windows Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows. 2019-10-29 not yet calculated CVE-2019-16647
MISC
MISC minidlna — minidlna MiniDLNA has heap-based buffer overflow 2019-11-01 not yet calculated CVE-2013-2739
MISC
MISC minidlna — minidlna minidlna has SQL Injection that may allow retrieval of arbitrary files 2019-11-01 not yet calculated CVE-2013-2738
MISC
MISC
MISC
MISC miniupnpd — miniupnpd MiniUPnPd has information disclosure use of snprintf() 2019-11-01 not yet calculated CVE-2013-2600
MISC
MISC
MISC
MISC
MISC mooltipass — moolticute An issue was discovered in Mooltipass Moolticute through v0.42.1 and v0.42.x-testing through v0.42.5-testing. There is a NULL pointer dereference in MPDevice_win.cpp. 2019-10-30 not yet calculated CVE-2019-18635
MISC
MISC opera — opera_mini_for_android Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553, 44.1.2254.142659, and 44.1.2254.143214. 2019-10-29 not yet calculated CVE-2019-18624
MISC
MISC phoenix_contact — pc_works_and_pc_worx_express_and_config+ An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation. 2019-10-31 not yet calculated CVE-2019-16675
MISC
MISC
MISC postgresql — postgresql A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. 2019-10-29 not yet calculated CVE-2019-10208
CONFIRM
CONFIRM postgresql — postgresql_windows_installer Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory. 2019-10-29 not yet calculated CVE-2019-10211
CONFIRM
CONFIRM project_jupyter — jupyter_notebook Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document. 2019-10-31 not yet calculated CVE-2018-21030
MISC
MISC python — python An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. 2019-10-31 not yet calculated CVE-2019-5010
MISC qtum — qtum qtum through 0.16 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim’s disk and RAM. 2019-10-29 not yet calculated CVE-2018-19151
MISC
MISC

rainbow_pdf — office_server_document_converter

A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220). While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the bounds corresponding to the number of style levels, causing a vtable pointer to be overwritten, which leads to code execution. 2019-10-31 not yet calculated CVE-2019-5030
MISC rdesktop — rdesktop RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5 2019-10-30 not yet calculated CVE-2019-15682
MISC red_hat — jboss_operations_network A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user. 2019-10-30 not yet calculated CVE-2010-0737
MISC red_hat — openshift cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp. 2019-11-01 not yet calculated CVE-2013-0165
MISC red_hat — openstack HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. 2019-11-01 not yet calculated CVE-2013-2255
MISC
MISC
MISC
MISC
MISC
MISC
MISC red_hat — red_hat_enterprise_linux While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected. 2019-10-30 not yet calculated CVE-2018-5742
CONFIRM redis — redis Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds. 2019-11-01 not yet calculated CVE-2013-0180
MLIST
MISC redis — redis Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm. 2019-11-01 not yet calculated CVE-2013-0178
MISC
MISC
MISC
MISC
MISC
MISC rpcbind — rpcbind rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started. 2019-10-29 not yet calculated CVE-2010-2061
MISC
MISC
MISC
MISC
MLIST rpcbind — rpcbind rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr. 2019-10-29 not yet calculated CVE-2010-2064
MISC
MISC
MISC
MLIST ruby193 — ruby193 ruby193 uses an insecure LD_LIBRARY_PATH setting. 2019-10-31 not yet calculated CVE-2013-1945
MISC sahi_pro — sahi_pro Sahi Pro 8.0.0 has a script manager arena located at _s_/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script’s Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment field. The sql parameter can be used to trigger reflected XSS. 2019-10-29 not yet calculated CVE-2019-13066
MISC
MISC schneider_electric — multiple_modicon_products A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol. 2019-10-29 not yet calculated CVE-2019-6845
CONFIRM schneider_electric — multiple_modicon_products A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol. 2019-10-29 not yet calculated CVE-2019-6851
CONFIRM schneider_electric — multiple_modicon_products A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol. 2019-10-29 not yet calculated CVE-2019-6846
CONFIRM secudos — domos The Log module in SECUDOS DOMOS before 5.6 allows XSS. 2019-11-02 not yet calculated CVE-2019-18664
MISC secudos — domos The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion. 2019-11-02 not yet calculated CVE-2019-18665
MISC sensiolabs — php-symphony2-validator php-symfony2-Validator has loss of information during serialization 2019-11-01 not yet calculated CVE-2013-4751
MISC
MISC
MISC
MISC
MISC
MISC shift_cryptosecurity — bitbox02 On SHIFT BitBox02 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. Note: BIP39 secrets are not displayed by default on this device. The side channel is relevant only if the attacker has enough control over the device’s USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. 2019-11-02 not yet calculated CVE-2019-18673
MISC sierra_wireless — airlink_es450_fw An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2019-10-31 not yet calculated CVE-2018-4064
MISC smokeping — smokeping Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields. 2019-11-01 not yet calculated CVE-2013-4168
MISC
MISC
MISC
MISC
MISC
MISC sonatype — nexus_repository_manager There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability. 2019-11-01 not yet calculated CVE-2019-15588
MISC
CONFIRM symantec — sonar The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use on the resident system. 2019-11-01 not yet calculated CVE-2019-12752
CONFIRM systemd — systemd systemd 239 through 243 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. 2019-10-30 not yet calculated CVE-2018-21029
MISC
MISC
MISC technicolor — td5130v2_devices An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mnt_ping.cgi. NOTE: This may overlap CVE-2017?14127. 2019-10-31 not yet calculated CVE-2019-18396
MISC
MISC tightrope_media_systems — carousel The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an “unattend.xml” file left over on the C: drive from the Sysprep process. An attacker with this username and password can leverage it to gain administrator-level access on the system. 2019-10-29 not yet calculated CVE-2018-18929
MISC tightrope_media_systems — carousel An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM by replacing the Carousel.Service.exe file with a custom malicious executable. This service is independent of the associated IIS web site, which means that this service can be manipulated by an attacker without losing access to vulnerabilities in the web interface (which would potentially be used in conjunction with this attack, to control the service). Once the attacker has replaced Carousel.Service.exe, the server can be restarted using the command “shutdown -r -t 0” from a web shell, causing the system to reboot and launching the malicious Carousel.Service.exe as SYSTEM on startup. If this malicious Carousel.Service.exe is configured to launch a reverse shell back to the attacker, then upon reboot the attacker will have a fully privileged remote command-line environment to manipulate the system further. 2019-10-29 not yet calculated CVE-2018-18931
MISC tightrope_media_systems — carousel The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. An authenticated attacker can upload a crafted ZIP file (based on an exported backup of existing “Bulletins”) containing a malicious file. When uploaded, the system only checks for the presence of the needed files within the ZIP and, as long as the malicious file is named properly, will extract all contained files to a new directory on the system, named with a random GUID. The attacker can determine this GUID by previewing an image from the uploaded Bulletin within the web UI. Once the GUID is determined, the attacker can navigate to the malicious file and execute it. In testing, an ASPX web shell was uploaded, allowing for remote-code execution in the context of a restricted IIS user. 2019-10-29 not yet calculated CVE-2018-18930
MISC

trend_micro — apex_one_and_officescan_and_worry-free_business_security

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product’s management console as a root user. The vulnerability does not require authentication. 2019-10-28 not yet calculated CVE-2019-18189
N/A turbovnc — turbovnc TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via network connectivity. To exploit this vulnerability authorization on server is required. These issues have been fixed in commit cea98166008301e614e0d36776bf9435a536136e. 2019-10-29 not yet calculated CVE-2019-15683
MISC twiki — twiki TWiki allows arbitrary shell command execution via the Include function 2019-11-01 not yet calculated CVE-2005-3056
DEBIAN
MISC
CONFIRM typo3 — typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend. 2019-11-01 not yet calculated CVE-2010-3661
MISC
MISC
CONFIRM typo3 — typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend. 2019-11-01 not yet calculated CVE-2010-3660
MISC
MISC
CONFIRM vmware — esxi_and_workstation_and_fusion VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. 2019-10-28 not yet calculated CVE-2019-5536
MISC vmware — sd-wan In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail address if present but no other personal data. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 4.3. 2019-10-29 not yet calculated CVE-2019-5533
CONFIRM vmware — vcenter_server_appliance Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations. 2019-10-28 not yet calculated CVE-2019-5537
MISC vmware — vcenter_server_appliance Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations. 2019-10-28 not yet calculated CVE-2019-5538
MISC websieve — websieve Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remote attackers to inject arbitrary web script or HTML code in the web user interface. 2019-11-01 not yet calculated CVE-2005-2350
MISC
MISC wordpress — wordpress plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. 2019-10-31 not yet calculated CVE-2019-16251
MISC
MISC wordpress — wordpress An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price. 2019-11-02 not yet calculated CVE-2019-18668
MISC
MISC xen_project — xen An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don’t install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected. 2019-10-31 not yet calculated CVE-2019-18425
MLIST
MISC xen_project — xen An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. p2m->max_mapped_gfn is used by the functions p2m_resolve_translation_fault() and p2m_get_entry() to sanity check guest physical frame. The rest of the code in the two functions will assume that there is a valid root table and check that with BUG_ON(). The function p2m_get_root_pointer() will ignore the unused top bits of a guest physical frame. This means that the function p2m_set_entry() will alias the frame. However, p2m->max_mapped_gfn will be updated using the original frame. It would be possible to set p2m->max_mapped_gfn high enough to cover a frame that would lead p2m_get_root_pointer() to return NULL in p2m_get_entry() and p2m_resolve_translation_fault(). Additionally, the sanity check on p2m->max_mapped_gfn is off-by-one allowing “highest mapped + 1” to be considered valid. However, p2m_get_root_pointer() will return NULL. The problem could be triggered with a specially crafted hypercall XENMEM_add_to_physmap{, _batch} followed by an access to an address (via hypercall or direct access) that passes the sanity check but cause p2m_get_root_pointer() to return NULL. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen version 4.8 and newer are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected. 2019-10-31 not yet calculated CVE-2019-18423
MLIST
MISC xen_project — xen An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified. 2019-10-31 not yet calculated CVE-2019-18422
MLIST
MISC xen_project — xen An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable. 2019-10-31 not yet calculated CVE-2019-18424
MLIST
MISC xen_project — xen An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability. 2019-10-31 not yet calculated CVE-2019-18420
MLIST
MISC xen_project — xen An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen exposes the actual hardware pagetables to the guest. In order to prevent the guest from modifying these page tables directly, Xen keeps track of how pages are used using a type system; pages must be “promoted” before being used as a pagetable, and “demoted” before being used for any other type. Xen also allows for “recursive” promotions: i.e., an operating system promoting a page to an L4 pagetable may end up causing pages to be promoted to L3s, which may in turn cause pages to be promoted to L2s, and so on. These operations may take an arbitrarily large amount of time, and so must be re-startable. Unfortunately, making recursive pagetable promotion and demotion operations restartable is incredibly complicated, and the code contains several races which, if triggered, can cause Xen to drop or retain extra type counts, potentially allowing guests to get write access to in-use pagetables. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All x86 systems with untrusted PV guests are vulnerable. HVM and PVH guests cannot exercise this vulnerability. 2019-10-31 not yet calculated CVE-2019-18421
MLIST
MISC yandex — clickhouse ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function. 2019-10-31 not yet calculated CVE-2019-18657
MISC
MISC
MISC youphptube — youphptube An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to construct a SQL query. This can be exploited by malicious users to, e.g., read sensitive data from the database through in-band SQL Injection attacks. Successful exploitation of this vulnerability requires the Live Chat plugin to be enabled. 2019-11-02 not yet calculated CVE-2019-18662
MISC youphptube — youphptube An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability. 2019-10-31 not yet calculated CVE-2019-5151
MISC youphptube — youphptube An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the “VideoTags” plugin is enabled, a specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability. 2019-10-31 not yet calculated CVE-2019-5150
MISC yum — yum yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository. 2019-10-31 not yet calculated CVE-2013-1910
MISC
MISC
MISC
MISC
MISC
MISC zte — zx297520v3 The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a Command Injection vulnerability. Unauthorized users can exploit this vulnerability to control the user terminal system. 2019-10-31 not yet calculated CVE-2019-3421
CONFIRM zte — zxmp A security vulnerability exists in a management port in the version of ZTE’s ZXMP M721V3.10P01B10_M2NCP. An attacker could exploit this vulnerability to build a link to the device and send specific packets to cause a denial of service. 2019-10-31 not yet calculated CVE-2019-3419
CONFIRM zuchetti — infobusiness In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload will be triggered every time a user browses the reports page. 2019-10-30 not yet calculated CVE-2019-18207
MISC zuchetti — infobusiness A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload. 2019-10-30 not yet calculated CVE-2019-18206
MISC