Vulnerability Summary for the Week of November 11, 2019
Released
Nov 18, 2019
Document ID
SB19-322
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| au_optronics -- sunveillance_monitoring_system | An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. There is an incorrect access control vulnerability that can allow an unauthenticated user to upload files via a modified authority parameter. | 2019-11-12 | 7.5 | CVE-2019-12719 MISC MISC |
| belkin -- n900_db_wireless_router | Symlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service. | 2019-11-13 | 7.8 | CVE-2013-4655 MISC MISC MISC |
| broadcom -- wi-fi_driver | In the Broadcom Wi-Fi driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-130375182 | 2019-11-13 | 7.5 | CVE-2019-9466 MISC |
| chartkick_gem_for_ruby_on_rails -- chartkick_gem_for_ruby_on_rails | Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution. | 2019-11-11 | 7.5 | CVE-2019-18841 MISC MISC MISC CONFIRM MISC MISC |
| d-link -- multiple_routers | Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00. | 2019-11-11 | 10 | CVE-2019-18852 MISC |
| elgg_foundation -- elgg | Elgg through 1.7.10 has a SQL injection vulnerability | 2019-11-12 | 7.5 | CVE-2011-2936 REDHAT MISC DEBIAN |
| energycap -- energycap | Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with access rights matching the user who created the dashboard. | 2019-11-08 | 7.5 | CVE-2019-18623 CONFIRM CONFIRM |
| enghouse_interactive -- web_chat | An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can replace the port number at WebServiceLocation=http://localhost:8085/UCWebServices/ with a range of ports to determine what is visible on the internal network (as opposed to what general web traffic would see on the product's host). The response from open ports is different than from closed ports. The product does not allow one to change the protocol: anything except http(s) will throw an error; however, it is the type of error that allows one to determine if a port is open or not. | 2019-11-13 | 7.5 | CVE-2019-16948 MISC |
| fudforum -- fudforum | FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php. | 2019-11-12 | 8.5 | CVE-2019-18873 MISC MISC |
| fudforum -- fudforum | FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. | 2019-11-13 | 8.5 | CVE-2019-18839 MISC MISC |
| gnome -- gdk-pixbuf | gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw | 2019-11-12 | 7.5 | CVE-2011-2897 MISC MISC MISC |
| google -- android
| In createProjectionMapForQuery of TvProvider.java, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135269669 | 2019-11-13 | 7.8 | CVE-2019-2211 MISC |
| google -- android | In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139188579 | 2019-11-13 | 9.3 | CVE-2019-2206 MISC |
| google -- android | In nfa_hci_handle_admin_gate_rsp of nfa_hci_act.cc, there is a possible out of bound write due to missing bounds checks. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-124524315 | 2019-11-13 | 7.2 | CVE-2019-2207 MISC |
| google -- android | In tokenize of sqlite3_android.cpp, there is a possible attacker controlled INSERT statement due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139186193 | 2019-11-13 | 7.2 | CVE-2019-2195 MISC |
| google -- android | In okToConnect of HidHostService.java, there is a possible permission bypass due to an incorrect state check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-79703832 | 2019-11-13 | 10 | CVE-2019-2036 MISC |
| google -- android | In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. This could lead to remote code execution in the pacprocessor with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-138442295 | 2019-11-13 | 10 | CVE-2019-2204 MISC |
| google -- android | In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139806216 | 2019-11-13 | 10 | CVE-2019-2205 MISC |
| google -- android | In getUserCount and getCount of UserSwitcherController.java, there is possible new user creation due to a logic error. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140486529 | 2019-11-13 | 7.2 | CVE-2019-2233 MISC |
| google -- android | In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-136210786References: Upstream kernel | 2019-11-13 | 7.2 | CVE-2019-2214 MISC |
| google -- android | In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-137370777 | 2019-11-13 | 7.2 | CVE-2019-2203 MISC |
| google -- android | In load_logging_config of qmi_vs_service.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-139148442 | 2019-11-13 | 7.2 | CVE-2019-2210 MISC |
| google -- android | In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-137283376 | 2019-11-13 | 7.2 | CVE-2019-2202 MISC |
| google -- android | In createSessionInternal of PackageInstallerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138650665 | 2019-11-13 | 7.2 | CVE-2019-2199 MISC |
| google -- android | In WelcomeActivity.java and related files, there is a possible permissions bypass due to a partially provisioned Device Policy Client. This could lead to local escalation of privilege, leaving an Admin app installed with no indication to the user, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-132261064 | 2019-11-13 | 7.2 | CVE-2019-2193 MISC |
| google -- android | In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-80316910 | 2019-11-13 | 7.2 | CVE-2019-9467 MISC |
| google -- android | In call of SliceProvider.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-138441555 | 2019-11-13 | 7.2 | CVE-2019-2192 MISC |
| google -- android | There is a possible out of bounds read in v8 JIT code due to a bug in code generation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-138441919 | 2019-11-13 | 7.8 | CVE-2019-2208 MISC |
| google -- android | In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120551338 | 2019-11-13 | 9.3 | CVE-2019-2201 MISC UBUNTU |
| helm -- helm | In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. No version of Tiller is known to be impacted. This is a client-only issue. | 2019-11-12 | 7.5 | CVE-2019-18658 MISC |
| lenovo -- multiple_thinkpads | A potential vulnerability in some Lenovo ThinkPads may allow an attacker to execute arbitrary code under SMM under certain circumstances. | 2019-11-12 | 7.5 | CVE-2019-6170 MISC |
| lenovo -- multiple_thinkpads | A potential vulnerability in the SMI callback function in some Lenovo ThinkPad models may allow arbitrary code execution | 2019-11-12 | 7.5 | CVE-2019-6172 MISC |
| libpoe-component-irc-perl -- libpoe-component-irc-perl | libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server. | 2019-11-12 | 7.5 | CVE-2010-3438 MISC MISC MISC |
| matrix-org -- synapse | Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers. | 2019-11-08 | 7.5 | CVE-2019-18835 MISC MISC |
medtronic -- valleylab_exchange_client_and_valleylab_ft10_and_fx8_energy_platform | Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes. | 2019-11-08 | 7.2 | CVE-2019-13539 MISC |
| microsoft -- chakracore_and_edge | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1428, CVE-2019-1429. | 2019-11-12 | 7.6 | CVE-2019-1427 MISC |
| microsoft -- chakracore_and_edge | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1429. | 2019-11-12 | 7.6 | CVE-2019-1428 MISC |
| microsoft -- chakracore_and_edge | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1427, CVE-2019-1428, CVE-2019-1429. | 2019-11-12 | 7.6 | CVE-2019-1426 MISC |
| microsoft -- exchange_server_2013_and_2016_and_2019 | A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. | 2019-11-12 | 7.5 | CVE-2019-1373 MISC |
| microsoft -- internet_explorer_9_and_10_and_11 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428. | 2019-11-12 | 7.6 | CVE-2019-1429 MISC |
| microsoft -- internet_explorer_9_and_10_and_11 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. | 2019-11-12 | 7.6 | CVE-2019-1390 MISC |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'. | 2019-11-12 | 7.2 | CVE-2019-1388 MISC MISC |
| microsoft -- multiple_products
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0721. | 2019-11-12 | 9 | CVE-2019-0719 MISC |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1437, CVE-2019-1438. | 2019-11-12 | 7.2 | CVE-2019-1435 MISC |
| microsoft -- multiple_products | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. | 2019-11-12 | 9.3 | CVE-2019-1406 MISC |
| microsoft -- multiple_products | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1398. | 2019-11-12 | 7.7 | CVE-2019-1397 MISC |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 2019-11-12 | 7.2 | CVE-2019-1392 MISC |
| microsoft -- multiple_products | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1397, CVE-2019-1398. | 2019-11-12 | 7.7 | CVE-2019-1389 MISC |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434. | 2019-11-12 | 7.2 | CVE-2019-1394 MISC MISC |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434. | 2019-11-12 | 7.2 | CVE-2019-1395 MISC MISC |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408. | 2019-11-12 | 7.2 | CVE-2019-1434 MISC |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1408, CVE-2019-1434. | 2019-11-12 | 7.2 | CVE-2019-1396 MISC MISC |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1435, CVE-2019-1437, CVE-2019-1438. | 2019-11-12 | 7.2 | CVE-2019-1433 MISC |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1434. | 2019-11-12 | 7.2 | CVE-2019-1408 MISC MISC |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1437. | 2019-11-12 | 7.2 | CVE-2019-1438 MISC |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1433, CVE-2019-1435, CVE-2019-1437, CVE-2019-1438. | 2019-11-12 | 7.2 | CVE-2019-1407 MISC |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. | 2019-11-12 | 7.2 | CVE-2019-1405 MISC |
| microsoft -- multiple_products | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | 2019-11-12 | 9.3 | CVE-2019-1448 MISC |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434. | 2019-11-12 | 7.2 | CVE-2019-1393 MISC MISC |
| microsoft -- office_2019_and_office_365_proplus | A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would have to run a specially crafted file, aka 'Microsoft Office ClickToRun Security Feature Bypass Vulnerability'. | 2019-11-12 | 10 | CVE-2019-1449 MISC |
| microsoft -- windows_10_and_windows_server | A remote code execution vulnerability exists when Windows Media Foundation improperly parses specially crafted QuickTime media files.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'Microsoft Windows Media Foundation Remote Code Execution Vulnerability'. | 2019-11-12 | 9.3 | CVE-2019-1430 MISC |
| microsoft -- windows_10_and_windows_server_2019_and_windows_server | An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1438. | 2019-11-12 | 7.2 | CVE-2019-1437 MISC |
| microsoft -- windows_10_and_windows_server_2019_and_windows_server | A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0719. | 2019-11-12 | 9 | CVE-2019-0721 MISC |
| microsoft -- windows_10_and_windows_server_2019_and_windows_server | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1397. | 2019-11-12 | 7.7 | CVE-2019-1398 MISC |
| microsoft -- windows_7_and_windows_server_2008 | A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'. | 2019-11-12 | 9.3 | CVE-2019-1441 MISC MISC |
| nvidia -- windows_gpu_display_driver | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the product uses untrusted input when calculating or using an array index, which may lead to escalation of privileges or denial of service. | 2019-11-09 | 7.2 | CVE-2019-5692 CONFIRM |
| nvidia -- windows_gpu_display_driver | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a NULL pointer is dereferenced, which may lead to denial of service or escalation of privileges. | 2019-11-09 | 7.2 | CVE-2019-5691 CONFIRM |
| nvidia -- windows_gpu_display_driver | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the size of an input buffer is not validated, which may lead to denial of service or escalation of privileges. | 2019-11-09 | 7.2 | CVE-2019-5690 CONFIRM |
| offlineimap -- offlineimap | offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies. | 2019-11-13 | 7.5 | CVE-2010-4533 MISC MISC MISC MISC MISC |
| sibsoft -- xfilesharing | SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP. | 2019-11-13 | 7.5 | CVE-2019-18952 MISC MISC |
| systematic -- iris_webforms | Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication. | 2019-11-12 | 7.5 | CVE-2019-18925 MISC |
| untangle -- ng_firewall | The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user. | 2019-11-14 | 9 | CVE-2019-18647 MISC |
| western_digital -- my_cloud_ex2_ultra_firmware | Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters. | 2019-11-13 | 9 | CVE-2019-18931 MISC MISC |
| western_digital -- my_cloud_ex2_ultra_firmware | Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow. | 2019-11-13 | 9 | CVE-2019-18929 MISC MISC |
| western_digital -- my_cloud_ex2_ultra_firmware | Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs. | 2019-11-13 | 9 | CVE-2019-18930 MISC MISC |
| wordpress -- wordpress | A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC. | 2019-11-08 | 9 | CVE-2019-17661 MISC |
| zte -- zxupn-9000e | The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations. | 2019-11-08 | 7.5 | CVE-2019-3426 CONFIRM |
| zte -- zxupn-9000e | The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts. | 2019-11-08 | 7.5 | CVE-2019-3425 CONFIRM |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| alien-arena -- alien-arena | It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command. | 2019-11-12 | 4 | CVE-2010-3439 MISC MISC MISC MISC |
| apache -- arrow | It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats. | 2019-11-08 | 5 | CVE-2019-12408 CONFIRM MLIST |
| apache -- arrow | While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats. | 2019-11-08 | 5 | CVE-2019-12410 MLIST MLIST MLIST |
| atlassian -- troubleshooting_and_support_tool | The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2. | 2019-11-08 | 4 | CVE-2019-15005 MISC MISC |
| atoptool -- atop | atop: symlink attack possible due to insecure tempfile handling | 2019-11-12 | 4.6 | CVE-2011-3618 REDHAT MISC DEBIAN |
| au_optronics -- sunveillance_monitoring_system | AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picture_manage_mvc.aspx plant_no parameter, the swapdl_mvc.aspx plant_no parameter, and the account_management.aspx Text_Postal_Code and Text_Dis_Code parameters. | 2019-11-12 | 5 | CVE-2019-12720 MISC MISC |
| bitweaver -- bitweaver | Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_password.php, (4) days parameter to stats/index.php, (5) login parameter to users/register.php, or (6) highlight parameter. | 2019-11-13 | 4.3 | CVE-2012-5193 EXPLOIT-DB MISC |
| broadcom -- brocade_sannav | A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal. | 2019-11-08 | 4.3 | CVE-2019-16205 CONFIRM |
| broadcom -- brocade_sannav | Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.). | 2019-11-08 | 5 | CVE-2019-16208 CONFIRM |
| ceph -- rgw_server | A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients. | 2019-11-08 | 5 | CVE-2019-10222 CONFIRM MISC |
| cross-origin_resource_sharing -- cross-origin_resource_sharing | It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information. | 2019-11-08 | 4.3 | CVE-2019-14860 REDHAT CONFIRM |
| drupal -- drupal | A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled. | 2019-11-11 | 5 | CVE-2019-18856 MISC MISC |
| dtc-xen -- dtc-xen | dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console. | 2019-11-09 | 6.8 | CVE-2009-4011 MISC MISC MISC |
| elgg_foundation -- elgg | Elgg through 1.7.10 has XSS | 2019-11-12 | 4.3 | CVE-2011-2935 REDHAT MISC DEBIAN |
| enghouse_interactive -- web_chat | A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own domain name. When the product calls this domain after the POST request is sent, it retrieves an attacker's data and displays it. Also worth mentioning is the amount of information sent in the request from this product to the attacker: it reveals information the public should not have. This includes pathnames and internal ip addresses. | 2019-11-13 | 5 | CVE-2019-16951 MISC |
| enghouse_interactive -- web_chat | An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. The QueueName parameter of a GET request allows for insertion of user-supplied JavaScript. | 2019-11-13 | 4.3 | CVE-2019-16950 MISC |
| enghouse_interactive -- web_chat | An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. A user is allowed to send an archive of their chat log to an email address specified at the beginning of the chat (where the user enters in their name and e-mail address). This POST request can be modified to change the message as well as the end recipient of the message. The e-mail address will have the same domain name and user as the product allotted. This can be used in phishing campaigns against users on the same domain. | 2019-11-13 | 4 | CVE-2019-16949 MISC |
| envoy_proxy -- envoy | Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used." | 2019-11-11 | 5 | CVE-2019-18836 MISC CONFIRM MISC MISC |
| ettercap_project -- ettercap | An unchecked sscanf() call in ettercap 0.7.3 allows an insecure temporary settings file to overflow a static-sized buffer on the stack. | 2019-11-12 | 6.8 | CVE-2010-3844 MISC MISC MISC |
| firegpg -- firegpg | FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key. | 2019-11-08 | 5 | CVE-2008-7272 MISC MISC MISC |
| gargoyle-free -- gargoyle-free | If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account. | 2019-11-12 | 4.4 | CVE-2010-3359 MISC |
| gnu -- mailutils | maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. | 2019-11-11 | 4.6 | CVE-2019-18862 MISC |
| google -- android | In Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135269143 | 2019-11-13 | 4.9 | CVE-2019-2196 MISC |
| google -- android | In binder_free_transaction of binder.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-133758011References: Upstream kernel | 2019-11-13 | 6.9 | CVE-2019-2213 MISC |
| google -- android | In poisson_distribution of random, there is an out of bounds read. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139690488 | 2019-11-13 | 4.9 | CVE-2019-2212 MISC |
| google -- android | In BTA_DmPinReply of bta_dm_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139287605 | 2019-11-13 | 4.9 | CVE-2019-2209 MISC |
| google -- android | In Download Provider, there is a possible SQL injection vulnerability. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135270103 | 2019-11-13 | 4.9 | CVE-2019-2198 MISC |
| google -- chrome | Use after free vulnerability exists in WebKit in Google Chrome before Blink M12 in RenderLayerwhen removing elements with reflections. | 2019-11-12 | 4.3 | CVE-2011-2334 MISC MISC |
| google -- chrome | WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption). | 2019-11-12 | 4.3 | CVE-2011-1802 MISC MISC |
| google -- chrome | An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h in WebKit in Google Chrome before Blink M11 and M12 when trying to access a removed smil element. | 2019-11-12 | 4.3 | CVE-2011-1803 MISC MISC |
| google -- chrome | A double-free vulnerability exists in WebKit in Google Chrome before Blink M12 in the WebCore::CSSSelector function. | 2019-11-12 | 5 | CVE-2011-2335 MISC MISC |
| hibernate -- hibernate_validator | A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. | 2019-11-08 | 4.3 | CVE-2019-10219 CONFIRM |
| hitachi -- command_suite | A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information. | 2019-11-12 | 5 | CVE-2018-21026 MISC CONFIRM |
| huawei -- multiple_products | Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out-of-bounds read vulnerability due to the insufficient checks of the specific packet length. Attackers can construct invalid packets to attack the active and standby communication channels. Successful exploit of this vulnerability could allow the attacker to crash the database on the standby node. | 2019-11-13 | 5 | CVE-2019-5289 MISC |
| huawei -- multiple_products | There is an out of bound read vulnerability in some Huawei products. A remote, unauthenticated attacker may send a corrupt or crafted message to the affected products. Due to a buffer read overflow error when parsing the message, successful exploit may cause some service to be abnormal. | 2019-11-13 | 5 | CVE-2019-5294 MISC |
| huawei -- multiple_products | Some Huawei products have a memory leak vulnerability when handling some messages. A remote attacker with operation privilege could exploit the vulnerability by sending specific messages continuously. Successful exploit may cause some service to be abnormal. | 2019-11-13 | 4 | CVE-2019-5293 MISC |
| huawei -- multiple_smartphones
| Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack. Successful exploit could cause DOS or malicious code execution. | 2019-11-13 | 4.6 | CVE-2019-5246 MISC |
| huawei -- multiple_smartphones | Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific components. | 2019-11-13 | 6.8 | CVE-2019-5233 MISC |
| huawei -- multiple_smartphones | Bastet module of some Huawei smartphones with Versions earlier than Emily-AL00A 9.0.0.182(C00E82R1P21), Versions earlier than Emily-TL00B 9.0.0.182(C01E82R1P21), Versions earlier than Emily-L09C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.202(C185E2R1P12) have a double free vulnerability. An attacker tricks the user into installing a malicious application, which frees on the same memory address twice. Successful exploit could result in malicious code execution. | 2019-11-13 | 6.8 | CVE-2019-5282 MISC |
| huawei -- multiple_smartphones | Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution. | 2019-11-12 | 6.8 | CVE-2019-5228 MISC |
| huawei -- p20_pro_and_p20_and_mate_rs_smartphones | P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform a properly validation of certain input models, an attacker could trick the user to install a malicious application then craft a malformed model, successful exploit could allow the attacker to get and tamper certain output data information. | 2019-11-13 | 4.3 | CVE-2019-5230 MISC |
| huawei -- p30_smartphones | P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could cause malicious code execution. | 2019-11-12 | 4.6 | CVE-2019-5229 MISC |
| ibm -- cognos_analytics | IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271. | 2019-11-09 | 4 | CVE-2019-4334 XF CONFIRM |
| ibm -- cognos_analytics | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369. | 2019-11-09 | 6.5 | CVE-2018-1721 XF CONFIRM |
| ibm -- cognos_analytics | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881. | 2019-11-09 | 4.3 | CVE-2019-4645 XF CONFIRM |
| ibm -- cognos_controller | IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658. | 2019-11-09 | 4 | CVE-2019-4411 XF CONFIRM |
| ibm -- cognos_controller | IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659. | 2019-11-09 | 5 | CVE-2019-4412 XF CONFIRM |
| ibm -- i | IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163492. | 2019-11-09 | 4.3 | CVE-2019-4450 XF CONFIRM |
| ibm -- qradar | IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430. | 2019-11-09 | 4 | CVE-2019-4509 XF CONFIRM |
| ibm -- qradar | IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167239. | 2019-11-09 | 4.3 | CVE-2019-4581 XF CONFIRM |
| ibm -- qradar_advisor | IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 166205. | 2019-11-09 | 4 | CVE-2019-4556 XF CONFIRM |
| imagemagick -- imagemagick | ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2. | 2019-11-11 | 4.3 | CVE-2019-18853 MISC MISC |
| istio -- istio | Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836. | 2019-11-12 | 5 | CVE-2019-18817 MISC MISC |
| json-jwt_gem_for_ruby_on_rails -- json-jwt_gem_for_ruby_on_rails | The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. | 2019-11-12 | 5 | CVE-2019-18848 MISC MISC |
| lavalite -- cms | XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. | 2019-11-13 | 4.3 | CVE-2019-18883 MISC MISC |
| mantisbt-- mantisbt | MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks. | 2019-11-09 | 4.3 | CVE-2009-2802 CONFIRM CONFIRM MISC |
| mcafee -- advanced_threat_defense | Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files. | 2019-11-13 | 4 | CVE-2019-3649 MISC |
| mcafee -- advanced_threat_defense | Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive. | 2019-11-13 | 6.5 | CVE-2019-3651 MISC |
| mcafee -- advanced_threat_defense | Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests. | 2019-11-13 | 6.5 | CVE-2019-3660 CONFIRM |
| mcafee -- advanced_threat_defense | Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in the database. | 2019-11-13 | 4 | CVE-2019-3650 MISC |
| mcafee -- advanced_threat_defense | Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests. | 2019-11-14 | 4 | CVE-2019-3662 MISC |
| mcafee -- advanced_threat_defense | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads. | 2019-11-14 | 6.5 | CVE-2019-3661 MISC |
medtronic -- valleylab_exchange_client_and_valleylab_ft10_and__fx8_energy_platform | Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device. | 2019-11-08 | 5 | CVE-2019-13543 MISC |
| microsoft -- azure_stack | A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'. | 2019-11-12 | 5 | CVE-2019-1234 MISC |
| microsoft -- edge | A security feature bypass vulnerability exists when Microsoft Edge improperly handles extension requests and fails to request host permission for all_urls, aka 'Microsoft Edge Security Feature Bypass Vulnerability'. | 2019-11-12 | 4.3 | CVE-2019-1413 MISC |
microsoft -- microsoft_office_2016_for_mac_and_microsoft_office_2019_for_mac | A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka 'Microsoft Office Excel Security Feature Bypass'. | 2019-11-12 | 6.8 | CVE-2019-1457 MISC |
| microsoft -- multiple_products | An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1411. | 2019-11-12 | 4.3 | CVE-2019-1432 MISC MISC |
| microsoft -- multiple_products | A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2018-12207. | 2019-11-12 | 4.9 | CVE-2019-1391 MISC |
| microsoft -- multiple_products | An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1432. | 2019-11-12 | 4.3 | CVE-2019-1411 MISC MISC |
| microsoft -- multiple_products | A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1456. | 2019-11-12 | 6.8 | CVE-2019-1419 MISC MISC |
| microsoft -- multiple_products | A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309, CVE-2019-1310. | 2019-11-12 | 5.5 | CVE-2019-1399 MISC |
| microsoft -- multiple_products | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1309, CVE-2019-1310, CVE-2019-1399. | 2019-11-12 | 6.8 | CVE-2019-0712 MISC |
| microsoft -- multiple_products | A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'. | 2019-11-12 | 4.6 | CVE-2019-1380 MISC MISC |
| microsoft -- multiple_products | A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel, aka 'NetLogon Security Feature Bypass Vulnerability'. | 2019-11-12 | 6.8 | CVE-2019-1424 MISC |
| microsoft -- multiple_products | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. | 2019-11-12 | 4.3 | CVE-2019-1446 MISC |
| microsoft -- multiple_products | A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'. | 2019-11-12 | 6.5 | CVE-2019-1384 MISC |
| microsoft -- multiple_products | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 2019-11-12 | 4.3 | CVE-2019-1439 MISC |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1379, CVE-2019-1417. | 2019-11-12 | 4.6 | CVE-2019-1383 MISC |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1379, CVE-2019-1383. | 2019-11-12 | 4.6 | CVE-2019-1417 MISC |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1422, CVE-2019-1423. | 2019-11-12 | 4.6 | CVE-2019-1420 MISC |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1420, CVE-2019-1423. | 2019-11-12 | 4.6 | CVE-2019-1422 MISC MISC |
| microsoft -- multiple_products | A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1419. | 2019-11-12 | 6.8 | CVE-2019-1456 MISC MISC |
| microsoft -- multiple_products | An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. | 2019-11-12 | 4.3 | CVE-2019-1374 MISC |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. | 2019-11-12 | 4.6 | CVE-2019-1415 MISC |
| microsoft -- multiple_sharepoint_products | An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The security update addresses the vulnerability by correcting how SharePoint checks file content., aka 'Microsoft SharePoint Information Disclosure Vulnerability'. | 2019-11-12 | 4 | CVE-2019-1443 MISC |
| microsoft -- office_online_server | A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1447. | 2019-11-12 | 5.8 | CVE-2019-1445 MISC |
| microsoft -- office_online_server | A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1445. | 2019-11-12 | 5.8 | CVE-2019-1447 MISC |
| microsoft -- sharepoint_server_2019 | A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'. | 2019-11-12 | 4.3 | CVE-2019-1442 MISC |
| microsoft -- windows_10_and_windows_server | An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1420, CVE-2019-1422. | 2019-11-12 | 4.6 | CVE-2019-1423 MISC MISC |
| microsoft -- windows_10_and_windows_server_2019 | An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1383, CVE-2019-1417. | 2019-11-12 | 4.6 | CVE-2019-1379 MISC |
| microsoft -- windows_10_and_windows_server_2019_and_windows_server | An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'. | 2019-11-12 | 5 | CVE-2019-1324 MISC |
| microsoft -- windows_10_and_windows_server_2019_and_windows_server | An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'. | 2019-11-12 | 6.1 | CVE-2019-1385 MISC MISC |
| microsoft -- windows_10_and_windows_server_2019_and_windows_server | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1310, CVE-2019-1399. | 2019-11-12 | 6.8 | CVE-2019-1309 MISC |
| microsoft -- windows_10_and_windows_server_2019_and_windows_server | An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. | 2019-11-12 | 4.4 | CVE-2019-1416 MISC |
| microsoft -- windows_10_and_windows_server_2019_and_windows_server | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309, CVE-2019-1399. | 2019-11-12 | 6.8 | CVE-2019-1310 MISC |
| microstrategy -- microstrategy | Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS. | 2019-11-14 | 4.3 | CVE-2019-18957 MISC FULLDISC MISC |
| mitel -- micollab_and_mivoice_business_express_versions | A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. A successful exploit could allow execution of arbitrary commands. | 2019-11-12 | 5 | CVE-2018-18819 MISC CONFIRM |
| mod_ruid2 -- mod_ruid2 | mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot. | 2019-11-08 | 5 | CVE-2013-1889 MISC MISC MISC CONFIRM |
| moodle -- moodle | Moodle before 2.2.2: Overview report allows users to see hidden courses | 2019-11-14 | 4 | CVE-2012-1159 MISC MISC MISC MISC MISC MISC MISC CONFIRM MISC |
| moodle -- moodle | Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough | 2019-11-14 | 5 | CVE-2012-1170 MISC MISC MISC MISC MISC MISC MISC CONFIRM MISC |
| moodle -- moodle | Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results | 2019-11-14 | 4 | CVE-2012-1161 MISC MISC MISC MISC MISC MISC MISC CONFIRM MISC |
| nvidia -- geforce_experience | NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure. | 2019-11-09 | 4.6 | CVE-2019-5689 CONFIRM |
| nvidia -- geforce_experience | NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution. | 2019-11-09 | 4.4 | CVE-2019-5701 CONFIRM |
| nvidia -- geforce_experience_and_windows_gpu_display_driver | NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. | 2019-11-12 | 4.4 | CVE-2019-5695 CONFIRM CONFIRM |
| nvidia -- windows_gpu_display_driver | NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. The attacker requires local system access. | 2019-11-09 | 4.4 | CVE-2019-5694 MISC |
| nvidia -- windows_gpu_display_driver | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) in which the program accesses or uses a pointer that has not been initialized, which may lead to denial of service. | 2019-11-09 | 4.9 | CVE-2019-5693 CONFIRM |
| offlineimap -- offlineimap | offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks. | 2019-11-13 | 4.3 | CVE-2010-4532 MISC MISC MISC MISC MISC |
| openstack -- keystone | OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space | 2019-11-12 | 5 | CVE-2012-1572 MISC MISC |
| pediapress -- mwlib | mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions | 2019-11-12 | 5 | CVE-2012-1109 MISC MISC MISC |
| philips -- tasy_emr | In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information. | 2019-11-08 | 5 | CVE-2019-13557 MISC |
| phoenix -- winflash_and_winflash32_drivers | In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019. | 2019-11-13 | 6.8 | CVE-2019-18279 MISC MISC CONFIRM |
| phpbb -- phpbb | phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. | 2019-11-14 | 4.3 | CVE-2011-0544 MISC MISC |
| pixelpost -- pixelpost | Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password. | 2019-11-12 | 6.8 | CVE-2010-3305 MISC MISC EXPLOIT-DB MLIST |
| plesk -- parallels_plesk_panel | Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the "fileName" parameter. | 2019-11-13 | 4.3 | CVE-2019-18793 MISC |
| psutil -- psutil | psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object. | 2019-11-12 | 5 | CVE-2019-18874 MISC |
| qpid-cpp -- qpid-cpp | qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use . | 2019-11-09 | 4 | CVE-2009-5004 MISC MISC MISC MISC |
| red_hat -- hornetq_rest | HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy | 2019-11-12 | 4.3 | CVE-2014-3599 MISC MISC |
| red_hat -- jboss_brms | JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter. | 2019-11-12 | 4.3 | CVE-2010-3857 MISC MISC MISC |
| red_hat -- jboss_keycloak | JBoss KeyCloak is vulnerable to soft token deletion via CSRF | 2019-11-13 | 4.3 | CVE-2014-3655 MISC MISC MISC |
| red_hat -- jboss_operations_network | In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON. | 2019-11-08 | 4 | CVE-2008-5083 MISC MISC |
| red_hat -- tuned | tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service. | 2019-11-08 | 4.7 | CVE-2013-1820 MISC MISC MISC |
| red_hat -- vdsm_and_vdsclient | vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack | 2019-11-13 | 4.3 | CVE-2014-8167 MISC REDHAT |
| red_hat -- openshift_origin | OpenShift Origin: Improperly validated team names could allow stored XSS attacks | 2019-11-13 | 4.3 | CVE-2014-3592 MISC MISC |
| ruby_on_rails -- ruby_on_rails | The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. | 2019-11-12 | 4.3 | CVE-2010-3299 MISC MLIST MISC MISC |
| sap -- businessobjects_business_intelligence_platform | SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly filtered by Web Intelligence HTML interface in some specific workflows. | 2019-11-13 | 5.5 | CVE-2019-0396 MISC MISC |
| sap -- data_hub | Under certain conditions SAP Data Hub (corrected in DH_Foundation version 2) allows an attacker to access information which would otherwise be restricted. Connection details that are maintained in Connection Manager are visible to users. | 2019-11-13 | 4 | CVE-2019-0390 MISC MISC |
| sap -- netweaver_application_server_java | An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise. | 2019-11-13 | 6.5 | CVE-2019-0389 MISC MISC |
| sap -- netweaver_as_java | Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted. | 2019-11-13 | 4 | CVE-2019-0391 MISC MISC |
| sap -- quality_management | An SQL Injection vulnerability in SAP Quality Management (corrected in S4CORE versions 1.0, 1.01, 1.02, 1.03) allows an attacker to carry out targeted database queries that can read individual fields of historical inspection results. | 2019-11-13 | 4 | CVE-2019-0393 MISC MISC |
| sibsoft -- xfilesharing | SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files. | 2019-11-13 | 5 | CVE-2019-18951 MISC MISC |
| slack-chat -- slack-chat | Slack-Chat through 1.5.5 leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.). | 2019-11-12 | 5 | CVE-2019-14367 MISC MISC |
| status -- satusnet | statusnet before 0.9.9 has XSS | 2019-11-12 | 4.3 | CVE-2011-3370 REDHAT MISC DEBIAN |
| svg-sanitizer -- svg-sanitizer | darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring. | 2019-11-11 | 5 | CVE-2019-18857 MISC MISC |
| systematic -- iris_standards_management | Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting (XSS). A user input (related to dialog information) is reflected directly in the web page, allowing a malicious user to conduct a Cross Site Scripting attack against users of the application. | 2019-11-12 | 4.3 | CVE-2019-18926 MISC |
| systematic -- iris_webforms | Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ (and variations), it is possible to list all the directories and check if a particular file exists. | 2019-11-12 | 5 | CVE-2019-18924 MISC |
| tibco -- ebx | The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6. | 2019-11-12 | 4.3 | CVE-2019-17330 MISC MISC |
| tibco -- ebx | The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, versions 4.1.0, 4.2.0, 4.2.1, and 4.2.2. | 2019-11-12 | 4.3 | CVE-2019-17332 MISC MISC |
| tmaxsoft -- jeus | JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file. | 2019-11-08 | 6.5 | CVE-2019-17327 MISC |
| tnef -- tnef | In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup. | 2019-11-11 | 4.3 | CVE-2019-18849 MISC MISC |
| trilex_labs -- letodms | letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar | 2019-11-13 | 4.3 | CVE-2012-4384 MISC DEBIAN |
| trilex_labs -- letodms | letodms 3.3.6 has CSRF via change password | 2019-11-13 | 4.3 | CVE-2012-4385 MISC DEBIAN MISC |
| twisted_matrix_labs -- twisted | Python Twisted 14.0 trustRoot is not respected in HTTP client | 2019-11-12 | 5 | CVE-2014-7143 MISC MISC MISC MISC |
| untangle -- ng_firewall | The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user. | 2019-11-14 | 6.5 | CVE-2019-18646 MISC |
| wolfssl -- wolfssl | In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free. | 2019-11-09 | 5 | CVE-2019-18840 MISC |
| wordpress -- wordpress | A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring. | 2019-11-11 | 5 | CVE-2019-18854 MISC MISC MISC MISC |
| wordpress -- wordpress | A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes. | 2019-11-11 | 5 | CVE-2019-18855 MISC MISC MISC MISC |
| wordpress -- wordpress | includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS. | 2019-11-12 | 4.3 | CVE-2019-17236 MISC MISC |
| wordpress -- wordpress | includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion. | 2019-11-12 | 6.4 | CVE-2019-17234 MISC MISC |
| wordpress -- wordpress | includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure. | 2019-11-12 | 5 | CVE-2019-17235 MISC MISC |
| wordpress -- wordpress | includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF. | 2019-11-12 | 6.8 | CVE-2019-17237 MISC MISC |
| wordpress -- wordpress | WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.). | 2019-11-12 | 5 | CVE-2019-14366 MISC |
| wordpress -- wordpress | The Intercom plugin through 1.2.1 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.). | 2019-11-12 | 5 | CVE-2019-14365 MISC |
| wso2 -- identity_server | WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile. | 2019-11-12 | 4.3 | CVE-2019-18881 MISC |
| wso2 -- identity_server | WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled. | 2019-11-12 | 4.3 | CVE-2019-18882 MISC |
| znc -- znc | NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections. | 2019-11-12 | 5 | CVE-2010-2488 MISC MISC MISC CONFIRM |
| zyxel -- p-1302-t10d_devices | ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges. | 2019-11-12 | 4 | CVE-2019-15815 CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| alsa-utils -- alsa-utils | alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts. | 2019-11-09 | 3.6 | CVE-2009-0035 MISC MISC MISC |
| babiloo -- babiloo | babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files. | 2019-11-12 | 3.3 | CVE-2010-3440 MISC MISC MISC |
| broadcom -- brocade_sannav | The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ?trace? and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information. | 2019-11-08 | 2.1 | CVE-2019-16206 CONFIRM |
| google -- android | In processPhonebookAccess of CachedBluetoothDevice.java, there is a possible permission bypass due to an insecure default value. This could lead to local information disclosure of the user's contact list with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-138529441 | 2019-11-13 | 2.1 | CVE-2019-2197 MISC |
| huawei -- honor_10_and_honor_8a_and_y6_smartphones | Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions before 9.1.0.217(C00E215R3P1), the versions before 9.1.0.205(C00E97R1P9), the versions before 9.1.0.205(C00E97R2P2) have an information leak vulnerability. Due to improper function error records of some module, an attacker with the access permission may exploit the vulnerability to obtain some information. | 2019-11-13 | 2.1 | CVE-2019-5292 MISC |
| huawei -- honor_play_smartphones | Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock. | 2019-11-12 | 1.9 | CVE-2019-5213 MISC |
| huawei -- p30_smartphones | P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package. | 2019-11-13 | 2.1 | CVE-2019-5231 MISC |
| huawei -- p30_smartphones | An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information. | 2019-11-08 | 2.1 | CVE-2019-3866 CONFIRM |
| ibm -- qradar | IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163618. | 2019-11-09 | 3.5 | CVE-2019-4454 XF CONFIRM |
| ibm -- qradar | IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163779. | 2019-11-09 | 3.5 | CVE-2019-4470 XF CONFIRM |
| ibm -- spectrum_protect_plus | IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. IBM X-Force ID: 170963. | 2019-11-12 | 3.6 | CVE-2019-4652 XF CONFIRM |
| liboping -- liboping | liboping 1.3.2 allows users reading arbitrary files upon the local system. | 2019-11-09 | 2.1 | CVE-2009-3614 MISC MISC |
| mailscanner -- mailscanner | The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing. | 2019-11-12 | 2.1 | CVE-2010-3292 MISC MISC MISC MLIST |
| mailscanner -- mailscanner | mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313. | 2019-11-12 | 3.3 | CVE-2010-3095 MISC MISC MISC MLIST |
| mcafee -- advanced_threat_defense | Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. | 2019-11-14 | 2.1 | CVE-2019-3663 MISC |
| mcafee -- threat_intelligence_exchange_server | Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data via specially crafted messages. | 2019-11-13 | 3.5 | CVE-2019-3641 CONFIRM |
| medtronic -- valleylab_ft10_energy_platform_and_ls10_energy_platform | In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN?not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator. | 2019-11-08 | 2.1 | CVE-2019-13531 MISC |
| medtronic -- valleylab_ft10_energy_platform_and_valleylab_ls10_energy_platform | In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN?not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data. | 2019-11-08 | 2.1 | CVE-2019-13535 MISC |
| microsoft -- multiple_products | An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Information Disclosure Vulnerability'. | 2019-11-12 | 2.1 | CVE-2019-1402 MISC |
| microsoft -- multiple_products | An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'. | 2019-11-12 | 2.1 | CVE-2019-1418 MISC |
| microsoft -- multiple_products | An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory, aka 'Windows Remote Procedure Call Information Disclosure Vulnerability'. | 2019-11-12 | 2.1 | CVE-2019-1409 MISC |
| microsoft -- multiple_products | An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations, aka 'Microsoft Windows Information Disclosure Vulnerability'. | 2019-11-12 | 2.1 | CVE-2019-1381 MISC |
| microsoft -- multiple_products | An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication, aka 'Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability'. | 2019-11-12 | 2.1 | CVE-2019-1382 MISC |
| microsoft -- multiple_products | An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1440. | 2019-11-12 | 2.1 | CVE-2019-1436 MISC |
| microsoft -- multiple_products | An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka 'OpenType Font Driver Information Disclosure Vulnerability'. | 2019-11-12 | 2.1 | CVE-2019-1412 MISC MISC |
| microsoft -- open_enclave_sdk | An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'. | 2019-11-12 | 2.1 | CVE-2019-1370 MISC |
microsoft -- windows_10_and_windows_server_2019_and_windows_server | An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1436. | 2019-11-12 | 2.1 | CVE-2019-1440 MISC |
| mysql-gui-tools -- mysql-gui-tools | mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes. | 2019-11-12 | 2.1 | CVE-2010-4177 MISC MISC MISC MISC MISC MISC |
| netgear -- wnr3500u_and_wnr3500l | Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L. | 2019-11-13 | 3.5 | CVE-2013-3517 MISC MISC |
| nvidia -- virtual_gpu_manager | NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin, in which an input index value is incorrectly validated, which may lead to denial of service. | 2019-11-09 | 2.1 | CVE-2019-5698 CONFIRM |
| nvidia -- virtual_gpu_manager | NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which the provision of an incorrectly sized buffer by a guest VM leads to GPU out-of-bound access, which may lead to a denial of service. | 2019-11-09 | 2.1 | CVE-2019-5696 CONFIRM |
| nvidia -- virtual_gpu_manager | NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which it may grant a guest access to memory that it does not own, which may lead to information disclosure or denial of service. | 2019-11-09 | 3.6 | CVE-2019-5697 CONFIRM |
| pacemaker -- pacemaker | Pacemaker before 1.1.6 configure script creates temporary files insecurely | 2019-11-12 | 3.3 | CVE-2011-5271 MISC MISC MISC MISC |
| patriot -- viper_rgb | The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection. | 2019-11-09 | 3.6 | CVE-2019-18845 MISC |
| red_hat -- 389_directory_server | A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes. | 2019-11-08 | 3.5 | CVE-2019-14824 CONFIRM |
| red_hat -- enterprise_virtualization_manager | In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform. | 2019-11-09 | 2.9 | CVE-2009-3552 MISC MISC BUGTRAQ |
| sap -- businessobjects_business_intelligence_platform | A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication related pages); corrected in version 4.2. Privileges are required in order to exploit this vulnerability. | 2019-11-13 | 3.5 | CVE-2019-0382 MISC MISC |
| sap -- enable_now | SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 2019-11-13 | 3.5 | CVE-2019-0385 MISC MISC |
| technicolor -- tc7300_router | An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this. | 2019-11-13 | 3.5 | CVE-2019-17524 MISC MISC |
| technicolor -- tc7300_router | An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp. | 2019-11-13 | 3.5 | CVE-2019-17523 MISC MISC |
| tibco -- ebx | The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, version 4.1.0. | 2019-11-12 | 3.5 | CVE-2019-17331 MISC MISC |
| untangle -- ng_firewall | When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS. | 2019-11-14 | 3.5 | CVE-2019-18649 MISC |
| untangle -- ng_firewall | When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields. | 2019-11-14 | 3.5 | CVE-2019-18648 MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 3xlogic-- infinias_access_control | A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application users) by sending a crafted HTML document to a user that the website trusts. The user needs to have an active privileged session. | 2019-11-14 | not yet calculated | CVE-2019-18651 MISC |
| actiontec -- mi424wr-gen3i_router | Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FIOS Actiontec MI424WR-GEN3I router. | 2019-11-13 | not yet calculated | CVE-2013-3097 MISC MISC MISC MISC |
| adobe -- animate_cc | Adobe Animate CC versions 19.2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | 2019-11-14 | not yet calculated | CVE-2019-7960 CONFIRM |
| adobe -- bridge_cc | Adobe Bridge CC versions 9.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to information disclosure. | 2019-11-14 | not yet calculated | CVE-2019-8239 CONFIRM |
| adobe -- bridge_cc | Adobe Bridge CC versions 9.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to information disclosure. | 2019-11-14 | not yet calculated | CVE-2019-8240 CONFIRM |
| adobe -- illustrator_cc | Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . | 2019-11-14 | not yet calculated | CVE-2019-8248 CONFIRM |
| adobe -- illustrator_cc | Adobe Illustrator CC versions 23.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | 2019-11-14 | not yet calculated | CVE-2019-7962 CONFIRM |
| adobe -- illustrator_cc | Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . | 2019-11-14 | not yet calculated | CVE-2019-8247 CONFIRM |
| adobe -- media_encoder | Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2019-11-14 | not yet calculated | CVE-2019-8242 CONFIRM MISC |
| adobe -- media_encoder | Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | 2019-11-14 | not yet calculated | CVE-2019-8246 CONFIRM |
| adobe -- media_encoder | Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2019-11-14 | not yet calculated | CVE-2019-8241 CONFIRM MISC |
| adobe -- media_encoder | Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2019-11-14 | not yet calculated | CVE-2019-8244 CONFIRM MISC |
| adobe -- media_encoder | Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 2019-11-14 | not yet calculated | CVE-2019-8243 CONFIRM MISC |
| advan -- i6a_android_device | The Advan i6A Android device with a build fingerprint of ADVAN/i6A/i6A:8.1.0/O11019/1523602705:userdebug/test-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15357 MISC |
| allview -- x5_android_device | The Allview X5 Android device with a build fingerprint of ALLVIEW/X5_Soul_Mini/X5_Soul_Mini:8.1.0/O11019/1522468763:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15383 MISC |
| archos -- core_101_android_device | The Archos Core 101 Android device with a build fingerprint of archos/MTKAC101CR3G_ARCHOS/ac101cr3g:7.0/NRD90M/20180611.034442:user/release-keys contains a pre-installed app with a package name of com.roco.autogen app (versionCode=1, versionName=1) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 2019-11-14 | not yet calculated | CVE-2019-15387 MISC |
| artifex -- ghostscript | A flaw was found in all versions of ghostscript 9.x before 9.28, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands. | 2019-11-15 | not yet calculated | CVE-2019-14869 MLIST CONFIRM CONFIRM CONFIRM FEDORA |
| asus -- asus_a002_2_android_device | The Asus ASUS_A002_2 Android device with a build fingerprint of asus/WW_ASUS_A002_2/ASUS_A002_2:7.0/NRD90M/14.1610.1802.18-20180321:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15402 MISC |
| asus -- asus_a002_android_device | The Asus ASUS_A002 Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15401 MISC |
| asus -- asus_x00K_1_android_device | The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15405 MISC |
| asus -- asus_x00k_1_android_device | The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. This capability can be accessed by any app co-located on the device. | 2019-11-14 | not yet calculated | CVE-2019-15418 MISC |
| asus -- asus_x00ld_3_android_device | The Asus ASUS_X00LD_3 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15406 MISC |
| asus -- asus_x015_1_android_device | The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15407 MISC |
| asus -- zenfone_3_laser_android_device | The Asus ZenFone 3 Laser Android device with a build fingerprint of asus/WW_msm8937/msm8937:7.1.1/NMF26F/WW_32.40.106.114_20180928:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15411 MISC |
| asus -- zenfone_3_ultra_android_device | The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15400 MISC |
| asus -- zenfone_3_ultra_android_device | The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15413 MISC |
| asus -- zenfone_3s_max_android_device | The Asus ZenFone 3s Max Android device with a build fingerprint of asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15403 MISC |
| asus -- zenfone_4_selfie_android_device | The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_71.50.395.57_20180913:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15412 MISC |
| asus -- zenfone_5_lite_android_device | The Asus ZenFone 5 Lite Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15408 MISC |
| asus -- zenfone_5q_android_device | The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15409 MISC |
| asus -- zenfone_ar_android_device | The Asus ZenFone AR Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15414 MISC |
| asus -- zenfone_max_4_android_device | The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1712.367-20171225:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15404 MISC |
| asus -- asus_x015_1_android_device | The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. This capability can be accessed by any app co-located on the device. | 2019-11-14 | not yet calculated | CVE-2019-15419 MISC |
| asus -- rt-ac66u_and_n56u_wireless_routers | Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service. | 2019-11-13 | not yet calculated | CVE-2013-4656 MISC MISC MISC |
| asus -- zenfone_3_android_device | The Asus ZenFone 3 Android device with a build fingerprint of asus/WW_Phone/ASUS_Z012D:7.0/NRD90M/14.2020.1708.56-20170719:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15396 MISC |
| asus -- zenfone_3s_max_android_device | The Asus ZenFone 3s Max Android device with a build fingerprint of asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15395 MISC |
| asus -- zenfone_4_selfie_android_device | The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_user_11.40.208.77_20170922:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15398 MISC |
| asus -- zenfone_4_selfie_android_device | The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_1:8.1.0/OPM1.171019.011/15.0400.1809.405-0:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15391 MISC |
| asus -- zenfone_4_selfie_android_device | The Asus ZenFone 4 Selfie Android device with a build fingerprint of Android/sdm660_64/sdm660_64:8.1.0/OPM1/14.2016.1802.247-20180419:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15392 MISC |
| asus -- zenfone_5_selfie_android_device | The Asus ZenFone 5 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | 2019-11-14 | not yet calculated | CVE-2019-15394 MISC |
| asus -- zenfone_5q_android_device | The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15399 MISC |
| asus -- zenfone_5q_android_device | The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15410 MISC |
| asus -- zenfone_live_android_device | The Asus ZenFone Live Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | 2019-11-14 | not yet calculated | CVE-2019-15393 MISC |
| asus -- zenfone_max_4_android_device | The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1803.373-20180308:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15397 MISC |
| ax25-tools -- ax25-tools | The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation. | 2019-11-15 | not yet calculated | CVE-2011-2910 MISC MISC MISC |
| blackview -- bv7000_pro_android_device | The Blackview BV7000_Pro Android device with a build fingerprint of Blackview/BV7000_Pro/BV7000_Pro:7.0/NRD90M/1493011204:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | 2019-11-14 | not yet calculated | CVE-2019-15421 MISC |
| blackview -- bv9000pro-f_android_device | The Blackview BV9000Pro-F Android device with a build fingerprint of Blackview/BV9000Pro-F/BV9000Pro-F:7.1.1/N4F26M/1514363110:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | 2019-11-14 | not yet calculated | CVE-2019-15420 MISC |
| blade -- shadow | The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream. | 2019-11-14 | not yet calculated | CVE-2019-16110 MISC |
| bluboo -- bluboo_s1_android_device | The Bluboo Bluboo_S1 Android device with a build fingerprint of BLUBOO/Bluboo_S1/Bluboo_S1:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | 2019-11-14 | not yet calculated | CVE-2019-15423 MISC |
| bluboo -- d3_pro_android_device | The Bluboo D3 Pro Android device with a build fingerprint of BLUBOO/Bluboo_D2_Pro/Bluboo_D2_Pro:7.0/NRD90M/1510370501:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0.0_VER_32516508295515) that allows other pre-installed apps to perform system properties modification via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15430 MISC |
| bq_mobile -- 5515l_android_device | The BQ 5515L Android device with a build fingerprint of BQru/BQru-5515L/BQru-5515L:8.1.0/O11019/20180409.195525:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15381 MISC |
| cactus-- go-camo | Insufficient content type validation of proxied resources in go-camo before 2.1.1 allows a remote attacker to serve arbitrary content from go-camo's origin. | 2019-11-13 | not yet calculated | CVE-2019-18923 MISC CONFIRM |
| cherry -- flare_s7_android_device | The Cherry Flare S7 Android device with a build fingerprint of Cherry_Mobile/Flare_S7_Deluxe/Flare_S7_Deluxe:8.1.0/O11019/1533920920:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15377 MISC |
| chrony -- chrony | Chrony before 1.29.1 has traffic amplification in cmdmon protocol | 2019-11-15 | not yet calculated | CVE-2014-0021 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| clamav -- clamav | ClamAV before 0.97.7 has WWPack corrupt heap memory | 2019-11-15 | not yet calculated | CVE-2013-7087 MISC MISC MISC MISC MISC |
| clamav -- clamav | ClamAV before 0.97.7 has buffer overflow in the libclamav component | 2019-11-15 | not yet calculated | CVE-2013-7088 MISC MISC MISC MISC MISC |
| clamav -- clamav | ClamAV before 0.97.7: dbg_printhex possible information leak | 2019-11-15 | not yet calculated | CVE-2013-7089 MISC MISC MISC MISC |
| consolekit -- consolekit | In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session. | 2019-11-13 | not yet calculated | CVE-2010-4664 MISC MISC MISC |
| coolpad -- 1851_android_device | The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. In addition to the local attack surface, its accompanying app with a package name of com.ekesoo.lovelyhifonts makes network requests using HTTP and an attacker can perform a Man-in-the-Middle (MITM) attack on the connection to inject a command in a network response that will be executed as the system user by the com.lovelyfont.defcontainer app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. | 2019-11-14 | not yet calculated | CVE-2019-15388 MISC |
| coolpad -- 1851_android_device | The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15368 MISC |
| coolpad -- 1851_android_device | The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15352 MISC |
| coolpad -- n3c_android_device | The Coolpad N3C Android device with a build fingerprint of Coolpad/N3C/N3C:8.1.0/O11019/1538236809:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15353 MISC |
| crun -- crun | An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chroot_realpath.c. | 2019-11-13 | not yet calculated | CVE-2019-18837 MISC CONFIRM MISC MISC |
| cryptocat_project -- cryptocat | An unspecified cross-site scripting (XSS) vulnerability exists in Cryptocat Message Handling 1.1.165. | 2019-11-14 | not yet calculated | CVE-2013-4109 MISC MISC MISC MISC |
| cryptocat_project -- cryptocat | A Cross-site scripting (XSS) vulnerability exists in Conversation Overview Nickname in Cryptocat before 2.0.22. | 2019-11-14 | not yet calculated | CVE-2013-4106 MISC MISC MISC MISC |
| cryptocat_project -- cryptocat | Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2.0.18 have unknown impact and attack vectors. | 2019-11-14 | not yet calculated | CVE-2013-4108 MISC MISC |
| cubot -- nova_android_device | The Cubot Nova Android device with a build fingerprint of CUBOT/CUBOT_NOVA/CUBOT_NOVA:8.1.0/O11019/1527060122:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15382 MISC |
| cyrus -- imap | Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection. | 2019-11-15 | not yet calculated | CVE-2019-18928 MISC MISC |
| data_plane_development_kit -- data_plane_development_kit | A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition. | 2019-11-14 | not yet calculated | CVE-2019-14818 MISC CONFIRM |
| dexp -- bl250_android_device | The Dexp BL250 Android device with a build fingerprint of DEXP/BL250/BL250:8.1.0/O11019/1530858027:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15364 MISC |
| dexp -- z250_android_device | The Dexp Z250 Android device with a build fingerprint of DEXP/Z250/Z250:8.1.0/O11019/1531130719:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15358 MISC |
| doogee -- bl5000_android_device | The Doogee BL5000 Android device with a build fingerprint of DOOGEE/BL5000/BL5000:7.0/NRD90M/1497072355:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | 2019-11-14 | not yet calculated | CVE-2019-15424 MISC |
| doogee -- mix_android_device | The Doogee Mix Android device with a build fingerprint of DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | 2019-11-14 | not yet calculated | CVE-2019-15422 MISC |
| drupal -- drupal | Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the breadcrumb separator field. | 2019-11-13 | not yet calculated | CVE-2013-4275 MISC MISC MISC MISC MISC MISC MISC MISC |
| drupal -- drupal | hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request. | 2019-11-13 | not yet calculated | CVE-2011-4972 MISC MISC MISC |
| drupal -- drupal | An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL. | 2019-11-15 | not yet calculated | CVE-2011-2726 MISC MISC MISC MISC MISC CONFIRM |
| eclipse -- jetty | Jetty 6.x before 6.1.22 suffers from an escape sequence injection vulnerability from two different vectors: 1) "Cookie Dump Servlet" and 2) Http Content-Length header. 1) A POST request to the form at "/test/cookie/" with the "Age" parameter set to a string throws a "java.lang.NumberFormatException" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The same attack in 1) can be exploited by requesting a page using an HTTP request "Content-Length" header set to a letteral string. | 2019-11-15 | not yet calculated | CVE-2009-5047 MISC MISC MLIST |
| edgewall_software -- trac | Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions. | 2019-11-13 | not yet calculated | CVE-2010-5108 MISC MISC MISC |
| elephone -- a4_android_device | The Elephone A4 Android device with a build fingerprint of Elephone/A4/A4:8.1.0/O11019/20180530.143559:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15384 MISC |
| eq-3 -- homematic_ccu2_and_ccu3_devices | eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi script, which executes TCL script content from an HTTP POST request. | 2019-11-14 | not yet calculated | CVE-2019-18937 MISC |
| eq-3 -- homematic_ccu2_and_ccu3_devices | eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution. | 2019-11-14 | not yet calculated | CVE-2019-18938 MISC |
| eq-3 -- homematic_ccu2_and_ccu3_devices | eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi and exec1.cgi scripts, which execute TCL script content from an HTTP POST request. | 2019-11-14 | not yet calculated | CVE-2019-18939 MISC |
| espressif -- esp32 | An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker (with physical access to the device) to read the contents of read-protected eFuses, such as flash encryption and secure boot keys, by injecting a glitch into the power supply of the chip shortly after reset. | 2019-11-14 | not yet calculated | CVE-2019-17391 CONFIRM |
| evercross -- u50a_android_device | The Evercoss U50A Android device with a build fingerprint of EVERCOSS/U50A./EVERCOSS:7.0/NRD90M/1499911028:eng/test-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0_VER_2017.04.21_17:55:55) that allows other pre-installed apps to perform system properties modification via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15431 MISC |
| evercross -- u6_android_device | The Evercoss U6 Android device with a build fingerprint of EVERCOSS/U6/U6:7.0/NRD90M/1504236704:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0.0_VER_32516486284094) that allows other pre-installed apps to perform system properties modification via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15432 MISC |
| exhibitor_web_ui -- exhibitor_web_ui | An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $() can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker can execute any command as the user running the Exhibitor process. | 2019-11-13 | not yet calculated | CVE-2019-5029 MISC |
| f5 -- big-ip | On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service. | 2019-11-15 | not yet calculated | CVE-2019-6660 MISC |
| f5 -- big-ip | On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enabled may experience a denial of service due to undisclosed incoming messages. | 2019-11-15 | not yet calculated | CVE-2019-6659 MISC |
| f5 -- big-ip | On BIG-IP 15.0.0 and 14.1.0-14.1.0.6, under certain conditions, network protections on the management port do not follow current best practices. | 2019-11-15 | not yet calculated | CVE-2019-6664 MISC |
| f5 -- big-ip | On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data. | 2019-11-15 | not yet calculated | CVE-2019-6662 MISC |
| f5 -- big-ip_apm | When the BIG-IP APM 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.4.1, or 11.5.1-11.6.5 system processes certain requests, the APD/APMD daemon may consume excessive resources. | 2019-11-15 | not yet calculated | CVE-2019-6661 MISC |
| f5 -- mutilple_products | The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning (DNS Rebinding) attack. | 2019-11-15 | not yet calculated | CVE-2019-6663 MISC |
| facebook -- whatsapp | A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100. | 2019-11-14 | not yet calculated | CVE-2019-11931 CONFIRM |
| fly -- photo_pro_android_device | The Fly Photo Pro Android device with a build fingerprint of Fly/PhotoPro/Photo_Pro:8.1.0/O11019/1528117003:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15380 MISC |
| fuji_electric -- v-server | In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code. | 2019-11-13 | not yet calculated | CVE-2019-18240 MISC |
| gksu-polkit -- gksu-polkit | In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session. | 2019-11-15 | not yet calculated | CVE-2011-0703 MISC MISC |
| gnu -- fribidi | A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat. | 2019-11-13 | not yet calculated | CVE-2019-18397 CONFIRM MISC MISC MISC |
| haier -- a6_android_device | The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15359 MISC |
| haier -- a6_android_device | The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. In addition to the local attack surface, its accompanying app with a package name of com.ekesoo.lovelyhifonts makes network requests using HTTP and an attacker can perform a Man-in-the-Middle (MITM) attack on the connection to inject a command in a network response that will be executed as the system user by the com.lovelyfont.defcontainer app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. | 2019-11-14 | not yet calculated | CVE-2019-15389 MISC |
| haier -- g8_android_device | The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys contains a pre-installed app with a package name of com.qiku.service.container app (versionCode=5, versionName=1.03.00_VER_32525983298984) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15390 MISC |
| haier -- g8_android_device | The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15375 MISC |
| haier -- g8_android_device | The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1526527761:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15370 MISC |
| haier -- p10_android_device | The Haier P10 Android device with a build fingerprint of Haier/P10/P10:8.1.0/O11019/1532662449:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15367 MISC |
| hisense -- f17_android_device | The Hisense F17 Android device with a build fingerprint of Hisense/F17_4G/HS6739MT:8.1.0/O11019/Hisense_F17_4G_00_S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15372 MISC |
| hisense -- u965_android_device | The Hisense U965 Android device with a build fingerprint of Hisense/U965_4G_10/HS6739MT:8.1.0/O11019/Hisense_U965_4G_10_S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15360 MISC |
| hitachi -- command_suite | A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption. | 2019-11-12 | not yet calculated | CVE-2019-17360 MISC CONFIRM |
| huawei -- p30_smartphones | P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this vulnerability. Successful exploit could cause the program to break down or allow for arbitrary code execution. | 2019-11-13 | not yet calculated | CVE-2019-5288 MISC |
| huawei -- p30_smartphones | P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this vulnerability. Successful exploit could cause the program to break down or allow for arbitrary code execution. | 2019-11-13 | not yet calculated | CVE-2019-5287 MISC |
| huawei-- harry-al00c_smartphones | Some Huawei smart phones with versions earlier than Harry-AL00C 9.1.0.206(C00E205R3P1) have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal. | 2019-11-12 | not yet calculated | CVE-2017-17224 CONFIRM MISC |
| huawei -- emily-l29c_smartphones | Huawei smart phones Emily-L29C with Versions earlier than 9.1.0.311(C10E2R1P13T8), Versions earlier than 9.1.0.311(C461E2R1P11T8), Versions earlier than 9.1.0.316(C635E2R1P11T8), Versions earlier than 9.1.0.311(C185E2R1P12T8), Versions earlier than 9.1.0.311(C605E2R1P12T8), Versions earlier than 9.1.0.311(C636E7R1P13T8) have an information leakage vulnerability. An attacker tricks the user into installing a malicious application, which can copy specific files to the sdcard, resulting in information leakage. | 2019-11-13 | not yet calculated | CVE-2019-5279 MISC |
| infinix -- note_5_android_device | The Infinix Note 5 Android device with a build fingerprint of Infinix/H633B/Infinix-X604_sprout:8.1.0/O11019/L-IN-180206V64:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15385 MISC |
| infinix -- note_5_android_device | The Infinix Note 5 Android device with a build fingerprint of Infinix/H633IJL/Infinix-X604_sprout:8.1.0/O11019/IJL-180531V181:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15366 MISC |
| infinix -- note_5_android_device | The Infinix Note 5 Android device with a build fingerprint of Infinix/H632C/Infinix-X605_sprout:8.1.0/O11019/CE-180914V59:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15361 MISC |
| intel -- multiple_processors | TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. | 2019-11-14 | not yet calculated | CVE-2019-11135 CONFIRM MISC |
| intel -- nuvoton_consumer_infrared_driver | Improper permissions in the installer for the Nuvoton* CIR Driver versions 1.02.1002 and before may allow an authenticated user to potentially enable escalation of privilege via local access. | 2019-11-14 | not yet calculated | CVE-2019-14602 MISC |
| intel -- baseboard_management_controller_firmware | Insufficient access control in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access. | 2019-11-14 | not yet calculated | CVE-2019-11174 MISC |
| intel -- baseboard_management_controller_firmware | Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure via network access. | 2019-11-14 | not yet calculated | CVE-2019-11179 MISC |
| intel -- baseboard_management_controller_firmware | Memory corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | 2019-11-14 | not yet calculated | CVE-2019-11182 MISC |
| intel -- baseboard_management_controller_firmware | Authentication bypass in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via local access. | 2019-11-14 | not yet calculated | CVE-2019-11170 MISC |
| intel -- baseboard_management_controller_firmware | Stack overflow in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure and/or denial of service via network access. | 2019-11-14 | not yet calculated | CVE-2019-11178 MISC |
| intel -- baseboard_management_controller_firmware | Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via local access. | 2019-11-14 | not yet calculated | CVE-2019-11173 MISC |
| intel -- baseboard_management_controller_firmware | Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access. | 2019-11-14 | not yet calculated | CVE-2019-11172 MISC |
| intel -- baseboard_management_controller_firmware | Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | 2019-11-14 | not yet calculated | CVE-2019-11180 MISC |
| intel -- baseboard_management_controller_firmware | Unhandled exception in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | 2019-11-14 | not yet calculated | CVE-2019-11177 MISC |
| intel -- baseboard_management_controller_firmware | Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. | 2019-11-14 | not yet calculated | CVE-2019-11168 CONFIRM MISC |
| intel -- baseboard_management_controller_firmware | Heap corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via network access. | 2019-11-14 | not yet calculated | CVE-2019-11171 MISC |
| intel -- baseboard_management_controller_firmware | Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 2019-11-14 | not yet calculated | CVE-2019-11181 MISC |
| intel -- baseboard_management_controller_firmware | Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | 2019-11-14 | not yet calculated | CVE-2019-11175 MISC |
| intel -- core_processors_and_xeon_processors | Insufficient memory protection in Intel(R) TXT for certain Intel(R) Core Processors and Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 2019-11-14 | not yet calculated | CVE-2019-0151 MISC |
| intel -- ethernet_700_series_controllers | Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0 may allow a privileged user to potentially enable escalation of privilege via local access. | 2019-11-14 | not yet calculated | CVE-2019-0142 MISC |
| intel -- ethernet_700_series_controllers | Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access. | 2019-11-14 | not yet calculated | CVE-2019-0146 MISC |
| intel -- ethernet_700_series_controllers | Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated user to potentially enable an escalation of privilege via an adjacent access. | 2019-11-14 | not yet calculated | CVE-2019-0140 MISC |
| intel -- ethernet_700_series_controllers | Insufficient access control in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow a privileged user to potentially enable an escalation of privilege, denial of service, or information disclosure via local access. | 2019-11-14 | not yet calculated | CVE-2019-0139 MISC |
| intel -- ethernet_700_series_controllers | Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. | 2019-11-14 | not yet calculated | CVE-2019-0145 MISC |
| intel -- ethernet_700_series_controllers | Unhandled exception in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an authenticated user to potentially enable a denial of service via local access. | 2019-11-14 | not yet calculated | CVE-2019-0144 MISC |
| intel -- ethernet_700_series_controllers | Unhandled exception in Kernel-mode drivers for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. | 2019-11-14 | not yet calculated | CVE-2019-0143 MISC |
| intel -- ethernet_700_series_controllers | Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. | 2019-11-14 | not yet calculated | CVE-2019-0148 MISC |
| intel -- ethernet_700_series_controllers | Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. | 2019-11-14 | not yet calculated | CVE-2019-0147 MISC |
| intel -- ethernet_700_series_controllers | Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access. | 2019-11-14 | not yet calculated | CVE-2019-0149 MISC |
| intel -- ethernet_700_series_controllers | Insufficient access control in firmware Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow a privileged user to potentially enable a denial of service via local access. | 2019-11-14 | not yet calculated | CVE-2019-0150 MISC |
| intel -- graphics_driver | Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074) may allow an authenticated user to potentially enable escalation of privilege via local access. | 2019-11-14 | not yet calculated | CVE-2019-11111 MISC |
| intel -- graphics_driver | Insufficient input validation in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6519 may allow an authenticated user to potentially enable denial of service via local access. | 2019-11-14 | not yet calculated | CVE-2019-11089 MISC |
| intel -- graphics_driver | Improper access control in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable information disclosure via local access. | 2019-11-14 | not yet calculated | CVE-2019-14590 MISC |
| intel -- graphics_driver | Out of bounds read in a subsystem for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access. | 2019-11-14 | not yet calculated | CVE-2019-14574 MISC |
| intel -- graphics_driver | Improper input validation in the API for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access. | 2019-11-14 | not yet calculated | CVE-2019-14591 MISC |
| intel -- graphics_driver | Buffer overflow in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6618 (DCH) or 21.20.x.5077 (aka15.45.5077) may allow a privileged user to potentially enable information disclosure via local access. | 2019-11-14 | not yet calculated | CVE-2019-11113 MISC |
| intel -- graphics_driver | Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 26.20.100.6812 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2019-11-14 | not yet calculated | CVE-2019-11112 MISC |
| intel -- multiple_core_and_xeon_processors | Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families; Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access. | 2019-11-14 | not yet calculated | CVE-2019-0117 MISC |
| intel -- multiple_core_and_xeon_processors | Insufficient access control in protected memory subsystem for SMM for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 families; Intel(R) Xeon(R) E-2100 and E-2200 Processor families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access. | 2019-11-14 | not yet calculated | CVE-2019-0185 MISC |
| intel -- multiple_core_and_xeon_processors | Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting TXT, may allow a privileged user to potentially enable escalation of privilege via local access. | 2019-11-14 | not yet calculated | CVE-2019-0124 MISC |
| intel -- multiple_core_and_xeon_processors | Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting SGX, may allow a privileged user to potentially enable escalation of privilege via local access. | 2019-11-14 | not yet calculated | CVE-2019-0123 MISC |
| intel -- multiple_core_and_xeon_processors | Insufficient access control in protected memory subsystem for Intel(R) TXT for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 Families; Intel(R) Xeon(R) E-2100 and E-2200 Processor Families with Intel(R) Processor Graphics and Intel(R) TXT may allow a privileged user to potentially enable information disclosure via local access. | 2019-11-14 | not yet calculated | CVE-2019-0184 MISC |
| intel -- multiple_processors | Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. | 2019-11-14 | not yet calculated | CVE-2018-12207 MISC |
| intel -- multiple_processors | Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2019-11-14 | not yet calculated | CVE-2019-0155 REDHAT REDHAT REDHAT MISC |
| intel -- multiple_processors | Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access. | 2019-11-14 | not yet calculated | CVE-2019-0154 MISC |
| intel -- multiple_xeon_processors | Insufficient access control in system firmware for Intel(R) Xeon(R) Scalable Processors, 2nd Generation Intel(R) Xeon(R) Scalable Processors and Intel(R) Xeon(R) Processors D Family may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | 2019-11-14 | not yet calculated | CVE-2019-11136 MISC |
| intel -- proset/wireless_wifi_software | Memory corruption issues in Intel(R) PROSet/Wireless WiFi Software extension DLL before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and a denial of service via local access. | 2019-11-14 | not yet calculated | CVE-2019-11153 MISC |
| intel -- proset/wireless_wifi_software | Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access. | 2019-11-14 | not yet calculated | CVE-2019-11155 MISC |
| intel -- proset/wireless_wifi_software | Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access. | 2019-11-14 | not yet calculated | CVE-2019-11154 MISC |
| intel -- proset/wireless_wifi_software | Logic errors in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, denial of service, and information disclosure via local access. | 2019-11-14 | not yet calculated | CVE-2019-11156 MISC |
| intel -- software_guard_extensions_sdk | Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access. | 2019-11-14 | not yet calculated | CVE-2019-14565 MISC |
| intel -- software_guard_extensions_sdk | Insufficient input validation in Intel(R) SGX SDK multiple Linux and Windows versions may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access. | 2019-11-14 | not yet calculated | CVE-2019-14566 MISC |
| intel -- wifi_drivers | Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via local access. | 2019-11-14 | not yet calculated | CVE-2019-11151 MISC |
| intel -- wifi_drivers | Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via adjacent access. | 2019-11-14 | not yet calculated | CVE-2019-11152 MISC |
| intel -- xeon_processors | Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 2019-11-14 | not yet calculated | CVE-2019-0152 MISC |
| intel -- xeon_processors_and_atom_processors | Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | 2019-11-14 | not yet calculated | CVE-2019-11137 MISC |
| intel -- xeon_scalable_processors | Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. | 2019-11-14 | not yet calculated | CVE-2019-11139 MISC |
| joomla! -- joomla! | views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter. | 2019-11-13 | not yet calculated | CVE-2014-1214 MISC MISC |
| kata -- m4s_android_device | The Kata M4s Android device with a build fingerprint of alps/full_hct6750_66_n/hct6750_66_n:7.0/NRD90M/1495624556:user/test-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | 2019-11-14 | not yet calculated | CVE-2019-15425 MISC |
| klibc -- klibc | In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options. | 2019-11-14 | not yet calculated | CVE-2011-1930 MISC MISC MISC MISC MISC |
| lava -- flair_z1_android_device | The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15356 MISC |
| lava -- flair_z1_android_device | The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 2019-11-14 | not yet calculated | CVE-2019-15333 MISC |
| lava -- iris_88_go_android_device | The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15362 MISC |
| lava -- iris_88_go_android_device | The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 2019-11-14 | not yet calculated | CVE-2019-15334 MISC |
| lava -- iris_88_lite_android_device | The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15374 MISC |
| lava -- iris_88_lite_android_device | The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 2019-11-14 | not yet calculated | CVE-2019-15338 MISC |
| lava -- z60s_android_device | The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15386 MISC |
| lava -- z60s_android_device | The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 2019-11-14 | not yet calculated | CVE-2019-15339 MISC |
| lava -- z61_android_device | The Lava Z61 Android device with a build fingerprint of LAVA/Z61_2GB/Z61_2GB:8.1.0/O11019/1533889281:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 2019-11-14 | not yet calculated | CVE-2019-15332 MISC |
| lava -- z61_turbo_android_device | The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15369 MISC |
| lava -- z61_turbo_android_device | The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 2019-11-14 | not yet calculated | CVE-2019-15336 MISC |
| lava -- z81_android_device | The Lava Z81 Android device with a build fingerprint of LAVA/Z81/Z81:8.1.0/O11019/1532317309:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 2019-11-14 | not yet calculated | CVE-2019-15337 MISC |
| lava -- z92_android_device | The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 2019-11-14 | not yet calculated | CVE-2019-15335 MISC |
| lava -- z92_android_device | The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15365 MISC |
| leagoo -- power_5_android_device | The Leagoo Power 5 Android device with a build fingerprint of LEAGOO/Power_5/Power_5:8.1.0/O11019/1532686195:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15363 MISC |
| lenovo -- thinkpad_t460p | The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access. | 2019-11-12 | not yet calculated | CVE-2019-6188 MISC |
| limnoria -- limnoria | Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands. | 2019-11-16 | not yet calculated | CVE-2019-19010 MISC MISC |
| linux -- linux_kernel | fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15. | 2019-11-14 | not yet calculated | CVE-2019-18885 MISC MISC MISC |
| marvell -- 88w8688_wi-fi_firmware | An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution. | 2019-11-15 | not yet calculated | CVE-2019-13582 CONFIRM |
| marvell -- 88w8688_wi-fi_firmware | An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary code via malformed Wi-Fi packets. | 2019-11-15 | not yet calculated | CVE-2019-13581 CONFIRM |
| mcafee -- data_loss_prevention | Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity. | 2019-11-14 | not yet calculated | CVE-2019-3640 CONFIRM |
| mcafee -- total_protection | A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission. | 2019-11-13 | not yet calculated | CVE-2019-3648 CONFIRM |
| mediawiki -- mediawiki | An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, thus potentially disclosing private or sensitive information within the filter's definition. | 2019-11-15 | not yet calculated | CVE-2019-18987 MISC MISC MISC |
| microsoft -- visual_studio_2017_and_2019 | An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'. | 2019-11-12 | not yet calculated | CVE-2019-1425 MISC |
| mitsubishi_electric -- multiple_products | In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior, a remote attacker can cause the FTP service to enter a denial-of-service condition dependent on the timing at which a remote attacker connects to the FTP server on the above CPU modules. | 2019-11-13 | not yet calculated | CVE-2019-13555 MISC |
| moodle -- moodle | Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs. | 2019-11-14 | not yet calculated | CVE-2012-1169 MISC MISC MISC MISC MISC MISC MISC CONFIRM MISC |
| moodle -- moodle | Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. | 2019-11-14 | not yet calculated | CVE-2012-1168 MISC MISC MISC MISC MISC MISC MISC CONFIRM MISC |
| moodle -- moodle | Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export | 2019-11-14 | not yet calculated | CVE-2012-1158 MISC MISC MISC MISC MISC MISC MISC CONFIRM MISC |
| moodle -- moodle | Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default | 2019-11-14 | not yet calculated | CVE-2012-1157 MISC MISC MISC MISC MISC MISC MISC CONFIRM MISC |
| moodle -- moodle | Moodle before 2.2.2 has users' private files included in course backups | 2019-11-14 | not yet calculated | CVE-2012-1156 MISC MISC MISC MISC MISC MISC MISC CONFIRM MISC |
| moodle -- moodle | Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to | 2019-11-14 | not yet calculated | CVE-2012-1155 MISC MISC MISC MISC MISC MISC MISC CONFIRM MISC |
| moodle -- moodle | Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php | 2019-11-14 | not yet calculated | CVE-2012-1160 MISC MISC MISC MISC MISC MISC MISC CONFIRM MISC |
| netease -- pomelo | Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious attacker can manipulate internal attributes by adding additional attributes to user input. | 2019-11-14 | not yet calculated | CVE-2019-18954 MISC MISC |
| netgear -- wndr4700_centria_firmware | A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34. | 2019-11-14 | not yet calculated | CVE-2013-3073 CONFIRM MISC MISC MISC MISC MISC |
| netgear -- wndr4700_centria_firmware | An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal. | 2019-11-14 | not yet calculated | CVE-2013-3072 CONFIRM MISC MISC MISC |
| netgear -- wndr4700_firmware | An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN. | 2019-11-14 | not yet calculated | CVE-2013-3070 CONFIRM MISC MISC MISC MISC |
| netgear -- wnr3500u_and_wnr3500l_routers | NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens. | 2019-11-13 | not yet calculated | CVE-2013-3516 MISC MISC MISC |
| netgear -- wnr3500u_and_wnr3500l_wireless_routers | Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service. | 2019-11-13 | not yet calculated | CVE-2013-4657 MISC |
| nss -- nss | Null pointer dereference vulnerability exists in K11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime in NSS before 3.26, which causes the TLS/SSL server using NSS to crash. | 2019-11-15 | not yet calculated | CVE-2016-5285 MISC MISC MISC MISC MISC MISC MISC |
| panasonic -- eluga_i9_android_device | The Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys contains a pre-installed app with a package name of com.ovvi.modem app (versionCode=1, versionName=1) that allows unauthorized attacker-controlled at command via a confused deputy attack. This capability can be accessed by any app co-located on the device. | 2019-11-14 | not yet calculated | CVE-2019-15429 MISC |
| panasonic -- eluga_ray_530_android_device | The Panasonic Eluga Ray 530 Android device with a build fingerprint of Panasonic/ELUGA_Ray_530/ELUGA_Ray_530:8.1.0/O11019/1531828974:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15376 MISC |
| panasonic -- eluga_ray_600_android_device | The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15378 MISC |
| perdition -- perdition | Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections | 2019-11-15 | not yet calculated | CVE-2013-4584 MISC MISC MISC MISC MISC |
| php -- php | PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output. | 2019-11-13 | not yet calculated | CVE-2010-4657 MISC MISC MISC MISC |
| pimcore -- pimcore | Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification. | 2019-11-15 | not yet calculated | CVE-2019-18981 MISC MISC |
| pimcore -- pimcore | bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header. | 2019-11-15 | not yet calculated | CVE-2019-18982 MISC MISC |
| pimcore -- pimcore | Pimcore before 6.2.2 lacks brute force protection for the 2FA token. | 2019-11-15 | not yet calculated | CVE-2019-18985 MISC MISC |
| pimcore -- pimcore | Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users. | 2019-11-15 | not yet calculated | CVE-2019-18986 MISC MISC |
| pithos -- pithos | pithos before 0.3.5 allows overwrite of arbitrary files via symlinks. | 2019-11-13 | not yet calculated | CVE-2010-4817 MISC MISC MISC MISC MISC |
| poppler -- poppler | An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts. | 2019-11-13 | not yet calculated | CVE-2010-4653 MISC MISC MISC MISC MISC |
| poppler -- poppler | poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. | 2019-11-13 | not yet calculated | CVE-2010-4654 MISC MISC MISC MISC |
| project_acrn -- acrn_hypervisor | The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. | 2019-11-13 | not yet calculated | CVE-2019-18844 MISC MISC MISC MISC MISC |
| qtnx -- qtnx | qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions. | 2019-11-15 | not yet calculated | CVE-2011-2916 MISC MISC MISC |
| rack_cors_gem_for_ruby_on_rails -- rack_cors_gem_for_ruby_on_rails | An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. | 2019-11-14 | not yet calculated | CVE-2019-18978 MISC MISC |
| red_hat -- openshift | OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution | 2019-11-15 | not yet calculated | CVE-2014-0023 MISC MISC |
| rise -- ultimate_project_manager | index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users. | 2019-11-13 | not yet calculated | CVE-2019-18884 MISC MISC |
| rsyslog -- rsyslog | A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent within short periods of time. | 2019-11-14 | not yet calculated | CVE-2011-1488 MISC MISC MISC MISC |
| rsyslog -- rsyslog | A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset. | 2019-11-14 | not yet calculated | CVE-2011-1489 MISC MISC MISC MISC |
| rsyslog -- rsyslog | A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset | 2019-11-14 | not yet calculated | CVE-2011-1490 MISC MISC MISC MISC |
| samsung -- a3_android_device | The Samsung A3 Android device with a build fingerprint of samsung/a3y17ltedx/a3y17lte:8.0.0/R16NW/A320YDXU4CSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15433 MISC |
| samsung -- a5_android_device | The Samsung A5 Android device with a build fingerprint of samsung/a5y17ltexx/a5y17lte:8.0.0/R16NW/A520FXXS8CSC5:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15434 MISC |
| samsung -- a7_android_device | The Samsung A7 Android device with a build fingerprint of samsung/a7y17ltexx/a7y17lte:8.0.0/R16NW/A720FXXU7CSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15435 MISC |
| samsung -- a8+_android_device | The Samsung A8+ Android device with a build fingerprint of samsung/jackpot2ltexx/jackpot2lte:8.0.0/R16NW/A730FXXS4BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15436 MISC |
| samsung -- j3_android_device | The Samsung J3 Android device with a build fingerprint of samsung/j3y17ltedx/j3y17lte:8.0.0/R16NW/J330GDXS3BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15452 MISC |
| samsung -- j3_android_device | The Samsung J3 Android device with a build fingerprint of samsung/j3y17ltedx/j3y17lte:8.0.0/R16NW/J330GDXS3BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15451 MISC |
| samsung -- j3popeltecan_android_device | The Samsung j3popeltecan Android device with a build fingerprint of samsung/j3popeltevl/j3popeltecan:8.1.0/M1AJQ/J327WVLS3BSA2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15450 MISC |
| samsung -- j4_android_device | The Samsung J4 Android device with a build fingerprint of samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBS2ASC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15453 MISC |
| samsung -- j4_android_device | The Samsung J4 Android device with a build fingerprint of samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBU2ARL4:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15454 MISC |
| samsung -- j5_android_device | The Samsung J5 Android device with a build fingerprint of samsung/j5y17ltexx/j5y17lte:8.1.0/M1AJQ/J530FXXU3BRL1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15455 MISC |
| samsung -- j5_android_device | The Samsung J5 Android device with a build fingerprint of samsung/on5xeltedx/on5xelte:8.0.0/R16NW/G570YDXU2CRL1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15440 MISC |
| samsung -- j6_android_device | The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15456 MISC |
| samsung -- j6_android_device | The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15457 MISC |
| samsung -- j7_android_device | The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15445 MISC |
| samsung -- j7_android_device | The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXU3ESAC:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15446 MISC |
| samsung -- j7_android_device | The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15444 MISC |
| samsung -- j7_duo_android_device | The Samsung J7 Duo Android device with a build fingerprint of samsung/j7duolteub/j7duolte:8.0.0/R16NW/J720MUBS3ASB2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15462 MISC |
| samsung -- j7_edge_android_device | The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15448 MISC |
| samsung -- j7_edge_android_device | The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15447 MISC |
| samsung -- j7_max_android_device | The Samsung J7 Max Android device with a build fingerprint of samsung/j7maxlteins/j7maxlte:8.1.0/M1AJQ/G615FXXU2BSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15443 MISC |
| samsung -- j7_neo_android_device | The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15459 MISC |
| samsung -- j7_neo_android_device | The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXVS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15460 MISC |
| samsung -- j7_neo_android_device | The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXXS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15458 MISC |
| samsung -- j7_neo_android_device | The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB4:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15461 MISC |
| samsung -- j7_on7xeltelgt_android_device | The Samsung on7xeltelgt Android device with a build fingerprint of samsung/on7xeltelgt/on7xeltelgt:8.1.0/M1AJQ/G610LKLU2CSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15441 MISC |
| samsung -- j7_on7xelteskt_android_device | The Samsung on7xelteskt Android device with a build fingerprint of samsung/on7xelteskt/on7xelteskt:8.1.0/M1AJQ/G610SKSU2CSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15442 MISC |
| samsung -- j7_pro_android_device | The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteub/j7y17lte:8.1.0/M1AJQ/J730GUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15464 MISC |
| samsung -- j7_pro_android_device | The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteubm/j7y17lte:8.1.0/M1AJQ/J730GMUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15465 MISC |
| samsung -- j7popeltemtr_android_device | The Samsung j7popeltemtr Android device with a build fingerprint of samsung/j7popeltemtr/j7popeltemtr:8.1.0/M1AJQ/J727T1UVS5BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15463 MISC |
| samsung -- s7_edge_android_device | The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15449 MISC |
| samsung -- xcover4_android_device | The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15438 MISC |
| samsung -- xcover4_android_device | The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15439 MISC |
| samsung -- xcover4_android_device | The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltexx/xcover4lte:8.1.0/M1AJQ/G390FXXU3BSA2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15437 MISC |
| sap -- erp_sales_and_s4hana_sales | Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges. | 2019-11-13 | not yet calculated | CVE-2019-0386 MISC MISC |
| sap -- ui5_and_ui_700 | SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation. | 2019-11-13 | not yet calculated | CVE-2019-0388 MISC MISC |
| sas -- xml_mapper | SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used. | 2019-11-14 | not yet calculated | CVE-2019-14678 MISC MISC |
| scanguard -- scanguard | Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file. | 2019-11-14 | not yet calculated | CVE-2019-18895 MISC FULLDISC MISC MISC |
| signify -- philips_taolight_smart_wi-fi_wiz_connected_led_bulb | On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The only requirement is that the attacker have network access to the bulb. | 2019-11-14 | not yet calculated | CVE-2019-18980 MISC |
simpleledger -- slp-validate | A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slp-validate@1.0.0 npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0.0 have been patched. | 2019-11-15 | not yet calculated | CVE-2019-16761 MISC CONFIRM |
| simpleledger -- slp-validate | A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any version >= 0.21.4. | 2019-11-15 | not yet calculated | CVE-2019-16762 MISC CONFIRM |
| snowhaze -- snowhaze | SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration. | 2019-11-14 | not yet calculated | CVE-2019-18949 MISC |
| soft112 -- file_sharing_wizard | File Sharing Wizard version 1.5.0 build 2008 is affected by a Structured Exception Handler based buffer overflow vulnerability. An unauthenticated attacker is able to perform remote command execution and obtain a command shell by sending a HTTP GET request including the malicious payload in the URL. A similar issue to CVE-2019-17415, CVE-2019-16724, and CVE-2010-2331. | 2019-11-12 | not yet calculated | CVE-2019-18655 MISC |
| sony -- keyaki_kddi_android_device | The Sony keyaki_kddi Android device with a build fingerprint of Sony/keyaki_kddi/keyaki_kddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys contains a pre-installed app with a package name of com.kddi.android.packageinstaller app (versionCode=70008, versionName=08.10.03) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | 2019-11-14 | not yet calculated | CVE-2019-15416 MISC |
| sony -- xperia_touch_android_device | The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app (versionCode=24, versionName=7.0) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record audio to external storage. | 2019-11-14 | not yet calculated | CVE-2019-15743 MISC |
| sony -- xperia_xzs_android_device | The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyaki_softbank/keyaki_softbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a package name of jp.softbank.mb.tdrl app (versionCode=1413005, versionName=1.3.0) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | 2019-11-14 | not yet calculated | CVE-2019-15744 MISC |
| stmicroelectronics -- st33phf2espi_tpm_devices | STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL. | 2019-11-14 | not yet calculated | CVE-2019-16863 MISC CONFIRM |
| symantec -- endpoint_protection | Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 2019-11-15 | not yet calculated | CVE-2019-18372 MISC |
| symantec -- endpoint_protection | Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights. | 2019-11-15 | not yet calculated | CVE-2019-12756 MISC |
| symantec -- endpoint_protection | Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature. | 2019-11-15 | not yet calculated | CVE-2019-12758 MISC |
| symantec -- endpoint_protection_and_endpoint_protection_small_business_edition | Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 2019-11-15 | not yet calculated | CVE-2019-12757 MISC |
| symantec -- endpoint_protection_manager | Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 2019-11-15 | not yet calculated | CVE-2018-18368 MISC |
symantec -- endpoint_protection_manager_and_mail_security_for_ms_exchange | Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 2019-11-15 | not yet calculated | CVE-2019-12759 MISC |
| symphony -- g100_android_device | The Symphony G100 Android device with a build fingerprint of Symphony/G100/G100:8.1.0/O11019/1530618779:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15371 MISC |
| symphony -- i95_lite_android_device | The Symphony i95 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15373 MISC |
| tecno -- camon_android_device | The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user's Wi-Fi passwords, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. | 2019-11-14 | not yet calculated | CVE-2019-15350 MISC |
| tecno -- camon_android_device | The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. | 2019-11-14 | not yet calculated | CVE-2019-15348 MISC |
| tecno -- camon_android_device | The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. | 2019-11-14 | not yet calculated | CVE-2019-15351 MISC |
| tecno -- camon_android_device | The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user's Wi-Fi passwords, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. | 2019-11-14 | not yet calculated | CVE-2019-15349 MISC |
| tecno -- camon_iair_2_plus_android_device | The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. | 2019-11-14 | not yet calculated | CVE-2019-15342 MISC |
| tecno -- camon_iair_2_plus_android_device | The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user's Wi-Fi passwords, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. | 2019-11-14 | not yet calculated | CVE-2019-15341 MISC |
| tecno -- camon_iclick_2_android_device | The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user's Wi-Fi passwords, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. | 2019-11-14 | not yet calculated | CVE-2019-15346 MISC |
| tecno -- camon_iclick_2_android_device | The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. | 2019-11-14 | not yet calculated | CVE-2019-15347 MISC |
| tecno -- camon_iclick_android_device | The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user's Wi-Fi passwords, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. | 2019-11-14 | not yet calculated | CVE-2019-15345 MISC |
| tecno -- camon_iclick_android_device | The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15355 MISC |
| tecno -- camon_iclick_android_device | The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. | 2019-11-14 | not yet calculated | CVE-2019-15343 MISC |
| tecno -- camon_iclick_android_device | The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. In addition to the local attack surface, its accompanying app with a package name of com.ekesoo.lovelyhifonts makes network requests using HTTP and an attacker can perform a Man-in-the-Middle (MITM) attack on the connection to inject a command in a network response that will be executed as the system user by the com.lovelyfont.defcontainer app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. | 2019-11-14 | not yet calculated | CVE-2019-15344 MISC |
| tecno -- spark_pro_android_device | The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=7, versionName=7.0.5) that allows unauthorized dynamic code loading via a confused deputy attack. This capability can be accessed by any app co-located on the device. | 2019-11-14 | not yet calculated | CVE-2019-15417 MISC |
| tematres -- tematres | TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI. | 2019-11-15 | not yet calculated | CVE-2019-14343 MISC MISC MISC MISC |
| tematres -- tematres | TemaTres 3.0 allows remote unprivileged users to create an administrator account | 2019-11-15 | not yet calculated | CVE-2019-14345 MISC MISC MISC MISC |
| tesseract -- tesseract | In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file. | 2019-11-14 | not yet calculated | CVE-2011-1136 MISC MISC MISC |
| texas_instruments -- cc256x_and_wl18xx_dual_mode_bluetooth_controller_devices | Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices, when LE scan mode is used, allow remote attackers to trigger a buffer overflow via a malformed Bluetooth Low Energy advertising packet, to cause a denial of service or potentially execute arbitrary code. This affects CC256xC-BT-SP 1.2, CC256xB-BT-SP 1.8, and WL18xx-BT-SP 4.4. | 2019-11-13 | not yet calculated | CVE-2019-15948 MISC MISC |
| thunar -- thunar | Thunar 1.2 through 1.2.1 could crash when copy and pasting a file name with % format characters due to a format string error. | 2019-11-14 | not yet calculated | CVE-2011-1588 MISC MISC MISC MISC |
| tp-link -- tl-wdr4300_and_tl-1043nd_wireless_routers | Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND.. | 2019-11-13 | not yet calculated | CVE-2013-4654 MISC MISC MISC |
| trendnet -- tew-691gr_and_tew-692gr_wireless_routers | Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G?DFdg_24Mhw3. | 2019-11-13 | not yet calculated | CVE-2013-3367 MISC MISC MISC |
| trendnet -- tew-812dru_wireless_router | Undocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an HTML parameter of password and a value of j78G?DFdg_24Mhw3. | 2019-11-13 | not yet calculated | CVE-2013-3366 MISC MISC MISC |
| udisks -- udisks | udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. | 2019-11-13 | not yet calculated | CVE-2010-4661 MISC MISC MISC MISC |
| ulefone -- armor_5_android_device | The Ulefone Armor 5 Android device with a build fingerprint of Ulefone/Ulefone_Armor_5/Ulefone_Armor_5:8.1.0/O11019/1528806701:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15354 MISC |
| unixodbc -- unixodbc | The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. | 2019-11-14 | not yet calculated | CVE-2011-1145 MISC MISC MISC MISC |
| v86d -- v86d | v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences. | 2019-11-14 | not yet calculated | CVE-2011-1070 MISC MISC MISC |
| walton -- primo_g3_android_device | The Walton Primo G3 Android device with a build fingerprint of WALTON/Primo_GM3/Primo_GM3:8.1.0/O11019/1522737198:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2019-11-14 | not yet calculated | CVE-2019-15379 MISC |
| wordpress -- wordpress | The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. | 2019-11-13 | not yet calculated | CVE-2019-17550 MISC MISC MISC MISC |
| wordpress -- wordpress | The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and inc/cleantalk-comments.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. | 2019-11-13 | not yet calculated | CVE-2019-17515 MISC MISC MISC |
| xiaomi -- redmi_5_android_device | The Xiaomi Redmi 5 Android device with a build fingerprint of xiaomi/vince/vince:7.1.2/N2G47H/V9.5.4.0.NEGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1711_201803291645) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | 2019-11-14 | not yet calculated | CVE-2019-15415 MISC |
| xiaomi -- 5s_plus_android_device | The Xiaomi 5S Plus Android device with a build fingerprint of Xiaomi/natrium/natrium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | 2019-11-14 | not yet calculated | CVE-2019-15426 MISC |
| xiaomi -- cepheus_android_device | The Xiaomi Cepheus Android device with a build fingerprint of Xiaomi/cepheus/cepheus:9/PKQ1.181121.001/V10.2.6.0.PFAMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage. | 2019-11-14 | not yet calculated | CVE-2019-15474 MISC |
| xiaomi -- mi_a2_lite_android_device | The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/jasmine/jasmine_sprout:9/PKQ1.180904.001/V10.0.2.0.PDIMIFJ:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage. | 2019-11-14 | not yet calculated | CVE-2019-15473 MISC |
| xiaomi -- mi_a2_lite_android_device | The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812071953) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | 2019-11-14 | not yet calculated | CVE-2019-15468 MISC |
| xiaomi -- mi_a2_lite_android_device | The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage. | 2019-11-14 | not yet calculated | CVE-2019-15472 MISC |
| xiaomi -- mi_a3_android_device | The Xiaomi Mi A3 Android device with a build fingerprint of xiaomi/onc_eea/onc:9/PKQ1.181021.001/V10.2.8.0.PFLEUXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage. | 2019-11-14 | not yet calculated | CVE-2019-15475 MISC |
| xiaomi -- mi_mix_2s_android_device | The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=A2060_201801032053) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | 2019-11-14 | not yet calculated | CVE-2019-15467 MISC |
| xiaomi -- mi_mix_2s_android_device | The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that export their capabilities to other pre-installed app. This app allows a third-party app to use its open interface to record telephone calls to external storage. | 2019-11-14 | not yet calculated | CVE-2019-15471 MISC |
| xiaomi -- mi_mix_android_device | The Xiaomi Mi Mix Android device with a build fingerprint of Xiaomi/lithium/lithium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | 2019-11-14 | not yet calculated | CVE-2019-15427 MISC |
| xiaomi -- mi_note_2_android_device | The Xiaomi Mi Note 2 Android device with a build fingerprint of Xiaomi/scorpio/scorpio:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | 2019-11-14 | not yet calculated | CVE-2019-15428 MISC |
| xiaomi -- mi_pad_4_android_device | The Xiaomi Mi Pad 4 Android device with a build fingerprint of Xiaomi/clover/clover:8.1.0/OPM1.171019.019/V9.6.26.0.ODJCNFD:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that export their capabilities to other pre-installed app. This app allows a third-party app to use its open interface to record telephone calls to external storage. | 2019-11-14 | not yet calculated | CVE-2019-15469 MISC |
| xiaomi -- redmi_6_pro_android_device | The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812191721) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | 2019-11-14 | not yet calculated | CVE-2019-15466 MISC |
| xiaomi -- redmi_6_pro_android_device | The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V9.6.4.0.ODMMIFD:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201805292006) that allows any app co-located on the device to programmatically disable and enable Wi-Fi, Bluetooth, and GPS without the corresponding access permission through an exported interface. | 2019-11-14 | not yet calculated | CVE-2019-15340 MISC |
| xiaomi -- redmi_note_6_pro_android_device | The Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that export their capabilities to other pre-installed app. This app allows a third-party app to use its open interface to record telephone calls to external storage. | 2019-11-14 | not yet calculated | CVE-2019-15470 MISC |
| zte -- zxhn_h108n | The version V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations. | 2019-11-13 | not yet calculated | CVE-2019-3420 MISC |
| zyxel -- gs1900_devices | An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.) | 2019-11-14 | not yet calculated | CVE-2019-15800 MISC CONFIRM |
| zyxel -- gs1900_devices | An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware. | 2019-11-14 | not yet calculated | CVE-2019-15802 MISC CONFIRM |
| zyxel -- gs1900_devices | An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips. | 2019-11-14 | not yet calculated | CVE-2019-15803 MISC CONFIRM |
| zyxel -- gs1900_devices | An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console. | 2019-11-14 | not yet calculated | CVE-2019-15804 MISC CONFIRM |
| zyxel -- gs1900_devices | An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0. | 2019-11-14 | not yet calculated | CVE-2019-15801 MISC CONFIRM |
| zyxel -- gs1900_devices | An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained. | 2019-11-14 | not yet calculated | CVE-2019-15799 MISC MISC CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.