Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-12730 1 Ffmpeg 1 Ffmpeg 2020-08-24 7.5 HIGH 9.8 CRITICAL
aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.
CVE-2019-12751 1 Symantec 1 Message Gateway 2020-08-24 7.5 HIGH 9.8 CRITICAL
Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
CVE-2019-12780 1 Belkin 2 Crock-pot Smart Slow Cooker With Wemo, Crock-pot Smart Slow Cooker With Wemo Firmware 2020-08-24 7.5 HIGH 9.8 CRITICAL
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication.
CVE-2019-12866 1 Jetbrains 1 Youtrack 2020-08-24 7.5 HIGH 9.8 CRITICAL
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
CVE-2019-12867 1 Jetbrains 1 Youtrack 2020-08-24 7.5 HIGH 9.8 CRITICAL
Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
CVE-2019-12924 1 Mailenable 1 Mailenable 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host system. Because all credentials were stored in a cleartext file, it was possible to steal all users' credentials (including the highest privileged users).
CVE-2019-12928 1 Qemu 1 Qemu 2020-08-24 10.0 HIGH 9.8 CRITICAL
** DISPUTED ** The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue.
CVE-2019-12929 1 Qemu 1 Qemu 2020-08-24 10.0 HIGH 9.8 CRITICAL
** DISPUTED ** The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue.
CVE-2019-12951 1 Cesanta 1 Mongoose 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mongoose before 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow.
CVE-2019-12985 1 Citrix 2 Netscaler Sd-wan, Sd-wan 2020-08-24 10.0 HIGH 9.8 CRITICAL
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).
CVE-2019-12986 1 Citrix 2 Netscaler Sd-wan, Sd-wan 2020-08-24 10.0 HIGH 9.8 CRITICAL
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).
CVE-2019-12987 1 Citrix 2 Netscaler Sd-wan, Sd-wan 2020-08-24 10.0 HIGH 9.8 CRITICAL
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).
CVE-2019-12988 1 Citrix 2 Netscaler Sd-wan, Sd-wan 2020-08-24 10.0 HIGH 9.8 CRITICAL
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6).
CVE-2019-13207 1 Nlnetlabs 1 Name Server Daemon 2020-08-24 7.5 HIGH 9.8 CRITICAL
nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() function in dname.c.
CVE-2019-13276 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2020-08-24 7.5 HIGH 9.8 CRITICAL
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or js file. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled.
CVE-2019-13294 1 Arox 1 School-erp 2020-08-24 10.0 HIGH 9.8 CRITICAL
AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.
CVE-2019-13360 1 Centos-webpanel 1 Centos Web Panel 2020-08-24 7.5 HIGH 9.8 CRITICAL
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.
CVE-2019-13474 1 Telestar 22 Bobs Rock Radio, Bobs Rock Radio Firmware, Dabman D10 and 19 more 2020-08-24 7.5 HIGH 9.8 CRITICAL
TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have insufficient access control for the /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands.
CVE-2019-13478 1 Yoast 1 Yoast Seo 2020-08-24 7.5 HIGH 9.8 CRITICAL
The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions.
CVE-2019-13577 1 Computerlab 1 Maple Computer Wbt Snmp Administrator 2020-08-24 7.5 HIGH 9.8 CRITICAL
SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthenticated Remote Buffer Overflow via a long string to the CE Remote feature listening on Port 987.
CVE-2019-13585 1 Fanucamerica 1 Robotics Virtual Robot Controller 2020-08-24 7.5 HIGH 9.8 CRITICAL
The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via a forged HTTP request.
CVE-2019-13589 1 Anjlab 1 Paranoid2 2020-08-24 7.5 HIGH 9.8 CRITICAL
The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.1.5.
CVE-2019-13597 1 Sahipro 1 Sahi Pro 2020-08-24 7.5 HIGH 9.8 CRITICAL
_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the _execute() function.
CVE-2019-13640 1 Qbittorrent 1 Qbittorrent 2020-08-24 7.5 HIGH 9.8 CRITICAL
In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed.
CVE-2019-13951 1 Gdnsd 1 Gdnsd 2020-08-24 7.5 HIGH 9.8 CRITICAL
The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.x before 3.2.1 has a stack-based buffer overflow via a long and malformed IPv4 address in zone data.
CVE-2019-14004 1 Qualcomm 92 Apq8009, Apq8009 Firmware, Apq8017 and 89 more 2020-08-24 10.0 HIGH 9.8 CRITICAL
Buffer overflow occurs while processing invalid MKV clip, which has invalid EBML size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
CVE-2019-14006 1 Qualcomm 88 Apq8009, Apq8009 Firmware, Apq8017 and 85 more 2020-08-24 10.0 HIGH 9.8 CRITICAL
Buffer overflow occur while playing the clip which is nonstandard due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130
CVE-2019-14192 1 Denx 1 U-boot 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.
CVE-2019-14198 1 Denx 1 U-boot 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.
CVE-2019-14200 1 Denx 1 U-boot 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.
CVE-2019-14209 2 Foxitsoftware, Microsoft 2 Phantompdf, Windows 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Heap Corruption due to data desynchrony when adding AcroForm.
CVE-2019-14310 1 Ricoh 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more 2020-08-24 10.0 HIGH 9.8 CRITICAL
Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets
CVE-2019-14299 1 Ricoh 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.
CVE-2019-14345 1 Vocabularyserver 1 Tematres 2020-08-24 7.5 HIGH 9.8 CRITICAL
TemaTres 3.0 allows remote unprivileged users to create an administrator account
CVE-2019-14551 1 Daskeyboard 4 Das Keyboard 4q, Das Keyboard 5q, Das Keyboard X50q and 1 more 2020-08-24 7.5 HIGH 9.8 CRITICAL
Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrated by a cross-origin /install request with an attacker-controlled releaseUrl, which triggers download and execution of code within a ZIP archive.
CVE-2019-14709 1 Microdigital 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
A cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The file in question is /usr/local/ipsca/mipsca.db. If a camera is compromised, the attacker can gain access to passwords and abuse them to compromise further systems.
CVE-2019-14965 1 Frappe 1 Frappe 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. A server side template injection (SSTI) issue exists.
CVE-2019-15027 1 Mediatek 6 Mt6577, Mt6577 Firmware, Mt6625 and 3 more 2020-08-24 10.0 HIGH 9.8 CRITICAL
The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in platform/mt6577/external/meta/emmc/meta_clr_emmc.c invokes 'system("/system/bin/rm -r /data/' followed by this filename upon an eMMC clearance from a Meta Mode boot. NOTE: compromise of Fire OS on the Amazon Echo Dot would require a second hypothetical vulnerability that allows creation of the required file under /data.
CVE-2019-15064 1 Hinet 2 Gpon, Gpon Firmware 2020-08-24 7.5 HIGH 9.8 CRITICAL
HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication.
CVE-2019-15066 1 Hinet 2 Gpon, Gpon Firmware 2020-08-24 10.0 HIGH 9.8 CRITICAL
An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
CVE-2019-15067 1 Gigastone 2 Smart Battery A2-25de, Smart Battery A2-25de Firmware 2020-08-24 10.0 HIGH 9.8 CRITICAL
An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?<= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the login page.
CVE-2019-15069 1 Gigastone 2 Smart Battery A4, Smart Battery A4 Firmware 2020-08-24 7.5 HIGH 9.8 CRITICAL
An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege.
CVE-2019-15088 1 Prise 1 Adas 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication.
CVE-2019-15321 1 Optiontree Project 1 Optiontree 2020-08-24 7.5 HIGH 9.8 CRITICAL
The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled.
CVE-2019-15322 1 Wpmadeasy 1 Shortcode Factory 2020-08-24 7.5 HIGH 9.8 CRITICAL
The shortcode-factory plugin before 2.8 for WordPress has Local File Inclusion.
CVE-2019-1580 1 Paloaltonetworks 1 Pan-os 2020-08-24 10.0 HIGH 9.8 CRITICAL
Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.
CVE-2019-15800 1 Zyxel 18 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 15 more 2020-08-24 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.)
CVE-2019-15554 1 Servo 1 Smallvec 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity.
CVE-2019-15741 1 Gitlab 1 Omnibus 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-15784 1 Srtalliance 1 Secure Reliable Transport 2020-08-24 7.5 HIGH 9.8 CRITICAL
Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array overflow if there are many SRT connections.