Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-12924 1 Mailenable 1 Mailenable 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host system. Because all credentials were stored in a cleartext file, it was possible to steal all users' credentials (including the highest privileged users).
CVE-2019-12530 1 Glpi Dashboard Project 1 Glpi Dashboard 2020-08-24 7.5 HIGH 9.8 CRITICAL
Incorrect access control was discovered in the stdonato Dashboard plugin through 0.9.7 for GLPI, affecting df.php, issue.php, load.php, mem.php, traf.php, and uptime.php in front/sh.
CVE-2019-12523 4 Canonical, Fedoraproject, Opensuse and 1 more 4 Ubuntu Linux, Fedora, Leap and 1 more 2020-08-24 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.
CVE-2019-12510 1 Netgear 2 Nighthawk X10-r9000, Nighthawk X10-r9000 Firmware 2020-08-24 6.4 MEDIUM 9.1 CRITICAL
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. As a result, an attacker may modify almost all of the device's settings and view various configuration settings.
CVE-2019-12503 1 Inateck 2 Bcst-60, Bcst-60 Firmware 2020-08-24 10.0 HIGH 9.8 CRITICAL
Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device.
CVE-2019-12468 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2020-08-24 7.5 HIGH 9.8 CRITICAL
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.
CVE-2019-12450 1 Gnome 1 Glib 2020-08-24 7.5 HIGH 9.8 CRITICAL
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
CVE-2019-12440 1 Sitecore 1 Rocks 2020-08-24 7.5 HIGH 9.8 CRITICAL
The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service.
CVE-2019-12428 1 Gitlab 1 Gitlab 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization.
CVE-2019-12373 1 Ivanti 1 Landesk Management Suite 2020-08-24 2.7 LOW 9.0 CRITICAL
Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords.
CVE-2019-12301 1 Percona 1 Percona Server 2020-08-24 10.0 HIGH 9.8 CRITICAL
The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2.
CVE-2019-12292 1 Citrix 1 Appdna 2020-08-24 7.5 HIGH 9.8 CRITICAL
Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control.
CVE-2019-12289 1 Vstracam 4 C38s, C38s Firmware, C7824wip and 1 more 2020-08-24 10.0 HIGH 9.8 CRITICAL
An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files within the internal firmware or even steal account information by executing a command.
CVE-2019-12277 1 Blogifier 1 Blogifier 2020-08-24 7.5 HIGH 9.8 CRITICAL
Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for .. in a pathname.
CVE-2019-12272 1 Openwrt 1 Luci 2020-08-24 7.5 HIGH 9.8 CRITICAL
In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.
CVE-2019-12208 1 Nginx 1 Njs 2020-08-24 7.5 HIGH 9.8 CRITICAL
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.
CVE-2019-12207 1 Nginx 1 Njs 2020-08-24 7.5 HIGH 9.8 CRITICAL
njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.
CVE-2019-12206 1 Nginx 1 Njs 2020-08-24 7.5 HIGH 9.8 CRITICAL
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.
CVE-2019-12164 1 Status 1 React Native Desktop 2020-08-24 7.5 HIGH 9.8 CRITICAL
ubuntu-server.js in Status React Native Desktop before v0.57.8_mobile_ui allows Remote Code Execution.
CVE-2019-12129 1 Onap 1 Open Network Automation Platform 2020-08-24 10.0 HIGH 9.8 CRITICAL
In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.
CVE-2019-12128 1 Onap 1 Open Network Automation Platform 2020-08-24 10.0 HIGH 9.8 CRITICAL
In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.
CVE-2019-12124 1 Onap 1 Open Network Automation Platform 2020-08-24 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interface, an unauthenticated attacker can read or overwrite an arbitrary file. All APPC setups are affected.
CVE-2019-12046 2 Debian, Lemonldap-ng 2 Debian Linux, Lemonldap\ 2020-08-24 7.5 HIGH 9.8 CRITICAL
LemonLDAP::NG -2.0.3 has Incorrect Access Control.
CVE-2019-11996 1 Hpe 10 Nimble Storage Af20 All Flash Array, Nimble Storage Af20q All Flash Dual Controller, Nimble Storage Af40 All Flash Dual Controller and 7 more 2020-08-24 10.0 HIGH 9.8 CRITICAL
Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.2.0, 4.5.5.0, 5.0.8.0 and 5.1.3.0.
CVE-2019-11988 1 Hpe 1 Smart Update Manager 2020-08-24 7.5 HIGH 9.8 CRITICAL
A Remote Unauthorized Access vulnerability was identified in HPE Smart Update Manager (SUM) earlier than version 8.3.5.
CVE-2019-11949 1 Hp 1 Intelligent Management Center 2020-08-24 10.0 HIGH 9.8 CRITICAL
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-11733 1 Mozilla 2 Firefox, Firefox Esr 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. This vulnerability affects Firefox < 68.0.2 and Firefox ESR < 68.0.2.
CVE-2019-11683 1 Linux 1 Linux Kernel 2020-08-24 10.0 HIGH 9.8 CRITICAL
udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue.
CVE-2019-11618 1 Doorgets 1 Doorgets Cms 2020-08-24 7.5 HIGH 9.8 CRITICAL
doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token in a uri=blog&action=index&controller=blog action to /api/index.php.
CVE-2019-11616 1 Doorgets 1 Doorgets Cms 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
doorGets 7.0 has a sensitive information disclosure vulnerability in /setup/temp/admin.php and /setup/temp/database.php. A remote unauthenticated attacker could exploit this vulnerability to obtain the administrator password.
CVE-2019-11705 1 Mozilla 1 Thunderbird 2020-08-24 7.5 HIGH 9.8 CRITICAL
A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
CVE-2019-11496 1 Couchbase 1 Couchbase Server 2020-08-24 6.4 MEDIUM 9.1 CRITICAL
In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets including "default" were changed to only allow access by authenticated users with sufficient authorization. However, users were allowed unauthenticated and unauthorized access to the "default" bucket if the properties of this bucket were edited. This has been fixed in versions 5.1.0 and 5.5.0.
CVE-2019-11383 1 Wifi Ftp Server Project 1 Wifi Ftp Server 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in the Medha WiFi FTP Server application 1.8.3 for Android. An attacker can read the username/password of a valid user via /data/data/com.medhaapps.wififtpserver/shared_prefs/com.medhaapps.wififtpserver_preferences.xml
CVE-2019-11211 1 Tibco 2 Enterprise Runtime For R, Spotfire Analytics Platform For Aws 2020-08-24 9.0 HIGH 9.9 CRITICAL
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0.
CVE-2019-11210 1 Tibco 2 Enterprise Runtime For R, Spotfire Analytics Platform For Aws 2020-08-24 10.0 HIGH 10.0 CRITICAL
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0.
CVE-2019-11208 1 Tibco 1 Api Exchange Gateway 2020-08-24 6.5 MEDIUM 9.9 CRITICAL
The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.'s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions.
CVE-2019-11196 1 Vpcsbd 1 Integrated University Management System 2020-08-24 10.0 HIGH 9.8 CRITICAL
An authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management System (IUMS) allows unauthenticated, remote attackers to gain administrator privileges via the Teachers Web Panel (TWP) User ID or Password field. If exploited, the attackers could perform any actions with administrator privileges (e.g., enumerate/delete all the students' personal information or modify various settings).
CVE-2019-11187 2 Debian, Gonicus 2 Debian Linux, Gosa 2020-08-24 7.5 HIGH 9.8 CRITICAL
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.
CVE-2019-11202 1 Rancher 1 Rancher 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. When Rancher starts for the first time, it creates a default admin user with a well-known password. After initial setup, the Rancher administrator may choose to delete this default admin user. If Rancher is restarted, the default admin user will be recreated with the well-known default password. An attacker could exploit this by logging in with the default admin credentials. This can be mitigated by deactivating the default admin user rather than completing deleting them.
CVE-2019-11119 1 Intel 1 Raid Web Console 3 2020-08-24 7.5 HIGH 9.8 CRITICAL
Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.
CVE-2019-11081 1 Dentsplysirona 1 Sidexis 2020-08-24 10.0 HIGH 9.8 CRITICAL
A default username and password in Dentsply Sirona Sidexis 4.3.1 and earlier allows an attacker to gain administrative access to the application server.
CVE-2019-11068 3 Canonical, Debian, Xmlsoft 3 Ubuntu Linux, Debian Linux, Libxslt 2020-08-24 7.5 HIGH 9.8 CRITICAL
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
CVE-2019-10914 1 Matrixssl 1 Matrixssl 2020-08-24 7.5 HIGH 9.8 CRITICAL
pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c.
CVE-2019-10913 1 Sensiolabs 1 Symfony 2020-08-24 7.5 HIGH 9.8 CRITICAL
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to symfony/http-foundation.
CVE-2019-10804 1 Serial-number Project 1 Serial-number 2020-08-24 7.5 HIGH 9.8 CRITICAL
serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation.
CVE-2019-10791 1 Promise-probe Project 1 Promise-probe 2020-08-24 7.5 HIGH 9.8 CRITICAL
promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization.
CVE-2019-10665 1 Librenms 1 Librenms 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files.
CVE-2018-0007 1 Juniper 1 Junos 2020-08-24 10.0 HIGH 9.8 CRITICAL
An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service. Further crafted packets may be able to sustain the denial of service condition. Score: 6.5 MEDIUM (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Further, if the attacker is authenticated on the target device receiving and processing the malicious LLDP packet, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over the target device thereby elevating their permissions and privileges, and taking control of the device. Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to one or more local segments, via LLDP proxy / tunneling agents or other LLDP through Layer 3 deployments, through one or more local segment broadcasts, may be able to cause multiple Junos devices to enter an improper boundary check condition allowing a memory corruption to occur, leading to multiple distributed Denials of Services. These Denials of Services attacks may have cascading Denials of Services to adjacent connected devices, impacts network devices, servers, workstations, etc. Further crafted packets may be able to sustain these Denials of Services conditions. Score 6.8 MEDIUM (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H) Further, if the attacker is authenticated on one or more target devices receiving and processing these malicious LLDP packets, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over multiple target devices thereby elevating their permissions and privileges, and taking control multiple devices. Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D46, 14.1X53-D50, 14.1X53-D107; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions prior to 15.1F2-S17, 15.1F5-S8, 15.1F6-S8, 15.1R5-S7, 15.1R7; 15.1X49 versions prior to 15.1X49-D90; 15.1X53 versions prior to 15.1X53-D65; 16.1 versions prior to 16.1R4-S6, 16.1R5; 16.1X65 versions prior to 16.1X65-D45; 16.2 versions prior to 16.2R2; 17.1 versions prior to 17.1R2. No other Juniper Networks products or platforms are affected by this issue.
CVE-2019-10661 1 Grandstream 2 Gxv3611ir Hd, Gxv3611ir Hd Firmware 2020-08-24 10.0 HIGH 9.8 CRITICAL
On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password.
CVE-2019-10269 1 Burrow-wheeler Aligner Project 1 Burrow-wheeler Aligner 2020-08-24 10.0 HIGH 9.8 CRITICAL
BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.