Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16100 | 1 Silver-peak | 2 Unity Edgeconnect Sd-wan, Unity Edgeconnect Sd-wan Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source. | |||||
| CVE-2019-16103 | 1 Silver-peak | 2 Unity Edgeconnect Sd-wan, Unity Edgeconnect Sd-wan Firmware | 2020-08-24 | 9.0 HIGH | 7.2 HIGH |
| Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature. | |||||
| CVE-2019-16108 | 1 Phpbb | 1 Phpbb | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) token sequence to a page through BBCode. | |||||
| CVE-2019-16110 | 1 Blade-group | 1 Shadow | 2020-08-24 | 6.8 MEDIUM | 8.1 HIGH |
| The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream. | |||||
| CVE-2019-16115 | 1 Glyphandcog | 1 Xpdfreader | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact. | |||||
| CVE-2019-16120 | 1 Tri | 1 Event Tickets | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature. | |||||
| CVE-2019-16137 | 1 Spin-rs Project | 1 Spin-rs | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is used. Because memory ordering is mishandled, two writers can acquire the lock at the same time, violating mutual exclusion. | |||||
| CVE-2019-16144 | 1 Generator-rs Project | 1 Generator-rs | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield_ during API calls. | |||||
| CVE-2019-16155 | 1 Fortinet | 1 Forticlient | 2020-08-24 | 6.6 MEDIUM | 7.1 HIGH |
| A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite. | |||||
| CVE-2019-16163 | 1 Oniguruma Project | 1 Oniguruma | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. | |||||
| CVE-2019-16170 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.5 MEDIUM | 7.1 HIGH |
| An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control. | |||||
| CVE-2019-16187 | 1 Limesurvey | 1 Limesurvey | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script. | |||||
| CVE-2019-16200 | 1 Gnu | 1 Serveez | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the http_cgi_write function under http-cgi.c; however, exploitation might show svz_envblock_add in libserveez/passthrough.c as the location of the heap-based buffer over-read. | |||||
| CVE-2019-16247 | 1 Deltaww | 1 Dcisoft | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Delta DCISoft 1.21 has a User Mode Write AV starting at CommLib!CCommLib::SetSerializeData+0x000000000000001b. | |||||
| CVE-2019-16250 | 1 Oceanwp | 1 Ocean Extra | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets (CSS) token sequence. | |||||
| CVE-2019-2299 | 1 Qualcomm | 80 Ipq4019, Ipq4019 Firmware, Ipq8064 and 77 more | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| An out-of-bound write can be triggered by a specially-crafted command supplied by a userspace application. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM660, SDX20, SDX24 | |||||
| CVE-2019-2301 | 1 Qualcomm | 48 Ipq4019, Ipq4019 Firmware, Ipq8064 and 45 more | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Possibility of out-of-bound read if id received from SPI is not in range of FIFO in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9980, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX24 | |||||
| CVE-2019-16253 | 1 Samsung | 1 Text-to-speech | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755. | |||||
| CVE-2019-16255 | 3 Debian, Opensuse, Ruby-lang | 3 Debian Linux, Leap, Ruby | 2020-08-24 | 6.8 MEDIUM | 8.1 HIGH |
| Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. | |||||
| CVE-2019-16277 | 1 Picoc Project | 1 Picoc | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c. | |||||
| CVE-2019-16284 | 1 Hp | 204 260 G1 Dm, 260 G1 Dm Firmware, 280 Pro G1 and 201 more | 2020-08-24 | 9.0 HIGH | 7.2 HIGH |
| A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250. | |||||
| CVE-2019-16288 | 1 Tenda | 2 N301, N301 Firmware | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| On Tenda N301 wireless routers, a long string in the wifiSSID parameter of a goform/setWifi POST request causes the device to crash. | |||||
| CVE-2019-16294 | 2 Notepad-plus-plus, Scintilla | 2 Notepad\+\+, Scintilla | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file. | |||||
| CVE-2019-16305 | 2 Microsoft, Mobatek | 2 Windows, Mobaxterm | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI. | |||||
| CVE-2019-16313 | 1 Ifw8 | 10 Fr5, Fr5-e, Fr5-e Firmware and 7 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code. | |||||
| CVE-2019-16328 | 1 Rpyc Project | 1 Rpyc | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings. | |||||
| CVE-2019-16346 | 1 Ngiflib Project | 1 Ngiflib | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. | |||||
| CVE-2019-16347 | 1 Ngiflib Project | 1 Ngiflib | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. | |||||
| CVE-2019-16403 | 1 Webkul | 1 Bagisto | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers. | |||||
| CVE-2019-16469 | 1 Adobe | 1 Experience Manager | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2019-16645 | 1 Embedthis | 1 Goahead | 2020-08-24 | 5.0 MEDIUM | 8.6 HIGH |
| An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack. | |||||
| CVE-2019-16675 | 1 Phoenixcontact | 3 Config\+, Pc Worx, Pc Worx Express | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation. | |||||
| CVE-2019-16731 | 2 Petwant, Skymee | 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings. | |||||
| CVE-2019-16866 | 2 Canonical, Nlnetlabs | 2 Ubuntu Linux, Unbound | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule. | |||||
| CVE-2019-16877 | 1 Portainer | 1 Portainer | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). | |||||
| CVE-2019-16889 | 1 Ui | 24 Ep-r6, Ep-r6 Firmware, Ep-r8 and 21 more | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs. | |||||
| CVE-2019-16899 | 1 Advantech | 1 Webaccess\/hmi Designer | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. | |||||
| CVE-2019-16900 | 1 Advantech | 1 Webaccess\/hmi Designer | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. | |||||
| CVE-2019-16906 | 1 Infosysta | 1 In-app \& Desktop Notifications | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These notifications are then no longer displayed to the normal user. | |||||
| CVE-2019-16913 | 1 Pcprotect | 1 Antivirus | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as LocalSystem. This allows any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a Trojan horse. | |||||
| CVE-2019-16964 | 1 Fusionpbx | 1 Fusionpbx | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any commands on the host as www-data. | |||||
| CVE-2019-16965 | 1 Fusionpbx | 1 Fusionpbx | 2020-08-24 | 9.0 HIGH | 7.2 HIGH |
| resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data. | |||||
| CVE-2019-17009 | 3 Microsoft, Mozilla, Opensuse | 5 Windows, Firefox, Firefox Esr and 2 more | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | |||||
| CVE-2019-17025 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 72. | |||||
| CVE-2019-17190 | 1 Avast | 1 Secure Browser | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the elevated process cleans the ACL of the Update.ini file in %PROGRAMDATA%\Avast Software\Browser\Update\ and sets all privileges to group Everyone. Because any low-privileged user can create, delete, or modify the Update.ini file stored in this location, an attacker with low privileges can create a hard link named Update.ini in this folder, and make it point to a file writable by NT AUTHORITY\SYSTEM. Once AvastBrowserUpdate.exe is triggered by the update check functionality, the DACL is set to a misconfigured value on the crafted Update.ini and, consequently, to the target file that was previously not writable by the low-privileged attacker. | |||||
| CVE-2019-17201 | 1 Fasttracksoftware | 1 Admin By Request | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service (Audckq32.exe) using a .NET named pipe. If the underlying service responds that a user is permitted access to the elevation feature, the client then reinitiates communication with the underlying service and requests elevation. This elevation request has no local checks in the service, and depends on client-side validation in the AdminByRequest.exe interface, i.e., it is a vulnerable exposed functionality in the service. By communicating directly with the underlying service, any user can request elevation and obtain Administrator privilege regardless of group policies or permissions. | |||||
| CVE-2019-17214 | 1 Webarxsecurity | 1 Webarx | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI. | |||||
| CVE-2019-17219 | 1 Vzug | 2 Combi-stream Mslq, Combi-stream Mslq Firmware | 2020-08-24 | 5.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able to use the network interface without proper access control. | |||||
| CVE-2019-17260 | 1 Mpc-hc | 1 Mpc-hc | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| MPC-HC through 1.7.13 allows a Read Access Violation on a Block Data Move starting at mpc_hc!memcpy+0x000000000000004e. | |||||
| CVE-2019-17274 | 1 Netapp | 6 All Flash Fabric-attached Storage A400, All Flash Fabric-attached Storage A400 Firmware, Fabric-attached Storage 8300 and 3 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access. | |||||