Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10052 | 1 Suricata-ids | 1 Suricata | 2019-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this point, the Rust environment runs into a panic in parse_clientid_option in the dhcp/parser.rs file. | |||||
| CVE-2019-6113 | 1 Onkyo | 2 Tx-nr686, Tx-nr686 Firmware | 2019-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. (dot dot) and %2f to the default URI. | |||||
| CVE-2019-15642 | 1 Webmin | 1 Webmin | 2019-09-04 | 6.5 MEDIUM | 8.8 HIGH |
| rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users." | |||||
| CVE-2019-13608 | 1 Citrix | 1 Storefront Server | 2019-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks. | |||||
| CVE-2019-15787 | 1 Libzetta-rs Project | 1 Libzetta-rs | 2019-09-04 | 7.8 HIGH | 7.5 HIGH |
| libZetta.rs through 0.1.2 has an integer overflow in the zpool parser (for error stats) that leads to a panic. | |||||
| CVE-2019-15835 | 1 Wp Better Permalinks Project | 1 Wp Better Permalinks | 2019-09-04 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF. | |||||
| CVE-2019-15770 | 1 Hallme | 1 Woocommerce Address Book | 2019-09-04 | 6.8 MEDIUM | 8.8 HIGH |
| The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks. | |||||
| CVE-2019-15834 | 1 Webp Converter For Media Project | 1 Webp Converter For Media | 2019-09-04 | 6.8 MEDIUM | 8.8 HIGH |
| The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF. | |||||
| CVE-2019-13268 | 1 Tp-link | 4 Archer C2 V1, Archer C2 V1 Firmware, Archer C3200 V1 and 1 more | 2019-09-04 | 5.8 MEDIUM | 8.8 HIGH |
| TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.) | |||||
| CVE-2019-13269 | 1 Edimax | 2 Br-6208ac V1, Br-6208ac V1 Firmware | 2019-09-04 | 5.8 MEDIUM | 8.8 HIGH |
| Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. | |||||
| CVE-2019-13270 | 1 Edimax | 2 Br-6208ac V1, Br-6208ac V1 Firmware | 2019-09-04 | 5.8 MEDIUM | 8.8 HIGH |
| Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. | |||||
| CVE-2019-15779 | 1 Quadlayers | 1 Wp Social Feed Gallery | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete. | |||||
| CVE-2016-10931 | 1 Openssl Project | 1 Openssl | 2019-09-03 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification. | |||||
| CVE-2019-15841 | 1 Facebook | 1 Facebook For Woocommerce | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. | |||||
| CVE-2019-15868 | 1 Wpaffiliatemanager | 1 Affiliates Manager | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The affiliates-manager plugin before 2.6.6 for WordPress has CSRF. | |||||
| CVE-2019-15831 | 1 Wp-buy | 1 Visitor Traffic Real Time Statistics | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page. | |||||
| CVE-2019-15832 | 1 Wp-buy | 1 Visitor Traffic Real Time Statistics | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF. | |||||
| CVE-2015-9380 | 1 10web | 1 Photo Gallery | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The photo-gallery plugin before 1.2.42 for WordPress has CSRF. | |||||
| CVE-2019-15541 | 1 Rustls Project | 1 Rustls | 2019-09-03 | 5.0 MEDIUM | 7.5 HIGH |
| rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service (loop of conn_event and ready) by arranging for a client to never be writable. | |||||
| CVE-2018-11796 | 1 Apache | 1 Tika | 2019-09-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later. | |||||
| CVE-2019-15865 | 1 Holest | 1 Breadcrumbs By Menu | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF. | |||||
| CVE-2019-15640 | 1 Limesurvey | 1 Limesurvey | 2019-09-03 | 5.0 MEDIUM | 7.5 HIGH |
| Limesurvey before 3.17.10 does not validate both the MIME type and file extension of an image. | |||||
| CVE-2019-11364 | 1 Prophecyinternational | 1 Snare Central | 2019-09-03 | 9.0 HIGH | 7.2 HIGH |
| An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNAS_share parameter. | |||||
| CVE-2019-11363 | 1 Prophecyinternational | 1 Snare Central | 2019-09-03 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter. | |||||
| CVE-2019-7364 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2019-09-03 | 6.8 MEDIUM | 7.8 HIGH |
| DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution. | |||||
| CVE-2019-15840 | 1 Facebook | 1 Facebook For Woocommerce | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF. | |||||
| CVE-2018-16966 | 1 File Manager Project | 1 File Manager | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. | |||||
| CVE-2019-10751 | 1 Httpie | 1 Httpie | 2019-09-02 | 5.8 MEDIUM | 8.8 HIGH |
| All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control. | |||||
| CVE-2018-5766 | 1 Libav | 1 Libav | 2019-09-02 | 6.8 MEDIUM | 8.8 HIGH |
| In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted avi file. | |||||
| CVE-2017-9987 | 1 Libav | 1 Libav | 2019-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. A crafted input can lead to a remote denial of service attack. | |||||
| CVE-2018-11102 | 1 Libav | 1 Libav | 2019-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Libav 12.3. A read access violation in the mov_probe function in libavformat/mov.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. | |||||
| CVE-2015-4089 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2019-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page. | |||||
| CVE-2019-15781 | 1 Weblizar | 1 Social Likebox \& Feed | 2019-08-30 | 6.8 MEDIUM | 8.8 HIGH |
| The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF. | |||||
| CVE-2019-15701 | 1 Bloodhound Project | 1 Bloodhound | 2019-08-30 | 6.8 MEDIUM | 8.8 HIGH |
| components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands (by spawning a child process as the current user on the victim's machine) when the search function's autocomplete feature is used. The victim must import data from an Active Directory with a GPO containing JavaScript in its name. | |||||
| CVE-2019-15496 | 1 Manageyourteam | 1 Myt Project Management | 2019-08-30 | 6.8 MEDIUM | 8.8 HIGH |
| MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page. | |||||
| CVE-2019-1936 | 1 Cisco | 3 Integrated Management Controller Supervisor, Ucs Director, Ucs Director Express For Big Data | 2019-08-30 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. Exploitation of this vulnerability requires privileged access to an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrator privileges and then sending a malicious request to a certain part of the interface. | |||||
| CVE-2018-5738 | 2 Canonical, Isc | 2 Ubuntu Linux, Bind | 2019-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the "allow-recursion" setting, it SHOULD default to one of the following: none, if "recursion no;" is set in named.conf; a value inherited from the "allow-query-cache" or "allow-query" settings IF "recursion yes;" (the default for that setting) AND match lists are explicitly set for "allow-query-cache" or "allow-query" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of "allow-recursion {localhost; localnets;};" if "recursion yes;" is in effect and no values are explicitly set for "allow-query-cache" or "allow-query". However, because of the regression introduced by change #4777, it is possible when "recursion yes;" is in effect and no match list values are provided for "allow-query-cache" or "allow-query" for the setting of "allow-recursion" to inherit a setting of all hosts from the "allow-query" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition. | |||||
| CVE-2019-7363 | 1 Autodesk | 1 Design Review | 2019-08-30 | 6.8 MEDIUM | 7.8 HIGH |
| Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a use-after-free vulnerability, which may result in code execution. | |||||
| CVE-2019-15649 | 1 Elearningfreak | 1 Insert Or Embed Articulate Content | 2019-08-30 | 6.5 MEDIUM | 8.8 HIGH |
| The insert-or-embed-articulate-content-into-wordpress plugin before 4.2999 for WordPress has insufficient restrictions on file upload. | |||||
| CVE-2019-15525 | 1 Pw3270 Project | 1 Pw3270 | 2019-08-30 | 6.8 MEDIUM | 8.1 HIGH |
| There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1. | |||||
| CVE-2019-15658 | 1 Connect-pg-simple Project | 1 Connect-pg-simple | 2019-08-30 | 7.5 HIGH | 7.3 HIGH |
| connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data. | |||||
| CVE-2019-14258 | 1 Zenoss | 1 Zenoss | 2019-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988. | |||||
| CVE-2017-18589 | 1 Cookie Project | 1 Cookie | 2019-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the cookie crate before 0.7.6 for Rust. Large integers in the Max-Age of a cookie cause a panic. | |||||
| CVE-2018-20989 | 1 Untrusted Project | 1 Untrusted | 2019-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the untrusted crate before 0.6.2 for Rust. Error handling can trigger an integer underflow and panic. | |||||
| CVE-2019-11029 | 1 Mirasys | 1 Mirasys Vms | 2019-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download() method of AutoUpdateService in SMServer.exe, leading to Directory Traversal. An attacker could use ..\ with this method to iterate over lists of interesting system files and download them without previous authentication. This includes SAM-database backups, Web.config files, etc. and might cause a serious impact on confidentiality. | |||||
| CVE-2019-9153 | 1 Openpgpjs | 1 Openpgpjs | 2019-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature. | |||||
| CVE-2019-9154 | 1 Openpgpjs | 1 Openpgpjs | 2019-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed. | |||||
| CVE-2019-15546 | 1 Pancurses Project | 1 Pancurses | 2019-08-29 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities. | |||||
| CVE-2015-9348 | 1 Codepeople | 1 Sell Downloads | 2019-08-29 | 5.0 MEDIUM | 7.5 HIGH |
| The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs. | |||||
| CVE-2019-15547 | 1 Ncurses Project | 1 Ncurses | 2019-08-29 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled. | |||||