jell.ie CVEs

Read at: 2019-09-22T01:24:10+01:00

CVE-2019-16681

The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to file disclosure and XSS.

Source: National Vulnerability Database | 21 Sep 2019 | 10:15 pm IST

CVE-2019-16680

An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.

Source: National Vulnerability Database | 21 Sep 2019 | 10:15 pm IST

CVE-2019-16679

Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.

Source: National Vulnerability Database | 21 Sep 2019 | 9:15 pm IST

CVE-2019-16678

admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.

Source: National Vulnerability Database | 21 Sep 2019 | 9:15 pm IST

CVE-2019-16677

An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.

Source: National Vulnerability Database | 21 Sep 2019 | 9:15 pm IST

CVE-2019-16669

The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.

Source: National Vulnerability Database | 21 Sep 2019 | 8:15 pm IST

CVE-2019-16661

Ogma CMS 0.5 has XSS via creation of a new blog.

Source: National Vulnerability Database | 21 Sep 2019 | 7:15 pm IST

CVE-2019-16660

joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF.

Source: National Vulnerability Database | 21 Sep 2019 | 7:15 pm IST

CVE-2019-16656

joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database.

Source: National Vulnerability Database | 21 Sep 2019 | 7:15 pm IST

CVE-2019-16657

TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/.

Source: National Vulnerability Database | 21 Sep 2019 | 7:15 pm IST

CVE-2019-16658

TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF.

Source: National Vulnerability Database | 21 Sep 2019 | 7:15 pm IST

CVE-2019-16659

TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF.

Source: National Vulnerability Database | 21 Sep 2019 | 7:15 pm IST

CVE-2019-16664

An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter.

Source: National Vulnerability Database | 21 Sep 2019 | 7:15 pm IST

CVE-2019-16665

An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element.

Source: National Vulnerability Database | 21 Sep 2019 | 7:15 pm IST

CVE-2019-16655

joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available.

Source: National Vulnerability Database | 21 Sep 2019 | 7:15 pm IST

CVE-2019-16650

On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC.

Source: National Vulnerability Database | 21 Sep 2019 | 3:15 am IST

CVE-2019-16649

On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC.

Source: National Vulnerability Database | 21 Sep 2019 | 3:15 am IST

CVE-2019-6650

F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings.

Source: National Vulnerability Database | 20 Sep 2019 | 9:15 pm IST

CVE-2019-15138

The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.

Source: National Vulnerability Database | 20 Sep 2019 | 9:15 pm IST

CVE-2019-6145

Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us.

Source: National Vulnerability Database | 20 Sep 2019 | 9:15 pm IST

CVE-2019-6649

F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.

Source: National Vulnerability Database | 20 Sep 2019 | 9:15 pm IST

CVE-2015-9406

Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php.

Source: National Vulnerability Database | 20 Sep 2019 | 9:15 pm IST

CVE-2014-10397

The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php.

Source: National Vulnerability Database | 20 Sep 2019 | 9:15 pm IST

CVE-2014-10396

The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php.

Source: National Vulnerability Database | 20 Sep 2019 | 9:15 pm IST

CVE-2019-14816

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

Source: National Vulnerability Database | 20 Sep 2019 | 8:15 pm IST

CVE-2019-14814

There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

Source: National Vulnerability Database | 20 Sep 2019 | 8:15 pm IST

CVE-2018-17789

Prospecta Master Data Online (MDO) allows CSRF.

Source: National Vulnerability Database | 20 Sep 2019 | 8:15 pm IST

CVE-2019-11326

An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as a guest, an attacker can browse a URL to read the password of the administrative user. The same procedure allows a regular user to gain administrative privileges. The guest login is possible in the default configuration.

Source: National Vulnerability Database | 20 Sep 2019 | 8:15 pm IST

CVE-2019-16645

An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack.

Source: National Vulnerability Database | 20 Sep 2019 | 8:15 pm IST

CVE-2019-11280

Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to.

Source: National Vulnerability Database | 20 Sep 2019 | 8:15 pm IST

CVE-2019-11327

An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system.

Source: National Vulnerability Database | 20 Sep 2019 | 8:15 pm IST

CVE-2019-5521

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.

Source: National Vulnerability Database | 20 Sep 2019 | 7:15 pm IST

CVE-2018-11200

An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field.

Source: National Vulnerability Database | 20 Sep 2019 | 7:15 pm IST

CVE-2019-16534

On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product.

Source: National Vulnerability Database | 20 Sep 2019 | 5:15 pm IST

CVE-2019-16643 (zrlog)

An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area.

Source: National Vulnerability Database | 20 Sep 2019 | 5:15 pm IST

CVE-2019-16644 (tuzicms)

App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring.

Source: National Vulnerability Database | 20 Sep 2019 | 5:15 pm IST

CVE-2015-9407 (xpinner_lite)

The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS.

Source: National Vulnerability Database | 20 Sep 2019 | 5:15 pm IST

CVE-2015-9408 (xpinner_lite)

The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.

Source: National Vulnerability Database | 20 Sep 2019 | 5:15 pm IST

CVE-2019-4565 (security_key_lifecycle_manager)

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626.

Source: National Vulnerability Database | 20 Sep 2019 | 5:15 pm IST

CVE-2019-4505 (websphere_application_server, websphere_virtual_enterprise)

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.

Source: National Vulnerability Database | 20 Sep 2019 | 5:15 pm IST

CVE-2019-16533

On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.

Source: National Vulnerability Database | 20 Sep 2019 | 5:15 pm IST

CVE-2015-9405 (wp-piwik)

The wp-piwik plugin before 1.0.5 for WordPress has XSS.

Source: National Vulnerability Database | 20 Sep 2019 | 5:15 pm IST

CVE-2015-9399 (wp-stats-dashboard)

The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection.

Source: National Vulnerability Database | 20 Sep 2019 | 5:15 pm IST

CVE-2015-9397 (gocodes)

The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS.

Source: National Vulnerability Database | 20 Sep 2019 | 5:15 pm IST

CVE-2015-9400 (wordpress_meta_robots)

The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection.

Source: National Vulnerability Database | 20 Sep 2019 | 5:15 pm IST

CVE-2015-9401 (websimon-tables)

The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS.

Source: National Vulnerability Database | 20 Sep 2019 | 5:15 pm IST

CVE-2015-9402

The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload.

Source: National Vulnerability Database | 20 Sep 2019 | 5:15 pm IST

CVE-2015-9403 (neuvoo_jobs)

The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS.

Source: National Vulnerability Database | 20 Sep 2019 | 5:15 pm IST

CVE-2015-9404 (neuvoo-jobroll)

The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS.

Source: National Vulnerability Database | 20 Sep 2019 | 5:15 pm IST

CVE-2015-9398 (gocodes)

The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection.

Source: National Vulnerability Database | 20 Sep 2019 | 5:15 pm IST

CVE-2015-9396 (auto_thickbox_plus)

The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS.

Source: National Vulnerability Database | 20 Sep 2019 | 5:15 pm IST

CVE-2015-9393 (users_ultra_membership)

The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter.

Source: National Vulnerability Database | 20 Sep 2019 | 5:15 pm IST

CVE-2015-9395 (users_ultra_membership)

The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action.

Source: National Vulnerability Database | 20 Sep 2019 | 5:15 pm IST

CVE-2015-9392 (users_ultra_membership)

The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter.

Source: National Vulnerability Database | 20 Sep 2019 | 5:15 pm IST

CVE-2015-9394 (users_ultra_membership)

The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php.

Source: National Vulnerability Database | 20 Sep 2019 | 5:15 pm IST

CVE-2019-16642 (tuzicms)

App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2016-11010 (wp-invoice)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2016-11000 (ultimate_exporter)

The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2016-11009 (wp-invoice)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2016-11007 (wp-invoice)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2016-11008 (wp-invoice)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2016-10999 (goodnews)

The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2016-11011 (wp-invoice)

The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2016-11006 (wp-invoice)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2016-11004 (monarch)

The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2016-11005 (instalinker)

The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2016-11001 (user_submitted_posts)

The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2016-11013 (impress_listings)

The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2016-11012 (sola_support_tickets)

The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2016-11003 (monarch)

The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2016-11002 (extra)

The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2015-9391 (yawpp)

The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2015-9389 (mtouch_quiz)

The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2015-9390

The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2016-10996 (optinmonster)

The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2016-10997 (beauty-premium)

The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2016-10998 (ocim-mp3)

The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2015-9388

The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2015-9387

The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2015-9384 (relevant)

The relevant plugin before 1.0.8 for WordPress has XSS.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2015-9386 (mtouch_quiz)

The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2015-9385 (quotes_and_tips)

The quotes-and-tips plugin before 1.20 for WordPress has XSS.

Source: National Vulnerability Database | 20 Sep 2019 | 4:15 pm IST

CVE-2019-15089 (adas)

An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator.

Source: National Vulnerability Database | 20 Sep 2019 | 3:15 pm IST

CVE-2019-15087 (adas)

An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution.

Source: National Vulnerability Database | 20 Sep 2019 | 3:15 pm IST

CVE-2019-14916

An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an unrestricted file upload.

Source: National Vulnerability Database | 20 Sep 2019 | 3:15 pm IST

CVE-2019-15085 (adas)

An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form.

Source: National Vulnerability Database | 20 Sep 2019 | 3:15 pm IST

CVE-2019-15086 (adas)

An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message.

Source: National Vulnerability Database | 20 Sep 2019 | 3:15 pm IST

CVE-2019-15088 (adas)

An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication.

Source: National Vulnerability Database | 20 Sep 2019 | 3:15 pm IST

CVE-2019-14913

An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel.

Source: National Vulnerability Database | 20 Sep 2019 | 3:15 pm IST

CVE-2019-14914

An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal.

Source: National Vulnerability Database | 20 Sep 2019 | 3:15 pm IST

CVE-2019-14915

An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate.

Source: National Vulnerability Database | 20 Sep 2019 | 3:15 pm IST

CVE-2019-14911

An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS.

Source: National Vulnerability Database | 20 Sep 2019 | 3:15 pm IST

CVE-2019-14912

An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie.

Source: National Vulnerability Database | 20 Sep 2019 | 3:15 pm IST

CVE-2019-16531 (layerbb)

LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.

Source: National Vulnerability Database | 20 Sep 2019 | 3:16 am IST

CVE-2019-9720 (libav)

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.

Source: National Vulnerability Database | 19 Sep 2019 | 10:15 pm IST

CVE-2019-9719 (libav)

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.

Source: National Vulnerability Database | 19 Sep 2019 | 10:15 pm IST

CVE-2019-9717 (libav)

In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.

Source: National Vulnerability Database | 19 Sep 2019 | 10:15 pm IST

CVE-2019-16525 (checklist)

An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.

Source: National Vulnerability Database | 19 Sep 2019 | 9:15 pm IST

CVE-2019-9619

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Source: National Vulnerability Database | 19 Sep 2019 | 9:15 pm IST

CVE-2019-14821 (enterprise_linux, linux_kernel)

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.

Source: National Vulnerability Database | 19 Sep 2019 | 7:15 pm IST

count: 100