jell.ie CVEs

Read at: 2019-12-10T14:51:11+00:00

CVE-2019-19698

marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c.

Source: National Vulnerability Database | 10 Dec 2019 | 7:15 am GMT

CVE-2019-4612

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.

Source: National Vulnerability Database | 9 Dec 2019 | 11:15 pm GMT

CVE-2019-4611

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519.

Source: National Vulnerability Database | 9 Dec 2019 | 11:15 pm GMT

CVE-2019-4621

IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.

Source: National Vulnerability Database | 9 Dec 2019 | 11:15 pm GMT

CVE-2019-4428

IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162807.

Source: National Vulnerability Database | 9 Dec 2019 | 11:15 pm GMT

CVE-2019-19230

An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.

Source: National Vulnerability Database | 9 Dec 2019 | 9:15 pm GMT

CVE-2013-0342

The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294.

Source: National Vulnerability Database | 9 Dec 2019 | 9:15 pm GMT

CVE-2014-0242

mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.

Source: National Vulnerability Database | 9 Dec 2019 | 8:15 pm GMT

CVE-2015-7892

Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call.

Source: National Vulnerability Database | 9 Dec 2019 | 8:15 pm GMT

CVE-2015-3425

Cross-site scripting (XSS) vulnerability in Accentis Content Resource Management System before October 2015 patch allows remote attackers to inject arbitrary web script or HTML via the ctl00$cph_content$_uig_formState parameter.

Source: National Vulnerability Database | 9 Dec 2019 | 8:15 pm GMT

CVE-2015-3424

SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter.

Source: National Vulnerability Database | 9 Dec 2019 | 8:15 pm GMT

CVE-2019-19646

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.

Source: National Vulnerability Database | 9 Dec 2019 | 7:15 pm GMT

CVE-2015-1853

chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets.

Source: National Vulnerability Database | 9 Dec 2019 | 7:15 pm GMT

CVE-2015-0841

Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line.

Source: National Vulnerability Database | 9 Dec 2019 | 7:15 pm GMT

CVE-2019-18190

Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances.

Source: National Vulnerability Database | 9 Dec 2019 | 7:15 pm GMT

CVE-2019-19603

SQLite 3.30.1, during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name, as demonstrated by the sqlite_ substring.

Source: National Vulnerability Database | 9 Dec 2019 | 7:15 pm GMT

CVE-2019-18380

Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication.

Source: National Vulnerability Database | 9 Dec 2019 | 6:15 pm GMT

CVE-2019-12424

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Source: National Vulnerability Database | 9 Dec 2019 | 6:15 pm GMT

CVE-2018-17185

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Source: National Vulnerability Database | 9 Dec 2019 | 6:15 pm GMT

CVE-2019-19687

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.)

Source: National Vulnerability Database | 9 Dec 2019 | 6:15 pm GMT

CVE-2019-19685

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions.

Source: National Vulnerability Database | 9 Dec 2019 | 5:15 pm GMT

CVE-2019-19682

nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/[id] Admin/Blog/BlogPostEdit/[id]. NOTE: the vendor reportedly considers this a "feature" because the affected components are an HTML content editor.

Source: National Vulnerability Database | 9 Dec 2019 | 5:15 pm GMT

CVE-2019-19683

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs.

Source: National Vulnerability Database | 9 Dec 2019 | 5:15 pm GMT

CVE-2019-19684

nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to upload a crafted Facebook Auth plugin.

Source: National Vulnerability Database | 9 Dec 2019 | 5:15 pm GMT

CVE-2019-14251

An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer() to traverse the file system and access files or directories that are outside of the restricted directory because WealthT24/GetImage is used with the docDownloadPath and uploadLocation parameters.

Source: National Vulnerability Database | 9 Dec 2019 | 5:15 pm GMT

CVE-2019-19678

In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test issue.

Source: National Vulnerability Database | 9 Dec 2019 | 4:15 pm GMT

CVE-2019-19679

In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action for a new Test Issue.

Source: National Vulnerability Database | 9 Dec 2019 | 4:15 pm GMT

CVE-2019-19645

alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.

Source: National Vulnerability Database | 9 Dec 2019 | 4:15 pm GMT

CVE-2019-19648

In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.

Source: National Vulnerability Database | 9 Dec 2019 | 1:15 am GMT

CVE-2019-19647

radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.

Source: National Vulnerability Database | 9 Dec 2019 | 1:15 am GMT

CVE-2019-19642

On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareName. The attacker can achieve a persistent backdoor.

Source: National Vulnerability Database | 8 Dec 2019 | 4:15 am GMT

CVE-2019-19638 (libsixel)

An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.

Source: National Vulnerability Database | 8 Dec 2019 | 3:15 am GMT

CVE-2019-19637 (libsixel)

An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.

Source: National Vulnerability Database | 8 Dec 2019 | 3:15 am GMT

CVE-2019-19635 (libsixel)

An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c.

Source: National Vulnerability Database | 8 Dec 2019 | 3:15 am GMT

CVE-2019-19636 (libsixel)

An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c.

Source: National Vulnerability Database | 8 Dec 2019 | 3:15 am GMT

CVE-2019-19630

HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document.

Source: National Vulnerability Database | 8 Dec 2019 | 2:15 am GMT

CVE-2019-19448 (linux_kernel)

In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.

Source: National Vulnerability Database | 8 Dec 2019 | 2:15 am GMT

CVE-2019-19449 (linux_kernel)

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated).

Source: National Vulnerability Database | 8 Dec 2019 | 2:15 am GMT

CVE-2019-19447 (linux_kernel)

In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.

Source: National Vulnerability Database | 8 Dec 2019 | 1:15 am GMT

CVE-2019-16772 (serialize-to-js)

The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.

Source: National Vulnerability Database | 7 Dec 2019 | 12:15 am GMT

CVE-2019-9464 (android)

In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068

Source: National Vulnerability Database | 6 Dec 2019 | 11:15 pm GMT

CVE-2019-2231 (android)

In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-141955555

Source: National Vulnerability Database | 6 Dec 2019 | 11:15 pm GMT

CVE-2019-2232 (android)

In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140632678

Source: National Vulnerability Database | 6 Dec 2019 | 11:15 pm GMT

CVE-2019-2220 (android)

In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-138636979

Source: National Vulnerability Database | 6 Dec 2019 | 11:15 pm GMT

CVE-2019-2222 (android)

n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140322595

Source: National Vulnerability Database | 6 Dec 2019 | 11:15 pm GMT

CVE-2019-2223 (android)

In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140692129

Source: National Vulnerability Database | 6 Dec 2019 | 11:15 pm GMT

CVE-2019-2226 (android)

In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140152619

Source: National Vulnerability Database | 6 Dec 2019 | 11:15 pm GMT

CVE-2019-2227 (android)

In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-140768453

Source: National Vulnerability Database | 6 Dec 2019 | 11:15 pm GMT

CVE-2019-2229 (android)

In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139803872

Source: National Vulnerability Database | 6 Dec 2019 | 11:15 pm GMT

CVE-2019-2228 (android)

In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196

Source: National Vulnerability Database | 6 Dec 2019 | 11:15 pm GMT

CVE-2019-2230 (android)

In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141170038

Source: National Vulnerability Database | 6 Dec 2019 | 11:15 pm GMT

CVE-2019-2224 (android)

In ReadMATImage of mat.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process when loading a MATLAB image file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140328986

Source: National Vulnerability Database | 6 Dec 2019 | 11:15 pm GMT

CVE-2019-2225 (android)

When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-110433804

Source: National Vulnerability Database | 6 Dec 2019 | 11:15 pm GMT

CVE-2019-2221 (android)

In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138583650

Source: National Vulnerability Database | 6 Dec 2019 | 11:15 pm GMT

CVE-2019-2218 (android)

In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141169173

Source: National Vulnerability Database | 6 Dec 2019 | 11:15 pm GMT

CVE-2019-2217 (android)

In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141003796

Source: National Vulnerability Database | 6 Dec 2019 | 11:15 pm GMT

CVE-2019-2219 (android)

In System UI, there is a possible bypass of user's consent for access to sensor data due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-119041698

Source: National Vulnerability Database | 6 Dec 2019 | 11:15 pm GMT

CVE-2019-10769

safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError.

Source: National Vulnerability Database | 6 Dec 2019 | 11:15 pm GMT

CVE-2019-18575

Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system.

Source: National Vulnerability Database | 6 Dec 2019 | 9:15 pm GMT

CVE-2019-11293

Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters.

Source: National Vulnerability Database | 6 Dec 2019 | 8:15 pm GMT

CVE-2019-16771

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking.

Source: National Vulnerability Database | 6 Dec 2019 | 7:15 pm GMT

CVE-2019-18671

Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes on the stack via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB.

Source: National Vulnerability Database | 6 Dec 2019 | 6:15 pm GMT

CVE-2019-16671

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption.

Source: National Vulnerability Database | 6 Dec 2019 | 6:15 pm GMT

CVE-2019-16674

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network.

Source: National Vulnerability Database | 6 Dec 2019 | 6:15 pm GMT

CVE-2019-18672

Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing registrations. This vulnerability can be exploited by unauthenticated attackers and the interface is reachable via WebUSB.

Source: National Vulnerability Database | 6 Dec 2019 | 6:15 pm GMT

CVE-2019-16673

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device.

Source: National Vulnerability Database | 6 Dec 2019 | 6:15 pm GMT

CVE-2019-1551

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).

Source: National Vulnerability Database | 6 Dec 2019 | 6:15 pm GMT

CVE-2019-16672 (ie-sw-pl08m-6tx-2sc_firmware, ie-sw-pl08m-6tx-2scs_firmware, ie-sw-pl08m-6tx-2st_firmware, ie-sw-pl08m-8tx_firmware, ie-sw-pl08mt-6tx-2sc_firmware, ie-sw-pl08mt-6tx-2scs_firmware, ie-sw-pl08mt-6tx-2st_firmware, ie-sw-pl08mt-8tx_firmware, ie-sw-pl09m-5gc-4gt_firmware, ie-sw-pl09mt-5gc-4gt_firmware, ie-sw-pl10m-1gt-2gs-7tx_firmware, ie-sw-pl10m-3gt-7tx_firmware, ie-sw-pl10mt-1gt-2gs-7tx_firmware, ie-sw-pl10mt-3gt-7tx_firmware, ie-sw-pl16m-14tx-2sc_firmware, ie-sw-pl16m-14tx-2st_firmware, ie-sw-pl16m-16tx_firmware, ie-sw-pl16mt-14tx-2sc_firmware, ie-sw-pl16mt-14tx-2st_firmware, ie-sw-pl16mt-16tx_firmware, ie-sw-pl18m-2gc-16tx_firmware, ie-sw-pl18m-2gc14tx2sc_firmware, ie-sw-pl18m-2gc14tx2scs_firmware, ie-sw-pl18m-2gc14tx2st_firmware, ie-sw-pl18mt-2gc-16tx_firmware, ie-sw-pl18mt-2gc14tx2sc_firmware, ie-sw-pl18mt-2gc14tx2scs_firmware, ie-sw-pl18mt-2gc14tx2st_firmware, ie-sw-vl05m-3tx-2sc_firmware, ie-sw-vl05m-3tx-2st_firmware, ie-sw-vl05m-5tx_firmware, ie-sw-vl05mt-3tx-2sc_firmware, ie-sw-vl05mt-3tx-2st_firmware, ie-sw-vl05mt-5tx_firmware, ie-sw-vl08mt-5tx-1sc-2scs_firmware, ie-sw-vl08mt-5tx-3sc_firmware, ie-sw-vl08mt-6tx-2sc_firmware, ie-sw-vl08mt-6tx-2scs_firmware, ie-sw-vl08mt-6tx-2st_firmware, ie-sw-vl08mt-8tx_firmware)

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext.

Source: National Vulnerability Database | 6 Dec 2019 | 6:15 pm GMT

CVE-2019-16670

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-force prevention.

Source: National Vulnerability Database | 6 Dec 2019 | 6:15 pm GMT

CVE-2012-2130

A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys.

Source: National Vulnerability Database | 6 Dec 2019 | 6:15 pm GMT

CVE-2012-2148

An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies

Source: National Vulnerability Database | 6 Dec 2019 | 6:15 pm GMT

CVE-2019-12734

SiteVision 4 has Incorrect Access Control.

Source: National Vulnerability Database | 6 Dec 2019 | 5:15 pm GMT

CVE-2019-12733 (sitevision)

SiteVision 4 allows Remote Code Execution.

Source: National Vulnerability Database | 6 Dec 2019 | 5:15 pm GMT

CVE-2012-2092

A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature.

Source: National Vulnerability Database | 6 Dec 2019 | 5:15 pm GMT

CVE-2018-7282

The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi.

Source: National Vulnerability Database | 6 Dec 2019 | 5:15 pm GMT

CVE-2019-19551

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account.

Source: National Vulnerability Database | 6 Dec 2019 | 4:15 pm GMT

CVE-2019-19552

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account.

Source: National Vulnerability Database | 6 Dec 2019 | 4:15 pm GMT

CVE-2019-5544

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

Source: National Vulnerability Database | 6 Dec 2019 | 4:15 pm GMT

CVE-2019-19627

SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2.)

Source: National Vulnerability Database | 6 Dec 2019 | 4:15 pm GMT

CVE-2019-19620

In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a malicious file.

Source: National Vulnerability Database | 6 Dec 2019 | 4:15 pm GMT

CVE-2019-19625

SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document.

Source: National Vulnerability Database | 6 Dec 2019 | 4:15 pm GMT

CVE-2019-19334

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.

Source: National Vulnerability Database | 6 Dec 2019 | 4:15 pm GMT

CVE-2012-1615

A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file.

Source: National Vulnerability Database | 6 Dec 2019 | 4:15 pm GMT

CVE-2019-19333

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.

Source: National Vulnerability Database | 6 Dec 2019 | 4:15 pm GMT

CVE-2019-11554

The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service.

Source: National Vulnerability Database | 6 Dec 2019 | 4:15 pm GMT

CVE-2019-19624

An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.

Source: National Vulnerability Database | 6 Dec 2019 | 3:15 pm GMT

CVE-2019-19619

domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS.

Source: National Vulnerability Database | 6 Dec 2019 | 4:15 am GMT

CVE-2019-19616

An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment function.

Source: National Vulnerability Database | 6 Dec 2019 | 3:15 am GMT

CVE-2019-19617

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.

Source: National Vulnerability Database | 6 Dec 2019 | 3:15 am GMT

CVE-2012-1114 (debian_linux, fedora, ldap_account_manager)

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.

Source: National Vulnerability Database | 5 Dec 2019 | 9:15 pm GMT

CVE-2012-1592

A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.

Source: National Vulnerability Database | 5 Dec 2019 | 9:15 pm GMT

CVE-2012-1115 (debian_linux, fedora, ldap_account_manager)

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.

Source: National Vulnerability Database | 5 Dec 2019 | 9:15 pm GMT

CVE-2019-19609

The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.

Source: National Vulnerability Database | 5 Dec 2019 | 8:15 pm GMT

CVE-2019-16770

In Puma before version 4.3.2, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough.

Source: National Vulnerability Database | 5 Dec 2019 | 8:15 pm GMT

CVE-2019-16768

In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible to the customer. A validation message with the exception details will be presented to the user when one will try to log into the shop. This has been patched in versions 1.3.14, 1.4.10, 1.5.7, and 1.6.3.

Source: National Vulnerability Database | 5 Dec 2019 | 8:15 pm GMT

CVE-2012-1105

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.

Source: National Vulnerability Database | 5 Dec 2019 | 7:15 pm GMT

CVE-2019-16769

The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.

Source: National Vulnerability Database | 5 Dec 2019 | 7:15 pm GMT

CVE-2019-5098

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Source: National Vulnerability Database | 5 Dec 2019 | 6:15 pm GMT

CVE-2019-19546

Norton Password Manager, prior to 6.6.2.5, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.

Source: National Vulnerability Database | 5 Dec 2019 | 6:15 pm GMT

CVE-2019-19545

Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.

Source: National Vulnerability Database | 5 Dec 2019 | 6:15 pm GMT

count: 100