My Blog

Bulletin (SB19-217) Vulnerability Summary for the Week of July 29, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score
10web — photo_gallery A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php. 2019-07-30 10.0
ahsay — cloud_backup_suite An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do « File Explorer » screen, it is possible to change the directory in the JavaScript code. If changed to (for example) « C: » then one can browse the whole server. 2019-07-26 7.8
ahsay — cloud_backup_suite An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication. 2019-07-26 7.8
ahsay — cloud_backup_suite An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server’s directory and execute it. This leads to full access to the system, as the configured user (e.g., Administrator). 2019-07-26 9.0
cpanel — cpanel cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452). 2019-07-30 7.5
cpanel — cpanel cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465). 2019-07-30 7.2
cpanel — cpanel cPanel before 74.0.0 allows SQL injection during database backups (SEC-420). 2019-08-01 7.5
cpanel — cpanel cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479). 2019-07-30 7.2
datagrid_project — datagrid The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. 2019-07-26 7.5
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call. 2019-07-31 7.5
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the « if » block after calculating the new path length. 2019-07-31 7.5
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case. 2019-07-31 7.5
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the « else » block after calculating the new path length. 2019-07-31 7.5
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply. 2019-07-31 7.5
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case. 2019-07-31 7.5
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call. 2019-07-31 7.5
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply. 2019-07-31 7.5
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply. 2019-07-31 7.5
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply. 2019-07-31 7.5
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply. 2019-07-31 7.5
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply. 2019-07-31 7.5
discourse — discourse Discourse before v2.4.0.beta2 lacks a confirmation screen when logging in via an email link. 2019-07-29 7.5
libmodbus — libmodbus An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302. 2019-07-31 7.5
libmodbus — libmodbus An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_REGISTERS case, aka VD-1301. 2019-07-31 7.5
linux — linux_kernel In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabel_cipso_v4.c where it is possible to overflow the doi_def->tags[] array. 2019-07-27 7.5
linux — linux_kernel In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (buffer overflow) problem. 2019-07-27 7.5
linux — linux_kernel In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4_register_vlan() or mlx4_register_mac(), and there is no free entry, the loop terminates without updating the local variable free thus causing out of array bounds access. 2019-07-27 7.5
linux — linux_kernel In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption. 2019-07-27 7.5
linux — linux_kernel In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption. 2019-07-27 7.5
linux — linux_kernel In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23. 2019-07-27 7.5
linux — linux_kernel In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function. There are CQSPI_MAX_CHIPSELECT elements in the ->f_pdata array so the « > » should be « >= » instead. 2019-07-27 7.5
linux — linux_kernel In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c. 2019-07-27 7.5
simple_captcha2_project — simple_captcha2 The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. 2019-07-26 7.5
veritas — resiliency_platform An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality. 2019-07-29 9.0
veritas — resiliency_platform An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality. 2019-07-29 9.0

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score
ahsay — cloud_backup_suite An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the attacker to retrieve the admin’s cookie and take over the account. 2019-07-26 4.3
ahsay — cloud_backup_suite An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the « Move / Import / Export Users » screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE. 2019-07-26 6.5
ash-aio_project — ash-aio ASH-AIO before 2.0.0.3 allows an open redirect. 2019-07-29 5.8
centos-webpanel — centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log. 2019-07-26 4.0
centos-webpanel — centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege. 2019-07-26 6.5
centos-webpanel — centos_web_panel In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows attackers to steal a cookie or session, or redirect to a phishing website. 2019-07-26 4.3
central_dogma_project — central_dogma Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-07-26 4.3
cpanel — cpanel cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454). 2019-07-30 6.4
cpanel — cpanel cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459). 2019-07-30 4.3
cpanel — cpanel cPanel before 76.0.8 has Stored XSS in the WHM « Reset a DNS Zone » feature (SEC-461). 2019-07-30 4.3
cpanel — cpanel cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462). 2019-07-30 5.8
cpanel — cpanel cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464). 2019-07-30 4.3
cpanel — cpanel cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444). 2019-08-01 6.5
cpanel — cpanel cPanel before 74.0.8 allows FTP access during account suspension (SEC-449). 2019-08-01 4.0
cpanel — cpanel cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416). 2019-08-01 5.0
cpanel — cpanel cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400). 2019-08-01 4.3
cpanel — cpanel cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421). 2019-08-01 4.3
cpanel — cpanel cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357). 2019-08-01 4.3
cpanel — cpanel cPanel before 70.0.23 allows code execution because « . » is in @INC during a Perl syntax check of cpaddonsup (SEC-359). 2019-08-01 6.5
cpanel — cpanel cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362). 2019-08-01 6.5
cpanel — cpanel In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368). 2019-08-01 4.9
cpanel — cpanel cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372). 2019-08-01 4.3
cpanel — cpanel cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373). 2019-08-01 4.3
cpanel — cpanel cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374). 2019-08-01 4.3
cpanel — cpanel cPanel before 70.0.23 allows stored XSS via a WHM « Delete a DNS Zone » action (SEC-375). 2019-08-01 4.3
cpanel — cpanel cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376). 2019-08-01 4.3
cpanel — cpanel cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377). 2019-08-01 4.3
cpanel — cpanel cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). 2019-07-30 4.3
cpanel — cpanel cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507). 2019-07-30 5.0
cpanel — cpanel cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501). 2019-07-30 6.5
cpanel — cpanel cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486). 2019-07-30 4.6
cpanel — cpanel cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496). 2019-07-30 5.0
cpanel — cpanel cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498). 2019-07-30 6.5
cpanel — cpanel The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477). 2019-07-30 6.1
cpanel — cpanel cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480). 2019-07-30 6.5
cpanel — cpanel cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483). 2019-07-30 4.3
cpanel — cpanel cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484). 2019-07-30 4.9
cpanel — cpanel cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487). 2019-07-30 6.5
cpanel — cpanel cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493). 2019-07-30 4.3
cpanel — cpanel cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415). 2019-07-30 4.0
cpanel — cpanel cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460). 2019-07-30 4.0
cpanel — cpanel cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473). 2019-07-30 5.0
cpanel — cpanel cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476). 2019-07-30 4.0
craftcms — craft_cms In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn’t stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public. 2019-07-26 5.0
custom_simple_rss_project — custom_simple_rss A CSRF vulnerability in Settings form in the Custom Simple Rss plugin 2.0.6 for WordPress allows attackers to change the plugin settings. 2019-07-30 4.3
denx — u-boot A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data. 2019-07-29 6.4
denx — u-boot An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply. 2019-07-31 6.4
discourse — discourse Discourse before v2.4.0.beta2 lacks a confirmation screen when logging in via a user-api OTP. 2019-07-29 5.0
espocrm — espocrm An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code. 2019-07-28 4.3
espocrm — espocrm An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create Case. A malicious attacker can modify the firstName and lastName to contain JavaScript code. 2019-07-28 4.3
espocrm — espocrm An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create User. A malicious attacker can modify the firstName and lastName to contain JavaScript code. 2019-07-28 4.3
espocrm — espocrm EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. An attacker can upload a crafted file that contains JavaScript code in its name. This code will be executed when a user opens a page of any profile with this. 2019-07-28 4.3
espocrm — espocrm EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/KnowledgeBaseArticle knowledge-base record creation. 2019-07-28 4.3
espocrm — espocrm EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters. 2019-07-28 4.0
exiv2 — exiv2 Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp. 2019-07-28 6.8
exiv2 — exiv2 Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file. 2019-07-28 4.3
exiv2 — exiv2 In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial of service. 2019-07-28 4.3
flif — flif An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a heap-based buffer over-read in libpng via a crafted flif file. 2019-07-28 6.8
glyphandcog — xpdfreader An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the « one byte per line » case. 2019-07-27 4.3
glyphandcog — xpdfreader An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the « multiple bytes per line » case. 2019-07-27 4.3
glyphandcog — xpdfreader An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2. 2019-07-27 4.3
glyphandcog — xpdfreader An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3. 2019-07-27 4.3
glyphandcog — xpdfreader An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1. 2019-07-27 4.3
glyphandcog — xpdfreader An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2. 2019-07-27 4.3
glyphandcog — xpdfreader An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read. 2019-07-27 4.3
google — kubernetes_engine Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission. 2019-07-31 4.0
ibm — daeja_viewone IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 163620. 2019-07-30 5.5
ibm — storediq IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow an authenticated user to obtain sensitive information that a privileged user should only be allowed to view. IBM X-Force ID: 158696. 2019-07-31 4.0
ibm — storediq IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow a remote attacker to cause a denial of service attack using repeated requests to the server. IBM X-Force ID: 158698. 2019-07-31 5.0
icegram — email_subscribers_&_newsletters An XSS vulnerability in the « Email Subscribers & Newsletters » plugin 4.1.6 for WordPress allows an attacker to inject malicious JavaScript code through a publicly available subscription form using the esfpx_name wp-admin/admin-ajax.php POST parameter. 2019-07-28 4.3
inveniosoftware — invenio-app invenio-app before 1.1.1 allows host header injection. 2019-07-29 5.8
inveniosoftware — invenio-previewer invenio-previewer before 1.0.0a12 allows XSS. 2019-07-29 4.3
jenkins — configuration_as_code Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins. 2019-07-31 4.0
jenkins — configuration_as_code Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables. 2019-07-31 5.5
jenkins — configuration_as_code Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form. 2019-07-31 4.0
jenkins — m2release A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options. 2019-07-31 6.8
jenkins — maven Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log. 2019-07-31 4.0
jenkins — pipeline:shared_groovy_libraries A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries. 2019-07-31 4.0
jenkins — script_security A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts. 2019-07-31 6.5
jenkins — script_security A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts. 2019-07-31 6.5
jenkins — skytap_cloud_ci Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. 2019-07-31 4.0
kolide — fleet Fleet before 2.1.2 allows exposure of SMTP credentials. 2019-07-29 5.0
libav — libav An issue was discovered in Libav 12.3. There is an infinite loop in the function mov_probe in the file libavformat/mov.c, related to offset and tag. 2019-07-28 4.3
libav — libav In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c. 2019-07-28 4.3
libav — libav An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. 2019-07-30 4.3
libsdl — sdl2_image An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. 2019-07-31 6.8
libsdl — sdl2_image An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. 2019-07-31 6.8
libsdl — sdl2_image An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. 2019-07-31 6.8
libslirp_project — libslirp ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. 2019-07-29 6.5
linux — linux_kernel An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant ctrl->phys out-of-bounds read. 2019-07-26 4.6
linux — linux_kernel An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled. 2019-07-26 4.6
linux — linux_kernel In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. 2019-07-26 4.6
mcpp_project — mcpp MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c. 2019-07-26 4.3
misp — misp In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability. 2019-07-27 4.3
moodle — moodle A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool. 2019-07-31 6.8
moodle — moodle A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to. 2019-07-31 4.0
moodle — moodle A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz. 2019-07-31 4.0
moodle — moodle A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment. 2019-07-31 4.0
nats — nats_server An integer overflow in NATS Server 2.0.0 allows a remote attacker to crash the server by sending a crafted request. 2019-07-29 5.0
open.edx — edx-platform edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files. 2019-07-29 6.5
open.edx — edx-platform edx-platform before 2015-09-17 allows XSS via a team name. 2019-07-29 4.3
openmpt — libopenmpt libopenmpt before 0.3.13 allows a crash with malformed MED files. 2019-07-30 4.3
openmpt — libopenmpt libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files. 2019-07-30 4.3
parseplatform — parse-server parse-server before 3.4.1 allows DoS after any POST to a volatile class. 2019-07-29 5.0
parseplatform — parse-server parse-server before 3.6.0 allows account enumeration. 2019-07-29 5.0
postgresql — postgresql A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052). 2019-07-30 4.0
pterodactyl — panel Pterodactyl before 0.7.14 with 2FA allows credential sniffing. 2019-07-29 5.0
stacktable.js_project — stacktable.js stacktable.js before 1.0.4 allows XSS. 2019-07-29 4.3
sunhater — kcfinder A cross-site scripting (XSS) vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter. 2019-07-27 4.3
testlink — testlink TestLink 1.9.19 has XSS via the error.php message parameter. 2019-08-01 4.3
tridactyl_project — tridactyl Tridactyl before 1.16.0 allows fake key events. 2019-07-29 5.0
unity — web_player The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim’s credentials 2019-07-29 4.0
upx_project — upx An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory. 2019-07-27 4.3
upx_project — upx canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (SEGV or buffer overflow, and application crash) or possibly have unspecified other impact via a crafted UPX packed file. 2019-07-27 6.8
wallaceit — wallacepos Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. 2019-07-31 6.8
wikindx_project — wikindx A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX through 5.8.1 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter. 2019-07-26 4.3
wpfastestcache — wp_fastest_cache The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wp_postratings_clear_fastest_cache and rm_folder_recursively in wpFastestCache.php mishandle ../ in an HTTP Referer header. 2019-07-29 5.8
xfig_project — fig2dev Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c. 2019-07-26 4.3
yardoc — yard yard before 0.9.20 allows path traversal. 2019-07-29 5.0
zendesk — samlr Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by <!—->. and then the attacker’s domain name. 2019-07-26 5.0

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score
cpanel — cpanel cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366). 2019-07-30 2.1
cpanel — cpanel The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467). 2019-07-30 2.1
cpanel — cpanel cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433). 2019-08-01 3.5
cpanel — cpanel cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434). 2019-08-01 3.5
cpanel — cpanel cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437). 2019-08-01 3.5
cpanel — cpanel cPanel before 74.0.8 allows stored XSS in WHM « File and Directory Restoration » interface (SEC-441). 2019-08-01 3.5
cpanel — cpanel cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445). 2019-08-01 2.1
cpanel — cpanel cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446). 2019-08-01 3.5
cpanel — cpanel cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367). 2019-08-01 3.5
cpanel — cpanel cPanel before 71.9980.37 allows attackers to read root’s crontab file by leveraging ClamAV installation (SEC-408). 2019-08-01 2.1
cpanel — cpanel cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364). 2019-08-01 3.5
cpanel — cpanel cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369). 2019-08-01 3.5
cpanel — cpanel cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370). 2019-08-01 3.5
cpanel — cpanel cPanel before 70.0.23 allows any user to disable Solr (SEC-371). 2019-08-01 2.1
cpanel — cpanel cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). 2019-07-30 3.5
cpanel — cpanel cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510). 2019-07-30 2.1
cpanel — cpanel cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). 2019-07-30 3.5
cpanel — cpanel cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). 2019-07-30 2.1
cpanel — cpanel cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489). 2019-07-30 2.1
cpanel — cpanel cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494). 2019-07-30 2.1
cpanel — cpanel API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495). 2019-07-30 2.1
cpanel — cpanel cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481). 2019-07-30 2.1
cpanel — cpanel cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466). 2019-07-30 2.1
cpanel — cpanel Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472). 2019-07-30 2.1
cpanel — cpanel Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474). 2019-07-30 2.1
cpanel — cpanel In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478). 2019-07-30 2.1
dependencytrack — dependency-track Dependency-Track before 3.5.1 allows XSS. 2019-07-29 3.5
http-file-server_project — http-file-server Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim’s browser. 2019-07-30 3.5
ibm — websphere_application_server IBM WebSphere Application Server – Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim’s click actions or launch other client-side browser attacks. IBM X-Force ID: 160513. 2019-07-30 3.5
inveniosoftware — invenio-communities invenio-communities before 1.0.0a20 allows XSS. 2019-07-29 3.5
inveniosoftware — invenio-records invenio-records before 1.2.2 allows XSS. 2019-07-29 3.5
jenkins — configuration_as_code Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied. 2019-07-31 2.1
jenkins — configuration_as_code Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export. 2019-07-31 2.1
jenkins — ec2 Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log. 2019-07-31 2.1
jenkins — m2_release A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. 2019-07-31 3.5
jenkins — m2release Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system. 2019-07-31 2.1
linux — linux_kernel An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. 2019-07-26 2.1
linux — linux_kernel In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default. 2019-07-26 2.1
microsoft — outlook A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka ‘Outlook for Android Spoofing Vulnerability’. 2019-07-29 3.5
min-http-server_project — min-http-server Cross-site scripting (XSS) vulnerability in min-http-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim’s browser. 2019-07-30 3.5
open.edx — edx-platform edx-platform before 2015-08-17 allows XSS in the Studio listing of courses. 2019-07-29 3.5
veeam — one_reporter Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx. 2019-07-27 3.5
veeam — one_reporter Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx. 2019-07-27 3.5
veritas — resiliency_platform An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another user’s browser, related to resiliency plans functionality. A victim must open a resiliency plan that an attacker has access to. 2019-07-29 3.5
wallaceit — wallacepos Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks via a crafted sales transaction. 2019-07-31 3.5

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score
3proxy — 3proxy webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface. 2019-08-01 not yet calculated
adoptopenjdk — icedtea-web It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user. 2019-07-31 not yet calculated
adoptopenjdk — icedtea-web It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox. 2019-07-31 not yet calculated
adoptopenjdk — icedtea-web It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox. 2019-07-31 not yet calculated
advantech — webaccess_hmi_designer In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution. 2019-08-02 not yet calculated
alcatel-lucent_enterprise — 8008_cloud_edition_deskphone_voip_phone On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) issue in the password change field for the Change Password interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request. 2019-08-01 not yet calculated
alcatel — linkzone_mw40-v-v1.0_mw40_02.00_02_devices The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator’s password. 2019-08-02 not yet calculated
amcrest — ip2m-841b_ip_camera The Amcrest IP2M-841B IP camera firmware version V2.520.AC00.18.R does not require authentication to access the HTTP endpoint /videotalk. An unauthenticated, remote person can connect to this endpoint and listen to the audio the camera is capturing. 2019-07-29 not yet calculated
ansible — ansible A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed. 2019-07-30 not yet calculated
apache — activemq_client It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client. 2019-08-01 not yet calculated
apache — solr In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request’s « dataConfig » parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property « enable.dih.dataConfigParam » to true. 2019-08-01 not yet calculated
apache — tika A carefully crafted or corrupt zip file can cause an OOM in Apache Tika’s RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later. 2019-08-02 not yet calculated
apache — tika In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later. 2019-08-02 not yet calculated
apache — tika A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika’s RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later. 2019-08-02 not yet calculated
apache — vcl Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node (if any) was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech. 2019-07-29 not yet calculated
apache — vcl Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The implementation of strtotime at the time the issue was discovered appeared to be resistant to a malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech. 2019-07-29 not yet calculated
apache — vcl Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech. 2019-07-29 not yet calculated
avaya — aura_conferencing A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated. 2019-07-31 not yet calculated
bitdefender — multiple_products An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges. 2019-07-30 not yet calculated
cisco — nexus_9000_series_aci_mode_switch_software A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an adjacent, unauthenticated attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to the targeted device. A successful exploit may lead to a buffer overflow condition that could either cause a DoS condition or allow the attacker to execute arbitrary code with root privileges. Note: This vulnerability cannot be exploited by transit traffic through the device; the crafted packet must be targeted to a directly connected interface. This vulnerability affects Cisco Nexus 9000 Series Fabric Switches in ACI mode if they are running a Cisco Nexus 9000 Series ACI Mode Switch Software release prior to 13.2(7f) or any 14.x release. 2019-07-31 not yet calculated
clmg — clmg CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image. 2019-07-31 not yet calculated
clusterlabs — fence-agents A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM’s comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member. 2019-07-30 not yet calculated
cpanel — cpanel cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124). 2019-08-01 not yet calculated
cpanel — cpanel In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31). 2019-08-01 not yet calculated
cpanel — cpanel In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 66.0.2 allows resellers to read other accounts’ domain log files (SEC-288). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315). 2019-08-02 not yet calculated
cpanel — cpanel In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273). 2019-08-02 not yet calculated
cpanel — cpanel In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274). 2019-08-02 not yet calculated
cpanel — cpanel In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 68.0.15 allows attackers to read root’s crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271). 2019-08-02 not yet calculated
cpanel — cpanel DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 68.0.15 does not block a username of ssl (SEC-328). 2019-08-02 not yet calculated
cpanel — cpanel In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311). 2019-08-02 not yet calculated
cpanel — cpanel In cPanel before 67.9999.103, the backup system overwrites root’s home directory when a mount disappears (SEC-299). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279). 2019-08-02 not yet calculated
cpanel — cpanel In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266). 2019-08-02 not yet calculated
cpanel — cpanel In cPanel before 67.9999.103, a user account’s backup archive could contain all MySQL databases on the server (SEC-284). 2019-08-02 not yet calculated
cpanel — cpanel The « addon domain conversion » feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265). 2019-08-02 not yet calculated
cpanel — cpanel The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426). 2019-08-01 not yet calculated
cpanel — cpanel The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439). 2019-08-01 not yet calculated
cpanel — cpanel In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234). 2019-08-02 not yet calculated
cpanel — cpanel In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223). 2019-08-02 not yet calculated
cpanel — cpanel In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 74.0.8 allows self XSS in the WHM « Create a New Account » interface (SEC-428). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 64.0.21 allows attackers to read a user’s crontab file during a short time interval upon a cPAddon upgrade (SEC-257). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 68.0.27 allows attackers to read root’s crontab file during a short time interval upon a post-update task (SEC-352). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 70.0.23 allows stored XSS in via a WHM « Reset a DNS Zone » action (SEC-412). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). 2019-08-01 not yet calculated
cpanel — cpanel In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392). 2019-08-01 not yet calculated
cpanel — cpanel In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291). 2019-08-02 not yet calculated
cpanel — cpanel In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289). 2019-08-02 not yet calculated
cpanel — cpanel cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396). 2019-08-01 not yet calculated
cpanel — cpanel In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 68.0.27 allows attackers to read root’s crontab file during a short time interval upon the enabling of backups (SEC-342). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 68.0.27 allows attackers to read root’s crontab file during a short time interval upon configuring crontab (SEC-351). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443). 2019-08-01 not yet calculated
cpanel — cpanel bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387). 2019-08-01 not yet calculated
cpanel — cpanel cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386). 2019-08-01 not yet calculated
crypto++ — crypto++ Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp (prime field curves, small leakage) and algebra.cpp (binary field curves, large leakage) is not constant time and leaks the bit length of the scalar among other information. 2019-07-30 not yet calculated
d-link — 6600-ap_and_dwl_3600ap_ax_and_dwl-8610ap_ax_devices An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command. 2019-08-01 not yet calculated
d-link — 6600-ap_and_dwl_3600ap_ax_devices An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated dump of all of the config files through a certain admin.cgi?action= insecure HTTP request. 2019-08-01 not yet calculated
d-link — 6600-ap_and_dwl_3600ap_ax_devices An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a pre-authenticated denial of service attack against the access point via a long action parameter to admin.cgi. 2019-08-01 not yet calculated
d-link — 6600-ap_and_dwl_3600ap_ax_devices An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted command line interface, as demonstrated by the `/bin/sh -c wget` sequence. 2019-08-01 not yet calculated
d-link — 6600-ap_and_dwl_3600ap_ax_devices An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is use of weak ciphers for SSH such as diffie-hellman-group1-sha1. 2019-08-01 not yet calculated
d-link — 6600-ap_and_dwl_3600ap_ax_devices An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a post-authentication admin.cgi?action= XSS vulnerability on the management interface. 2019-08-01 not yet calculated
d-link — dva-5592 The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflected. 2019-08-02 not yet calculated
d-link — dva-5592 The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sensitive information such as the Wi-Fi password and the phone number (if VoIP is in use). 2019-08-02 not yet calculated
das_q — das_q Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrated by a cross-origin /install request with an attacker-controlled releaseUrl, which triggers download and execution of code within a ZIP archive. 2019-08-02 not yet calculated
django — django An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator’s chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. 2019-08-02 not yet calculated
django — django An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences. 2019-08-02 not yet calculated
django — django An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities. 2019-08-02 not yet calculated
dnsmasq — dnsmasq Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491. 2019-08-01 not yet calculated
docker — docker In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. 2019-07-29 not yet calculated
docker — docker-credential-helpers docker-credential-helpers before 0.6.3 has a double free in the List functions. 2019-07-29 not yet calculated
dolibarr_foundation — dolibarr_erp_and_crm Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the same page, which specifies the inclusion of dynamic content. Thus, a lower privileged user of the application can execute code under the context and permissions of the underlying web server. 2019-07-29 not yet calculated
dolibarr_foundation — dolibarr_erp_and_crm Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. (Malicious binaries can be uploaded by abusing other functionalities of the application.) 2019-07-29 not yet calculated
dolibarr_foundation — dolibarr_erp_and_crm Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exploited by low privileged users to target administrators. The viewimage.php page did not perform any contextual output encoding and would display the content within the uploaded file with a user-requested MIME type. 2019-07-29 not yet calculated
draytek — draytek_routers DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649. 2019-07-31 not yet calculated
eclipse — openj9 All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning – for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems. 2019-07-30 not yet calculated
edx — edx-platform edx-platform before 2016-06-06 allows CSRF. 2019-07-29 not yet calculated
edx — edx-platform edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem. 2019-07-30 not yet calculated
edx — edx-platform edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name. 2019-07-30 not yet calculated
edx — edx-platform edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address. 2019-07-29 not yet calculated
edx — open_edx The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials. 2019-07-30 not yet calculated
elastic — apm A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the ‘server_ca_cert’ setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent. 2019-07-30 not yet calculated
elastic — elasticsearch A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user. 2019-07-30 not yet calculated
elastic — kibana Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. This could possibly lead to an attacker accessing external URL resources as the Kibana process on the host system. 2019-07-30 not yet calculated
elm327 — obd2_bluetooth_device A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle, as demonstrated by turning off the vehicle’s lights. 2019-07-31 not yet calculated
fasterxml — jackson-databind SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used, leading to remote code execution. 2019-07-29 not yet calculated
fasterxml — jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath. 2019-07-30 not yet calculated
foreman — foreman-tasks An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, if they can discover or guess the UUID of the task. 2019-07-31 not yet calculated
freetype — freetype In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again. 2019-07-30 not yet calculated
gnome — evolution-ews It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference. 2019-08-01 not yet calculated
gnucobol — gnucobol GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c via crafted COBOL source code. 2019-08-01 not yet calculated
gnucobol — gnucobol GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id in cobc/typeck.c via crafted COBOL source code. 2019-08-02 not yet calculated
gnucobol — gnucobol GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/scanner.l via crafted COBOL source code. 2019-08-02 not yet calculated
gnucobol — gnucobol GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via crafted COBOL source code. 2019-08-01 not yet calculated
gnu — binutils apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf. 2019-07-30 not yet calculated
gogs — gogs routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks. 2019-08-02 not yet calculated
happypoint — happypoint_mobile_app When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn’t check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this issue by enticing an unsuspecting user to open a specific malicious URL. 2019-08-01 not yet calculated
hasura — graphql_engine graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT. 2019-07-29 not yet calculated
hewlett_packard_enterprise — hp2910al-48g_switches A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure these fields thereby reducing the likelihood of exploit. HPE Aruba has provided firmware updates to resolve the vulnerability in HP 2910-48G al Switch. Please update to W.15.14.0017. 2019-08-01 not yet calculated
humhub — humhub HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts existing on any Social Network Kits (including self-hosted ones) by brute-forcing the username after the /u/ initial URI substring, aka Response Discrepancy Information Exposure. 2019-07-29 not yet calculated
ibm — i2_intelligent_analysis_platform IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 157007. 2019-07-30 not yet calculated
ibm — jazz_for_service_management IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. IBM X-Force ID: 160296. 2019-08-02 not yet calculated
ibm — spectrum_protect_for_enterprise_resource_planning IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file. IBM X-Force ID: 154280. 2019-08-02 not yet calculated
imgix — imgix Imgix through 2019-06-19 allows remote attackers to cause a denial of service (resource consumption) by manipulating a small JPEG file to specify dimensions of 64250×64250 pixels, which is mishandled during an attempt to load the ‘whole image’ into memory. 2019-07-29 not yet calculated
jolokia — jolokia A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack. 2019-08-01 not yet calculated
libav — libav An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float in avcodec/mpegaudiodsp_template.c. 2019-07-30 not yet calculated
libav — libav In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file. 2019-07-30 not yet calculated
liblouis — liblouis A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute arbitrary code when opened. 2019-08-02 not yet calculated
libopenmpt — libopenmpt J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. 2019-07-30 not yet calculated
libopenmpt — libopenmpt libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files. 2019-07-30 not yet calculated
libopenmpt — libopenmpt DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. 2019-07-30 not yet calculated
libopenmpt — libopenmpt libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot. 2019-07-30 not yet calculated
libvirtd — libvirtd It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs. 2019-07-30 not yet calculated
libvirtd — libvirtd It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed. 2019-08-02 not yet calculated
libvirt — libvirt The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an « emulator » argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain’s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. 2019-08-02 not yet calculated
libvirt — libvirt The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an « emulatorbin » argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain’s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. 2019-08-02 not yet calculated
linux — linux_kernel A flaw was found in the Linux kernel’s freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. A parameter passed to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system, corrupt memory, or create other adverse security affects. 2019-07-30 not yet calculated
linux — linux_kernel A flaw was found in the Linux kernel’s NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. 2019-07-30 not yet calculated
magento — magento A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filters, potentially resulting in the malicious upload and execution of malicious files on the server. 2019-08-02 not yet calculated
magento — magento An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing user details. 2019-08-02 not yet calculated
magento — magento A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles. 2019-08-02 not yet calculated
magento — magento An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to potentially confidental information. 2019-08-02 not yet calculated
magento — magento A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages. 2019-08-02 not yet calculated
magento — magento A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Under certain conditions, an unauthenticated attacker could force the Magento store’s full page cache to serve a 404 page to customers. 2019-08-02 not yet calculated
magento — magento An information disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to create email templates could leak sensitive data via a malicious email template. 2019-08-02 not yet calculated
magento — magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery. 2019-08-02 not yet calculated
magento — magento An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details. 2019-08-02 not yet calculated
magento — magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout update. 2019-08-02 not yet calculated
magento — magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update. 2019-08-02 not yet calculated
magento — magento A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper’s cart due to an insufficiently robust anti-CSRF token implementation. 2019-08-02 not yet calculated
magento — magento A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation. 2019-08-02 not yet calculated
magento — magento A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location to potentially unauthorized parties. 2019-08-02 not yet calculated
magento — magento An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details. 2019-08-02 not yet calculated
magento — magento A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control. 2019-08-02 not yet calculated
magento — magento A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by authenticated user with admin privileges to manipulate shipment settings to execute arbitrary code. 2019-08-02 not yet calculated
magento — magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious template. 2019-08-02 not yet calculated
magento — magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates. 2019-08-02 not yet calculated
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit product content pages to inject malicious javascript. 2019-08-02 not yet calculated
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify node attributes to inject malicious javascript. 2019-08-02 not yet calculated
magento — magento An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters related to access control. This could be abused to leak customer information via crafted SOAP requests. 2019-08-02 not yet calculated
magento — magento Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes. 2019-08-02 not yet calculated
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content block titles to inject malicious javascript. 2019-08-02 not yet calculated
magento — magento An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder. 2019-08-02 not yet calculated
magento — magento A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by sending a victim a crafted URL that results in malicious javascript execution in the victim’s browser. 2019-08-02 not yet calculated
magento — magento An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges may be able to view metadata of a trusted device used by another administrator via a crafted http request. 2019-08-02 not yet calculated
magento — magento A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between the Magento merchant and PayPal. 2019-08-02 not yet calculated
magento — magento A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the import feature can make modifications to a configuration file, resulting in potentially unauthorized removal of file upload restrictions. This can result in arbitrary code execution when a malicious file is then uploaded and executed on the system. 2019-08-02 not yet calculated
magento — magento A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks. 2019-08-02 not yet calculated
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to store product attributes to inject malicious javascript. 2019-08-02 not yet calculated
magento — magento A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. 2019-08-02 not yet calculated
magento — magento A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection. 2019-08-02 not yet calculated
magento — magento Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. 2019-08-02 not yet calculated
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to edit Product information via the TinyMCE editor. 2019-08-02 not yet calculated
magento — magento A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts. 2019-08-02 not yet calculated
magento — magento Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This vulnerability could be abused by an authenticated user with the ability to configure the catalog search. 2019-08-02 not yet calculated
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to marketing email templates to inject malicious javascript. 2019-08-02 not yet calculated
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manage orders can inject malicious javascript. 2019-08-02 not yet calculated
magento — magento A stored cross-site scripting vulnerability exists in the product catalog form of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the product catalog to inject malicious javascript. 2019-08-02 not yet calculated
magento — magento A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule. 2019-08-02 not yet calculated
magento — magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout. 2019-08-02 not yet calculated
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage customer groups. 2019-08-02 not yet calculated
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage tax rules. 2019-08-02 not yet calculated
magento — magento A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to execute arbitrary code. 2019-08-02 not yet calculated
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to manage orders and order status. 2019-08-02 not yet calculated
magento — magento A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. 2019-08-02 not yet calculated
magento — magento A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration. 2019-08-02 not yet calculated
magento — magento A stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the tax notifications configuration in the Magento admin panel. 2019-08-02 not yet calculated
magento — magento An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details. 2019-08-02 not yet calculated
magento — magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify product information. 2019-08-02 not yet calculated
magento — magento A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to products and categories. 2019-08-02 not yet calculated
magento — magento_and_magento_commerce A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2. 2019-08-02 not yet calculated
magento — multiple_products A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to customer configurations to inject malicious javascript. 2019-08-02 not yet calculated
magento — multiple_products A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the editor can inject malicious SWF files. 2019-08-02 not yet calculated
magento — multiple_products A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to email templates. 2019-08-02 not yet calculated
magento — multiple_products A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to the admin panel to manipulate system configuration and execute arbitrary code. 2019-08-02 not yet calculated
magento — multiple_products A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create sitemaps can execute arbitrary PHP code by creating a malicious sitemap file. 2019-08-02 not yet calculated
magento — multiple_products A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack). 2019-08-02 not yet calculated
magento — multiple_products Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. 2019-08-02 not yet calculated
magento — multiple_products A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit newsletter templates to inject malicious javascript. 2019-08-02 not yet calculated
magento — multiple_products Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to inadequate validation of user input. 2019-08-02 not yet calculated
magento — multiple_products A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to modify currency symbols can inject malicious javascript. 2019-08-02 not yet calculated
magento — multiple_products A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content page titles to inject malicious javascript. 2019-08-02 not yet calculated
magento — multiple_products A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. 2019-08-02 not yet calculated
magento — multiple_products A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify catalog price rules to inject malicious javascript. 2019-08-02 not yet calculated
magento — multiple_products A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify store currency options to inject malicious javascript. 2019-08-02 not yet calculated
magento — multiple_products An injection vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with marketing manipulation privileges can invoke methods that alter data of the underlying model followed by corresponding database modifications. 2019-08-02 not yet calculated
magento — multiple_products A reflected cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 when the feature that adds a secret key to the Admin URL is disabled. 2019-08-02 not yet calculated
magento — multiple_products A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to newsletter templates. 2019-08-02 not yet calculated
magento — multiple_products A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the Return Product comments field can inject malicious javascript. 2019-08-02 not yet calculated
matrixssl — matrixssl In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the fragment length value provided in the DTLS message. 2019-07-29 not yet calculated
milkytracker — milkytracker ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow. 2019-08-01 not yet calculated
milkytracker — milkytracker LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow. 2019-08-01 not yet calculated
milkytracker — milkytracker XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow. 2019-07-31 not yet calculated
misskey — misskey Misskey before 10.102.4 allows hijacking a user’s token. 2019-07-29 not yet calculated
netapp — data_ontap_7-mode Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers. 2019-08-02 not yet calculated
netapp — data_ontap_7-mode Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled. 2019-08-02 not yet calculated
netgear — n600_wifi_dual_band_router A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet. 2019-07-28 not yet calculated
nextcloud — nextcloud_android_application Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved. 2019-07-30 not yet calculated
nextcloud — nextcloud_android_application Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process. 2019-07-30 not yet calculated
nextcloud — nextcloud_android_application SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account. 2019-07-30 not yet calculated
nextcloud — nextcloud_android_application Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider. 2019-07-30 not yet calculated
nextcloud — nextcloud_android_application Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML. 2019-07-30 not yet calculated
nextcloud — nextcloud_android_application Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time. 2019-07-30 not yet calculated
nextcloud — nextcloud_server A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events. 2019-07-30 not yet calculated
nfdump — nfdump nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service). 2019-07-31 not yet calculated
one_identity — cloud_access_manager One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4. 2019-07-29 not yet calculated
openbravo — openbravo_erp Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value. 2019-07-28 not yet calculated
opencv — opencv An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. 2019-08-01 not yet calculated
opencv — opencv An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp. 2019-08-01 not yet calculated
opencv — opencv An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. 2019-08-01 not yet calculated
openemr — openemr OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php. 2019-08-02 not yet calculated
opengear — console_server Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. If a malicious user of an external system (connected to a serial port on an Opengear console server) sends crafted text to a serial port (that has logging enabled), the text will be replayed when the logs are viewed. Exploiting this vulnerability requires access to the serial port and/or console server. 2019-07-31 not yet calculated
openssl — openssl OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the –prefix / –openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be ‘/usr/local’. However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of ‘C:/usr/local’, which may be world writable, which enables untrusted users to modify OpenSSL’s default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc. For OpenSSL 1.0.2, ‘/usr/local/ssl’ is used as default for OPENSSLDIR on all Unix and Windows targets, including Visual C builds. However, some build instructions for the diverse Windows targets on 1.0.2 encourage you to specify your own –prefix. OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). 2019-07-30 not yet calculated
openstack — openstack-ironic-inspector A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector’s node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service. 2019-07-30 not yet calculated
oxid — oxid_eshop OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary. 2019-07-30 not yet calculated
pandao — editor.md pandao Editor.md 1.5.0 allows XSS via the Javas&#99;ript: string. 2019-08-01 not yet calculated
pandao — editor.md pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element. 2019-08-03 not yet calculated
pdfresurrect — pdfresurrect PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled. 2019-07-29 not yet calculated
pixman — pixman An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code. 2019-07-31 not yet calculated
planon — planon Planon before Live Build 41 has XSS. 2019-07-29 not yet calculated
podman — podman A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container. 2019-07-30 not yet calculated
polycom — multiple_products A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code. 2019-07-29 not yet calculated
polycom — obihai_obi1022_voip_phone On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the « Time Service Settings web » interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request. 2019-08-01 not yet calculated
poppler — poppler An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. 2019-08-01 not yet calculated
postgresql — postgresql A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker. 2019-07-30 not yet calculated
powerdns — authoritative_server A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue. 2019-07-30 not yet calculated
powerdns — authoritative_server A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify. 2019-07-30 not yet calculated
printeron — printeron_central_print_services An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. A user without valid credentials can bypass the authentication process, obtaining a valid session cookie with guest/pseudo-guest level privileges. This cookie can then be further used to perform other attacks. 2019-07-29 not yet calculated
printeron — printeron_central_print_services An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. An unauthenticated attacker can view details about the printers associated with CPS via a crafted HTTP GET request. 2019-07-29 not yet calculated
rancher — rancher An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. When Rancher starts for the first time, it creates a default admin user with a well-known password. After initial setup, the Rancher administrator may choose to delete this default admin user. If Rancher is restarted, the default admin user will be recreated with the well-known default password. An attacker could exploit this by logging in with the default admin credentials. This can be mitigated by deactivating the default admin user rather than completing deleting them. 2019-07-30 not yet calculated
red_hat — openshift_container_platform A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user’s session. An attacker with the ability to observe the value of this token would be able to re-use the token to perform a CSRF attack. 2019-08-02 not yet calculated
red_hat — atomic-openshift A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected. 2019-08-01 not yet calculated
red_hat — enterprise_linux It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service. 2019-08-02 not yet calculated
red_hat — openshift_container_platform OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources. 2019-07-30 not yet calculated
red_hat — openstack_platform A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens. 2019-07-30 not yet calculated
red_hat — satellite It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations. 2019-08-01 not yet calculated
samba — heimdal_kdc A flaw was found in samba’s Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal. 2019-07-31 not yet calculated
sas — sas_drug_development SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser. 2019-07-31 not yet calculated
schism_tracker — schism_tracker fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow. 2019-07-31 not yet calculated
schism_tracker — schism_tracker An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465. 2019-08-02 not yet calculated
schism_tracker — schism_tracker An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c. 2019-08-02 not yet calculated
sdl2_image — sdl2_image An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. 2019-07-31 not yet calculated
siemens — siprotec_5_devices A vulnerability has been identified in Ethernet plug-in communication modules for SIPROTEC 5 devices with CPU variants CP200 (All versions), SIPROTEC 5 devices with CPU variants CP300 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. 2019-08-02 not yet calculated
sigil_ebook — sigil Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. 2019-07-30 not yet calculated
sleuthkit — sleuthkit An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table. 2019-08-02 not yet calculated
sleuthkit — sleuthkit An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c. 2019-08-02 not yet calculated
smokedetector — smokedetector SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority. 2019-07-29 not yet calculated
softether_vpn — softethervpn See.sys through 4.25 in the SoftEther VPN Server allows a user to specify any kernel address to which arbitrary bytes are written. 2019-07-29 not yet calculated
sonos — zoneplayer ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer contains a vulnerability that could allow remote attackers to execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for remote code execution. 2019-08-02 not yet calculated
ssdp_responder — ssdp_responder SSDP Responder 1.x through 1.5 mishandles incoming network messages, leading to a stack-based buffer overflow by 1 byte. This results in a crash of the server, but only when strict stack checking is enabled. This is caused by an off-by-one error in ssdp_recv in ssdpd.c. 2019-07-28 not yet calculated
symantec — endpoint_protection_and_endpoint_protection_small_ business_edition Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. 2019-07-31 not yet calculated
terracotta — quartz_scheduler initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. 2019-07-26 not yet calculated
the_pallets_project — werkzeug In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames. 2019-07-28 not yet calculated
unifi — network_controller SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later. 2019-07-30 not yet calculated
univa — grid_engine In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on root_squash, weak file permissions (« other » write access) occur in certain cases (GE-6890). 2019-07-30 not yet calculated
veritas — veritas_resiliency_platform An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existing files to take control of the VRP virtual machine. 2019-07-29 not yet calculated
vlc — media_player Double Free in VLC versions <= 3.0.6 leads to a crash. 2019-07-30 not yet calculated
vlc — media_player An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. 2019-07-30 not yet calculated
wallacepos — wallacepos Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 allows a remote, authenticated attacker to execute arbitrary code by uploading a malicious PHP file. 2019-07-31 not yet calculated
windu — windu_cms Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account. 2019-08-01 not yet calculated
windu — windu_cms Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users. 2019-08-01 not yet calculated
wordpress — wordpress The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFastestCache.php and inc/cache.php Directory Traversal. 2019-07-30 not yet calculated
wordpress — wordpress The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection. 2019-08-01 not yet calculated
wordpress — wordpress A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. 2019-07-29 not yet calculated
wordpress — wordpress The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section. 2019-07-28 not yet calculated
yara — yara An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger this vulnerability. 2019-07-31 not yet calculated
yarn — yarn Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network. 2019-07-30 not yet calculated
zurmo — zurmo Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. 2019-08-01 not yet calculated
my-tracker_cpteBulletin (SB19-217) Vulnerability Summary for the Week of July 29, 2019