# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
3551 |
CVE-2019-9924 |
20 |
|
Exec Code |
2019-03-22 |
2019-04-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. |
3552 |
CVE-2019-9923 |
476 |
|
|
2019-03-22 |
2019-04-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. |
3553 |
CVE-2019-9922 |
22 |
|
Dir. Trav. |
2019-03-29 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files. |
3554 |
CVE-2019-9921 |
284 |
|
|
2019-03-29 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user. |
3555 |
CVE-2019-9920 |
264 |
|
|
2019-03-29 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user. |
3556 |
CVE-2019-9918 |
89 |
|
Sql |
2019-03-29 |
2019-10-09 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database. |
3557 |
CVE-2019-9917 |
20 |
|
DoS |
2019-03-27 |
2019-06-14 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding. |
3558 |
CVE-2019-9903 |
400 |
|
Bypass |
2019-03-21 |
2019-05-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. |
3559 |
CVE-2019-9901 |
284 |
|
Bypass |
2019-04-25 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy. |
3560 |
CVE-2019-9900 |
20 |
|
Bypass |
2019-04-25 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources. |
3561 |
CVE-2019-9898 |
327 |
|
|
2019-03-21 |
2019-04-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. |
3562 |
CVE-2019-9897 |
20 |
|
|
2019-03-21 |
2019-04-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. |
3563 |
CVE-2019-9896 |
20 |
|
|
2019-03-21 |
2019-04-04 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. |
3564 |
CVE-2019-9895 |
119 |
|
Overflow |
2019-03-21 |
2019-04-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. |
3565 |
CVE-2019-9894 |
320 |
|
|
2019-03-21 |
2019-04-26 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. |
3566 |
CVE-2019-9893 |
264 |
|
Bypass |
2019-03-21 |
2019-05-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations. |
3567 |
CVE-2019-9892 |
91 |
|
|
2019-05-21 |
2019-05-22 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem. |
3568 |
CVE-2019-9891 |
264 |
|
Exec Code |
2019-05-31 |
2019-06-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The function getopt_simple as described in Advanced Bash Scripting Guide (ISBN 978-1435752184) allows privilege escalation and execution of commands when used in a shell script called, for example, via sudo. |
3569 |
CVE-2019-9890 |
275 |
|
|
2019-04-17 |
2019-04-17 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. |
3570 |
CVE-2019-9886 |
284 |
|
|
2019-07-11 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1. |
3571 |
CVE-2019-9885 |
89 |
|
Exec Code Sql |
2019-07-25 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenview_left.php StudentID parameter. |
3572 |
CVE-2019-9884 |
264 |
|
Bypass |
2019-07-25 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page. |
3573 |
CVE-2019-9883 |
352 |
|
CSRF |
2019-06-03 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&dn= without any authorizes. |
3574 |
CVE-2019-9882 |
352 |
|
CSRF |
2019-06-03 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=&type=email&category=white&locate=big5&cmd=add&[email protected]&new_memo=&add=%E6%96%B0%E5%A2%9E without any authorizes. |
3575 |
CVE-2019-9881 |
306 |
|
|
2019-06-10 |
2019-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled. |
3576 |
CVE-2019-9880 |
306 |
|
|
2019-06-10 |
2019-06-11 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username. |
3577 |
CVE-2019-9879 |
306 |
|
|
2019-06-10 |
2019-06-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation. |
3578 |
CVE-2019-9875 |
502 |
|
Exec Code CSRF |
2019-05-31 |
2019-06-03 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter. |
3579 |
CVE-2019-9874 |
502 |
|
Exec Code CSRF |
2019-05-31 |
2019-06-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN. |
3580 |
CVE-2019-9873 |
255 |
|
|
2019-07-03 |
2019-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. |
3581 |
CVE-2019-9872 |
255 |
|
|
2019-07-03 |
2019-07-10 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. |
3582 |
CVE-2019-9871 |
264 |
|
Exec Code |
2019-05-31 |
2019-06-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Jector Smart TV FM-K75 devices allow remote code execution because there is an adb open port with root permission. |
3583 |
CVE-2019-9866 |
200 |
|
+Info |
2019-05-29 |
2019-09-09 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. It allows Information Disclosure. |
3584 |
CVE-2019-9865 |
190 |
|
DoS Exec Code Overflow |
2019-05-29 |
2019-05-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. It may allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code. |
3585 |
CVE-2019-9864 |
20 |
|
|
2019-03-28 |
2019-03-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tampering of the payment amount. |
3586 |
CVE-2019-9863 |
326 |
|
|
2019-03-27 |
2019-03-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way. |
3587 |
CVE-2019-9861 |
310 |
|
|
2019-05-14 |
2019-05-17 |
4.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
None |
Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way. |
3588 |
CVE-2019-9860 |
332 |
|
|
2019-03-27 |
2019-04-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore. |
3589 |
CVE-2019-9858 |
94 |
|
Exec Code |
2019-05-29 |
2019-06-16 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload(), which uses unsanitized user input as a path to save the image. The unsanitized POST parameter object[photo][img][file] is saved in the $upload[img][file] PHP variable, allowing an attacker to manipulate the $tmp_file passed to move_uploaded_file() to save the uploaded file. By setting the parameter to (for example) ../usr/share/horde/static/bd.php, one can write a PHP backdoor inside the web root. The static/ destination folder is a good candidate to drop the backdoor because it is always writable in Horde installations. (The unsanitized POST parameter went probably unnoticed because it's never submitted by the forms, which default to securely using a random path.) |
3590 |
CVE-2019-9857 |
399 |
|
DoS |
2019-03-21 |
2019-04-09 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak). Finally, this will cause a denial of service. |
3591 |
CVE-2019-9855 |
417 |
|
Exec Code |
2019-09-06 |
2019-09-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. |
3592 |
CVE-2019-9854 |
284 |
|
Dir. Trav. Bypass |
2019-09-06 |
2019-09-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. |
3593 |
CVE-2019-9853 |
116 |
|
Bypass |
2019-09-27 |
2019-10-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in the possibility to construct a document where macro execution bypassed the security settings. The documents were correctly detected as containing macros, and prompted the user to their existence within the documents, but macros within the document were subsequently not controlled by the security settings allowing arbitrary macro execution This issue affects: LibreOffice 6.2 series versions prior to 6.2.7; LibreOffice 6.3 series versions prior to 6.3.1. |
3594 |
CVE-2019-9852 |
22 |
|
Exec Code Dir. Trav. Bypass |
2019-08-15 |
2019-09-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. |
3595 |
CVE-2019-9851 |
20 |
|
Exec Code |
2019-08-15 |
2019-09-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. |
3596 |
CVE-2019-9850 |
20 |
|
Exec Code Bypass |
2019-08-15 |
2019-09-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from script event handers. However an insufficient url validation vulnerability in LibreOffice allowed malicious to bypass that protection and again trigger calling LibreLogo from script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. |
3597 |
CVE-2019-9849 |
200 |
|
+Info |
2019-07-17 |
2019-08-15 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. |
3598 |
CVE-2019-9848 |
20 |
|
Exec Code |
2019-07-17 |
2019-08-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. |
3599 |
CVE-2019-9847 |
20 |
|
|
2019-05-09 |
2019-05-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. This issue affects: All LibreOffice Windows and macOS versions prior to 6.1.6; LibreOffice Windows and macOS versions in the 6.2 series prior to 6.2.3. |
3600 |
CVE-2019-9846 |
89 |
|
Sql +Info |
2019-06-28 |
2019-07-05 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection. |