# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
401 |
CVE-2019-17075 |
119 |
|
DoS Overflow |
2019-10-01 |
2019-10-08 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance. |
402 |
CVE-2019-17073 |
22 |
|
Dir. Trav. |
2019-10-01 |
2019-10-04 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal. |
403 |
CVE-2019-17072 |
89 |
|
Sql |
2019-10-10 |
2019-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php. |
404 |
CVE-2019-17071 |
79 |
|
XSS |
2019-10-10 |
2019-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The client-dash (aka Client Dash) plugin 2.1.4 for WordPress allows XSS. |
405 |
CVE-2019-17070 |
79 |
|
XSS |
2019-10-10 |
2019-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin 1.0.5 for WordPress allows XSS with Internet Explorer. |
406 |
CVE-2019-17069 |
20 |
|
DoS |
2019-10-01 |
2019-10-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. |
407 |
CVE-2019-17068 |
74 |
|
|
2019-10-01 |
2019-10-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. |
408 |
CVE-2019-17067 |
770 |
|
|
2019-10-01 |
2019-10-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection. |
409 |
CVE-2019-17064 |
476 |
|
|
2019-10-01 |
2019-10-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. |
410 |
CVE-2019-17063 |
20 |
|
|
2019-10-01 |
2019-10-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In Snowtide PDFxStream before 3.7.1 (for Java), a crafted PDF file can trigger an extremely long running computation because of page-tree mishandling. |
411 |
CVE-2019-17051 |
20 |
|
Exec Code |
2019-09-30 |
2019-10-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file. |
412 |
CVE-2019-17050 |
639 |
|
|
2019-09-30 |
2019-10-04 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production environment. |
413 |
CVE-2019-17049 |
89 |
|
Sql |
2019-09-30 |
2019-10-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account. |
414 |
CVE-2019-17046 |
434 |
|
Exec Code |
2019-09-30 |
2019-10-04 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page. |
415 |
CVE-2019-17042 |
120 |
|
Overflow |
2019-10-07 |
2019-10-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow. |
416 |
CVE-2019-17041 |
120 |
|
Overflow |
2019-10-07 |
2019-10-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow. |
417 |
CVE-2019-17040 |
125 |
|
|
2019-09-30 |
2019-10-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled. |
418 |
CVE-2019-16999 |
89 |
|
Sql |
2019-09-30 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI. |
419 |
CVE-2019-16997 |
89 |
|
Sql |
2019-09-30 |
2019-10-04 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter. |
420 |
CVE-2019-16996 |
89 |
|
Sql |
2019-09-30 |
2019-10-04 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter. |
421 |
CVE-2019-16995 |
772 |
|
DoS |
2019-09-30 |
2019-10-04 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d. |
422 |
CVE-2019-16994 |
772 |
|
DoS |
2019-09-30 |
2019-10-04 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a. |
423 |
CVE-2019-16993 |
352 |
|
CSRF |
2019-09-30 |
2019-10-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them. |
424 |
CVE-2019-16992 |
347 |
|
|
2019-09-29 |
2019-10-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be used for Stellar payments to the user), which might be incompatible with a user's personal position on the semantics of an attestation. |
425 |
CVE-2019-16943 |
20 |
|
|
2019-10-01 |
2019-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling. |
426 |
CVE-2019-16942 |
20 |
|
|
2019-10-01 |
2019-10-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling. |
427 |
CVE-2019-16941 |
91 |
|
Exec Code |
2019-09-28 |
2019-10-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java. An attack could start with an XML document that was originally created by DumpFunctionPatternInfoScript but then directly modified by an attacker (for example, to make a java.lang.Runtime.exec call). |
428 |
CVE-2019-16935 |
79 |
|
XSS |
2019-09-27 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. |
429 |
CVE-2019-16932 |
918 |
|
|
2019-09-30 |
2019-10-04 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data. |
430 |
CVE-2019-16931 |
79 |
|
XSS |
2019-10-03 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers wp-json/visualizer/v1/update-chart with no access control, and classes/Visualizer/Render/Page/Data.php lacks output sanitization. |
431 |
CVE-2019-16930 |
755 |
|
|
2019-09-28 |
2019-10-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a full node that owns a shielded address, related to mishandling of exceptions during deserialization of note plaintexts. This affects anyone who has disclosed their zaddr to a third party. |
432 |
CVE-2019-16928 |
120 |
|
Exec Code Overflow |
2019-09-27 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command. |
433 |
CVE-2019-16927 |
787 |
|
|
2019-09-27 |
2019-10-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. |
434 |
CVE-2019-16926 |
79 |
|
XSS |
2019-09-27 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Flower 0.9.3 has XSS via a crafted worker name. |
435 |
CVE-2019-16925 |
79 |
|
XSS |
2019-09-27 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Flower 0.9.3 has XSS via the name parameter in an @app.task call. |
436 |
CVE-2019-16923 |
79 |
|
XSS |
2019-09-27 |
2019-09-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
kkcms 1.3 has jx.php?url= XSS. |
437 |
CVE-2019-16922 |
200 |
|
+Info |
2019-09-27 |
2019-10-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files. |
438 |
CVE-2019-16921 |
665 |
|
+Info |
2019-09-27 |
2019-09-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813. |
439 |
CVE-2019-16920 |
78 |
|
Exec Code |
2019-09-27 |
2019-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825. |
440 |
CVE-2019-16915 |
20 |
|
|
2019-09-26 |
2019-09-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents. |
441 |
CVE-2019-16914 |
79 |
|
XSS |
2019-09-26 |
2019-09-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization. |
442 |
CVE-2019-16913 |
269 |
|
|
2019-10-07 |
2019-10-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as LocalSystem. This allows any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a Trojan horse. |
443 |
CVE-2019-16903 |
22 |
|
Dir. Trav. |
2019-09-26 |
2019-09-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServer.cpp because it checks for /.. where it should be checking for ../ instead. |
444 |
CVE-2019-16902 |
20 |
|
|
2019-09-27 |
2019-09-27 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname. |
445 |
CVE-2019-16901 |
755 |
|
|
2019-09-25 |
2019-09-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4. |
446 |
CVE-2019-16900 |
119 |
|
Overflow |
2019-09-25 |
2019-09-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. |
447 |
CVE-2019-16899 |
119 |
|
Overflow |
2019-09-25 |
2019-09-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. |
448 |
CVE-2019-16894 |
89 |
|
Sql |
2019-09-26 |
2019-09-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
download.php in inoERP 4.15 allows SQL injection through insecure deserialization. |
449 |
CVE-2019-16892 |
400 |
|
DoS Bypass |
2019-09-25 |
2019-10-01 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption). |
450 |
CVE-2019-16891 |
502 |
|
Exec Code |
2019-10-04 |
2019-10-10 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload. |