| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-17051 |
20 |
|
Exec Code |
2019-09-30 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file. |
|
2 |
CVE-2019-17050 |
639 |
|
|
2019-09-30 |
2019-10-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production environment. |
|
3 |
CVE-2019-17049 |
89 |
|
Sql |
2019-09-30 |
2019-10-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account. |
|
4 |
CVE-2019-17046 |
434 |
|
Exec Code |
2019-09-30 |
2019-10-04 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page. |
|
5 |
CVE-2019-17045 |
79 |
|
XSS |
2019-09-30 |
2019-10-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab. |
|
6 |
CVE-2019-17040 |
125 |
|
|
2019-09-30 |
2019-10-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled. |
|
7 |
CVE-2019-16999 |
89 |
|
Sql |
2019-09-30 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI. |
|
8 |
CVE-2019-16997 |
89 |
|
Sql |
2019-09-30 |
2019-10-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter. |
|
9 |
CVE-2019-16996 |
89 |
|
Sql |
2019-09-30 |
2019-10-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter. |
|
10 |
CVE-2019-16995 |
772 |
|
DoS |
2019-09-30 |
2021-07-21 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d. |
|
11 |
CVE-2019-16994 |
772 |
|
DoS |
2019-09-30 |
2021-07-21 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a. |
|
12 |
CVE-2019-16993 |
352 |
|
CSRF |
2019-09-30 |
2019-11-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them. |
|
13 |
CVE-2019-16992 |
347 |
|
|
2019-09-30 |
2019-10-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be used for Stellar payments to the user), which might be incompatible with a user's personal position on the semantics of an attestation. |
|
14 |
CVE-2019-16941 |
91 |
|
Exec Code |
2019-09-28 |
2019-10-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java. An attack could start with an XML document that was originally created by DumpFunctionPatternInfoScript but then directly modified by an attacker (for example, to make a java.lang.Runtime.exec call). |
|
15 |
CVE-2019-16935 |
79 |
|
XSS |
2019-09-28 |
2023-01-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. |
|
16 |
CVE-2019-16932 |
918 |
|
|
2019-09-30 |
2019-10-04 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data. |
|
17 |
CVE-2019-16930 |
755 |
|
|
2019-09-28 |
2019-10-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a full node that owns a shielded address, related to mishandling of exceptions during deserialization of note plaintexts. This affects anyone who has disclosed their zaddr to a third party. |
|
18 |
CVE-2019-16928 |
787 |
|
Exec Code Overflow |
2019-09-27 |
2022-03-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command. |
|
19 |
CVE-2019-16927 |
787 |
|
|
2019-09-27 |
2019-10-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. |
|
20 |
CVE-2019-16926 |
79 |
|
XSS |
2019-09-28 |
2020-02-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
** DISPUTED ** Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has full access. |
|
21 |
CVE-2019-16925 |
79 |
|
XSS |
2019-09-28 |
2020-02-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
** DISPUTED ** Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has full access. |
|
22 |
CVE-2019-16924 |
319 |
|
|
2019-09-27 |
2019-10-04 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
The Nulock application 1.5.0 for mobile devices sends a cleartext password over Bluetooth, which allows remote attackers (after sniffing the network) to take control of the lock. |
|
23 |
CVE-2019-16923 |
79 |
|
XSS |
2019-09-27 |
2019-09-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
kkcms 1.3 has jx.php?url= XSS. |
|
24 |
CVE-2019-16922 |
200 |
|
+Info |
2019-09-27 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files. |
|
25 |
CVE-2019-16921 |
665 |
|
+Info |
2019-09-27 |
2019-09-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813. |
|
26 |
CVE-2019-16920 |
78 |
|
Exec Code |
2019-09-27 |
2019-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825. |
|
27 |
CVE-2019-16915 |
20 |
|
|
2019-09-26 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents. |
|
28 |
CVE-2019-16914 |
79 |
|
XSS |
2019-09-26 |
2019-09-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization. |
|
29 |
CVE-2019-16910 |
|
|
|
2019-09-26 |
2023-03-03 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.) |
|
30 |
CVE-2019-16904 |
79 |
|
XSS |
2019-09-26 |
2019-09-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.) |
|
31 |
CVE-2019-16903 |
22 |
|
Dir. Trav. |
2019-09-26 |
2019-09-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServer.cpp because it checks for /.. where it should be checking for ../ instead. |
|
32 |
CVE-2019-16902 |
20 |
|
|
2019-09-27 |
2021-07-21 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname. |
|
33 |
CVE-2019-16901 |
755 |
|
|
2019-09-26 |
2019-09-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4. |
|
34 |
CVE-2019-16900 |
|
|
|
2019-09-26 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. |
|
35 |
CVE-2019-16899 |
|
|
|
2019-09-26 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. |
|
36 |
CVE-2019-16894 |
89 |
|
Sql |
2019-09-26 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
download.php in inoERP 4.15 allows SQL injection through insecure deserialization. |
|
37 |
CVE-2019-16892 |
400 |
|
DoS Bypass |
2019-09-25 |
2019-11-22 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption). |
|
38 |
CVE-2019-16890 |
79 |
|
XSS |
2019-09-25 |
2019-09-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments. |
|
39 |
CVE-2019-16889 |
770 |
|
DoS |
2019-09-25 |
2020-08-24 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs. |
|
40 |
CVE-2019-16887 |
120 |
|
|
2019-09-25 |
2019-09-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc. |
|
41 |
CVE-2019-16884 |
863 |
|
Bypass |
2019-09-25 |
2023-03-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. |
|
42 |
CVE-2019-16882 |
416 |
|
|
2019-09-25 |
2019-09-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to read from memory locations associated with dangling pointers, because of a cloning flaw. |
|
43 |
CVE-2019-16881 |
416 |
|
Exec Code |
2019-09-25 |
2019-09-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callback. |
|
44 |
CVE-2019-16880 |
415 |
|
|
2019-09-25 |
2019-09-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zip_elements method. |
|
45 |
CVE-2019-16869 |
444 |
|
|
2019-09-26 |
2022-03-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. |
|
46 |
CVE-2019-16868 |
22 |
|
Dir. Trav. |
2019-09-25 |
2019-09-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter. |
|
47 |
CVE-2019-16867 |
20 |
|
|
2019-09-25 |
2021-07-21 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.) |
|
48 |
CVE-2019-16760 |
494 |
|
|
2019-09-30 |
2019-10-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency, which could be squatted on crates.io to be a malicious package. This not only affects manifests that you write locally yourself, but also manifests published to crates.io. Rust 1.0.0 through Rust 1.25.0 is affected by this advisory because Cargo will ignore the `package` key in manifests. Rust 1.26.0 through Rust 1.30.0 are not affected and typically will emit an error because the `package` key is unstable. Rust 1.31.0 and after are not affected because Cargo understands the `package` key. Users of the affected versions are strongly encouraged to update their compiler to the latest available one. Preventing this issue from happening requires updating your compiler to be either Rust 1.26.0 or newer. There will be no point release for Rust versions prior to 1.26.0. Users of Rust 1.19.0 to Rust 1.25.0 can instead apply linked patches to mitigate the issue. |
|
49 |
CVE-2019-16759 |
20 |
|
Exec Code |
2019-09-24 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. |
|
50 |
CVE-2019-16755 |
502 |
|
Exec Code |
2019-09-26 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System running the targeted application. Affected DWP versions: versions: 3.x to 18.x, all versions, service packs, and patches are affected by this vulnerability. Affected SmartIT versions: 1.x, 2.0, 18.05, 18.08, and 19.02, all versions, service packs, and patches are affected by this vulnerability. |
