CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-17051 20 Exec Code 2019-09-30 2019-10-04
6.8
None Remote Medium Not required Partial Partial Partial
Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file.
2 CVE-2019-17050 639 2019-09-30 2019-10-04
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production environment.
3 CVE-2019-17049 89 Sql 2019-09-30 2019-10-04
5.0
None Remote Low Not required None Partial None
NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account.
4 CVE-2019-17046 434 Exec Code 2019-09-30 2019-10-04
9.0
None Remote Low Single system Complete Complete Complete
Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page.
5 CVE-2019-17045 79 XSS 2019-09-30 2019-10-03
3.5
None Remote Medium Single system None Partial None
Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab.
6 CVE-2019-17040 125 2019-09-30 2019-10-07
7.5
None Remote Low Not required Partial Partial Partial
contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled.
7 CVE-2019-16999 89 Sql 2019-09-30 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI.
8 CVE-2019-16997 89 Sql 2019-09-30 2019-10-04
6.5
None Remote Low Single system Partial Partial Partial
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.
9 CVE-2019-16996 89 Sql 2019-09-30 2019-10-04
6.5
None Remote Low Single system Partial Partial Partial
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.
10 CVE-2019-16995 772 DoS 2019-09-30 2019-10-04
7.8
None Remote Low Not required None None Complete
In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.
11 CVE-2019-16994 772 DoS 2019-09-30 2019-10-04
7.8
None Remote Low Not required None None Complete
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.
12 CVE-2019-16993 352 CSRF 2019-09-30 2019-10-07
6.8
None Remote Medium Not required Partial Partial Partial
In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them.
13 CVE-2019-16992 347 2019-09-29 2019-10-08
5.0
None Remote Low Not required Partial None None
The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be used for Stellar payments to the user), which might be incompatible with a user's personal position on the semantics of an attestation.
14 CVE-2019-16941 91 Exec Code 2019-09-28 2019-10-04
6.8
None Remote Medium Not required Partial Partial Partial
NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java. An attack could start with an XML document that was originally created by DumpFunctionPatternInfoScript but then directly modified by an attacker (for example, to make a java.lang.Runtime.exec call).
15 CVE-2019-16935 79 XSS 2019-09-27 2019-10-09
4.3
None Remote Medium Not required None Partial None
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.
16 CVE-2019-16932 918 2019-09-30 2019-10-04
5.8
None Remote Medium Not required Partial Partial None
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.
17 CVE-2019-16930 755 2019-09-28 2019-10-04
5.0
None Remote Low Not required Partial None None
Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a full node that owns a shielded address, related to mishandling of exceptions during deserialization of note plaintexts. This affects anyone who has disclosed their zaddr to a third party.
18 CVE-2019-16928 120 Exec Code Overflow 2019-09-27 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
19 CVE-2019-16927 787 2019-09-27 2019-10-01
4.3
None Remote Medium Not required None None Partial
Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877.
20 CVE-2019-16926 79 XSS 2019-09-27 2019-10-03
4.3
None Remote Medium Not required None Partial None
Flower 0.9.3 has XSS via a crafted worker name.
21 CVE-2019-16925 79 XSS 2019-09-27 2019-10-03
4.3
None Remote Medium Not required None Partial None
Flower 0.9.3 has XSS via the name parameter in an @app.task call.
22 CVE-2019-16924 319 2019-09-27 2019-10-04
3.3
None Local Network Low Not required Partial None None
The Nulock application 1.5.0 for mobile devices sends a cleartext password over Bluetooth, which allows remote attackers (after sniffing the network) to take control of the lock.
23 CVE-2019-16923 79 XSS 2019-09-27 2019-09-27
4.3
None Remote Medium Not required None Partial None
kkcms 1.3 has jx.php?url= XSS.
24 CVE-2019-16922 200 +Info 2019-09-27 2019-10-01
5.0
None Remote Low Not required Partial None None
SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files.
25 CVE-2019-16921 665 +Info 2019-09-27 2019-09-27
5.0
None Remote Low Not required Partial None None
In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813.
26 CVE-2019-16920 78 Exec Code 2019-09-27 2019-10-10
10.0
None Remote Low Not required Complete Complete Complete
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
27 CVE-2019-16915 20 2019-09-26 2019-09-27
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents.
28 CVE-2019-16914 79 XSS 2019-09-26 2019-09-27
4.3
None Remote Medium Not required None Partial None
An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization.
29 CVE-2019-16910 200 +Info 2019-09-26 2019-10-03
2.6
None Remote High Not required Partial None None
Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)
30 CVE-2019-16904 79 XSS 2019-09-26 2019-09-27
3.5
None Remote Medium Single system None Partial None
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.)
31 CVE-2019-16903 22 Dir. Trav. 2019-09-26 2019-09-26
5.0
None Remote Low Not required Partial None None
Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServer.cpp because it checks for /.. where it should be checking for ../ instead.
32 CVE-2019-16902 20 2019-09-27 2019-09-27
6.4
None Remote Low Not required None Partial Partial
In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname.
33 CVE-2019-16901 755 2019-09-25 2019-09-26
5.0
None Remote Low Not required None None Partial
Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4.
34 CVE-2019-16900 119 Overflow 2019-09-25 2019-09-26
5.0
None Remote Low Not required None None Partial
Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c.
35 CVE-2019-16899 119 Overflow 2019-09-25 2019-09-26
5.0
None Remote Low Not required None None Partial
In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918.
36 CVE-2019-16894 89 Sql 2019-09-26 2019-09-27
7.5
None Remote Low Not required Partial Partial Partial
download.php in inoERP 4.15 allows SQL injection through insecure deserialization.
37 CVE-2019-16892 400 DoS Bypass 2019-09-25 2019-10-01
7.1
None Remote Medium Not required None None Complete
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).
38 CVE-2019-16890 79 XSS 2019-09-25 2019-09-26
3.5
None Remote Medium Single system None Partial None
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments.
39 CVE-2019-16889 400 DoS 2019-09-25 2019-10-01
7.8
None Remote Low Not required None None Complete
Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs.
40 CVE-2019-16887 120 2019-09-25 2019-09-26
6.8
None Remote Medium Not required Partial Partial Partial
In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc.
41 CVE-2019-16884 863 Bypass 2019-09-25 2019-10-07
5.0
None Remote Low Not required None Partial None
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.
42 CVE-2019-16882 416 2019-09-25 2019-09-26
5.0
None Remote Low Not required Partial None None
An issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to read from memory locations associated with dangling pointers, because of a cloning flaw.
43 CVE-2019-16881 416 Exec Code 2019-09-25 2019-09-25
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callback.
44 CVE-2019-16880 415 2019-09-25 2019-09-27
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zip_elements method.
45 CVE-2019-16869 444 2019-09-26 2019-09-30
5.0
None Remote Low Not required None Partial None
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
46 CVE-2019-16868 22 Dir. Trav. 2019-09-25 2019-09-26
7.5
None Remote Low Not required Partial Partial Partial
emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter.
47 CVE-2019-16867 20 2019-09-25 2019-09-25
5.5
None Remote Low Single system None Partial Partial
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.)
48 CVE-2019-16760 494 2019-09-30 2019-10-08
5.0
None Remote Low Not required None Partial None
Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency, which could be squatted on crates.io to be a malicious package. This not only affects manifests that you write locally yourself, but also manifests published to crates.io. Rust 1.0.0 through Rust 1.25.0 is affected by this advisory because Cargo will ignore the `package` key in manifests. Rust 1.26.0 through Rust 1.30.0 are not affected and typically will emit an error because the `package` key is unstable. Rust 1.31.0 and after are not affected because Cargo understands the `package` key. Users of the affected versions are strongly encouraged to update their compiler to the latest available one. Preventing this issue from happening requires updating your compiler to be either Rust 1.26.0 or newer. There will be no point release for Rust versions prior to 1.26.0. Users of Rust 1.19.0 to Rust 1.25.0 can instead apply linked patches to mitigate the issue.
49 CVE-2019-16759 20 Exec Code 2019-09-24 2019-09-25
7.5
None Remote Low Not required Partial Partial Partial
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
50 CVE-2019-16755 502 Exec Code 2019-09-26 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System running the targeted application. Affected DWP versions: versions: 3.x to 18.x, all versions, service packs, and patches are affected by this vulnerability. Affected SmartIT versions: 1.x, 2.0, 18.05, 18.08, and 19.02, all versions, service packs, and patches are affected by this vulnerability.
Total number of vulnerabilities : 1534   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.