Uncategorized CVEs — 2019 (Page 7/22)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2019-09-18

High

CVE-2019-14458

VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header.

CVSS: 7.5CWE: N/A

2019-09-17

Medium

CVE-2019-16391

SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrir…

CVSS: 6.5CWE: N/A

High

CVE-2019-11665

Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensiti…

CVSS: 7.5CWE: N/A

Critical

CVE-2018-7820

A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monito…

CVSS: 9.8CWE: CWE-255

High

CVE-2019-11667

Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to priv…

CVSS: 7.5CWE: N/A

Medium

CVE-2019-12755

Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an…

CVSS: 5.5CWE: N/A

2019-09-16

Critical

CVE-2019-15741

An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation

CVSS: 9.8CWE: N/A

Medium

CVE-2019-15737

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management.

CVSS: 6.5CWE: N/A

Medium

CVE-2019-15732

An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions.

CVSS: 5.3CWE: N/A

Medium

CVE-2019-15726

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP addre…

CVSS: 5.3CWE: N/A

High

CVE-2019-16353

Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device.

CVSS: 7.5CWE: N/A

High

CVE-2019-16170

An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control.

CVSS: 7.1CWE: N/A

2019-09-14

Critical

CVE-2019-16314

Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2.

CVSS: 9.8CWE: N/A

2019-09-13

High

CVE-2019-16288

On Tenda N301 wireless routers, a long string in the wifiSSID parameter of a goform/setWifi POST request causes the device to crash.

CVSS: 7.5CWE: N/A

Medium

CVE-2019-3646

DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execut…

CVSS: 6.9CWE: CWE-714

2019-09-12

High

CVE-2019-11773

Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.

CVSS: 7.8CWE: CWE-264

Critical

CVE-2019-6005

Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary soft…

CVSS: 9.8CWE: N/A

Medium

CVE-2019-10400

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allo…

CVSS: 4.2CWE: N/A

Medium

CVE-2019-10399

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed atta…

CVSS: 4.2CWE: N/A

Medium

CVE-2019-10394

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions all…

CVSS: 4.2CWE: N/A

Medium

CVE-2019-10393

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in san…

CVSS: 4.2CWE: N/A

Critical

CVE-2019-16257

Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or ex…

CVSS: 9.8CWE: N/A

Critical

CVE-2019-16256

Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or exe…

CVSS: 9.8CWE: N/A

2019-09-11

Medium

CVE-2019-16248

The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. In other words, there is a potentially misleading UI indication that…

CVSS: 5.5CWE: N/A

High

CVE-2019-1303

An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on th…

CVSS: 7.8CWE: N/A

High

CVE-2019-1301

A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'.

CVSS: 7.5CWE: N/A

High

CVE-2019-1297

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

CVSS: 8.8CWE: N/A

Medium

CVE-2019-1294

A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'.

CVSS: 4.6CWE: N/A

Medium

CVE-2019-1292

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.

CVSS: 4.9CWE: N/A

High

CVE-2019-1291

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE…

CVSS: 8.8CWE: N/A

High

CVE-2019-1290

CVSS: 8.8CWE: N/A

High

CVE-2019-1287

An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory, aka 'Windows Network Connectivity Assistant Elevation of Privilege…

CVSS: 7.8CWE: N/A

High

CVE-2019-1285

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is uniqu…

CVSS: 7.8CWE: N/A

High

CVE-2019-1284

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.

CVSS: 7.8CWE: N/A

Medium

CVE-2019-1282

An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks, aka 'Windows Common Log File System Driver Information Disclosure…

CVSS: 5.5CWE: N/A

High

CVE-2019-1278

An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215…

CVSS: 7.8CWE: N/A

High

CVE-2019-1277

An elevation of privilege vulnerability exists in Windows Audio Service when a malformed parameter is processed, aka 'Windows Audio Service Elevation of Privilege Vulnerability'.

CVSS: 7.8CWE: N/A

High

CVE-2019-1272

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitr…

CVSS: 7.8CWE: N/A

High

CVE-2019-1269

CVSS: 7.8CWE: N/A

High

CVE-2019-1268

An elevation of privilege exists when Winlogon does not properly handle file path information, aka 'Winlogon Elevation of Privilege Vulnerability'.

CVSS: 7.8CWE: N/A

High

CVE-2019-1265

A security feature bypass vulnerability exists when Microsoft Yammer App for Android fails to apply the correct Intune MAM Policy.This could allow an attacker to perform functions that are restricted…

CVSS: 7.5CWE: N/A

Medium

CVE-2019-1260

An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.

CVSS: 6.5CWE: N/A

High

CVE-2019-1256

CVSS: 7.8CWE: N/A

High

CVE-2019-1250

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is u…

CVSS: 7.8CWE: N/A

High

CVE-2019-1249

CVSS: 7.8CWE: N/A

High

CVE-2019-1248

CVSS: 7.8CWE: N/A

High

CVE-2019-1247

CVSS: 7.8CWE: N/A

High

CVE-2019-1246

CVSS: 7.8CWE: N/A

High

CVE-2019-1243

CVSS: 7.8CWE: N/A

High

CVE-2019-1242

CVSS: 7.8CWE: N/A

High

CVE-2019-1241

CVSS: 7.8CWE: N/A

High

CVE-2019-1240

CVSS: 7.8CWE: N/A

High

CVE-2019-1233

A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Denial of Service Vulnerability'.

CVSS: 7.5CWE: N/A

High

CVE-2019-1232

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Ele…

CVSS: 7.8CWE: N/A

High

CVE-2019-16247

Delta DCISoft 1.21 has a User Mode Write AV starting at CommLib!CCommLib::SetSerializeData+0x000000000000001b.

CVSS: 7.8CWE: N/A

High

CVE-2019-0788

CVSS: 8.8CWE: N/A

High

CVE-2019-0787

CVSS: 8.8CWE: N/A

Critical

CVE-2018-17200

The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the `serviceConten…

CVSS: 9.8CWE: N/A

Medium

CVE-2019-14936

Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash).

CVSS: 5.3CWE: N/A

High

CVE-2019-3644

McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.

CVSS: 7.5CWE: N/A

Medium

CVE-2019-3643

McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies.

CVSS: 5.3CWE: N/A

Medium

CVE-2019-16214

Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character f…

CVSS: 5.7CWE: N/A

2019-09-10

High

CVE-2019-11669

Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data.

CVSS: 7.5CWE: N/A

High

CVE-2019-11668

HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.…

CVSS: 7.5CWE: N/A

Critical

CVE-2019-10256

An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found.

CVSS: 9.8CWE: N/A

Medium

CVE-2019-1547

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit paramet…

CVSS: 4.7CWE: N/A

High

CVE-2019-0365

SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7…

CVSS: 7.5CWE: N/A

Medium

CVE-2019-0364

Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to enumerate open ports.

CVSS: 4.3CWE: N/A

High

CVE-2019-0363

Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network po…

CVSS: 7.1CWE: N/A

Medium

CVE-2019-0357

The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privileges.

CVSS: 6.7CWE: N/A

Medium

CVE-2019-0356

Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise…

CVSS: 4.3CWE: N/A

Low

CVE-2019-0353

Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted.

CVSS: 3.3CWE: N/A

Medium

CVE-2019-14730

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account.

CVSS: 4.3CWE: N/A

Medium

CVE-2019-14729

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account.

CVSS: 4.3CWE: N/A

Medium

CVE-2019-14728

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account.

CVSS: 4.3CWE: N/A

Medium

CVE-2019-14727

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail password of a victim account via an attacker account.

CVSS: 4.3CWE: N/A

Medium

CVE-2019-14726

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account.

CVSS: 5.4CWE: N/A

Medium

CVE-2019-14723

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's e-mail account via an attacker account.

CVSS: 4.3CWE: N/A

Medium

CVE-2019-14722

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account.

CVSS: 4.3CWE: N/A

2019-09-09

Low

CVE-2019-7176

An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Co…

CVSS: 3.7CWE: N/A

Low

CVE-2019-16181

In Limesurvey before 3.17.14, admin users can mark other users' notifications as read.

CVSS: 2.7CWE: N/A

Medium

CVE-2019-16180

Limesurvey before 3.17.14 allows remote attackers to bruteforce the login form and enumerate usernames when the LDAP authentication method is used.

CVSS: 5.3CWE: N/A

Medium

CVE-2019-16176

A path disclosure vulnerability was found in Limesurvey before 3.17.14 that allows a remote attacker to discover the path to the application in the filesystem.

CVSS: 5.3CWE: N/A

Critical

CVE-2019-6960

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the in…

CVSS: 9.8CWE: N/A

Medium

CVE-2019-6795

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a U…

CVSS: 5.4CWE: N/A

High

CVE-2019-6788

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations us…

CVSS: 7.5CWE: N/A

Medium

CVE-2019-6786

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 1 of 3). The contents of an LF…

CVSS: 6.5CWE: N/A

Medium

CVE-2019-6785

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a M…

CVSS: 6.5CWE: N/A

High

CVE-2019-6782

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 1 of 6). An authorization iss…

CVSS: 7.5CWE: N/A

Medium

CVE-2019-11544

An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-mem…

CVSS: 4.3CWE: N/A

2019-09-08

Medium

CVE-2019-16109

An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmation_token, if a database record has a blank value in the confirmation…

CVSS: 5.3CWE: N/A

High

CVE-2019-16103

Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.

CVSS: 7.2CWE: N/A

High

CVE-2019-16100

Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source.

CVSS: 7.5CWE: N/A

2019-09-06

Medium

CVE-2019-9461

In the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent network attacker with no additional execution privileg…

CVSS: 6.5CWE: N/A

Medium

CVE-2019-9436

In the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed fo…

CVSS: 6.7CWE: N/A

High

CVE-2019-9345

In the Android kernel in sdcardfs there is a possible violation of the separation of data between profiles due to shared mapping of obb files. This could lead to local escalation of privilege with Us…

CVSS: 7.8CWE: N/A

High

CVE-2019-2182

In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional…

CVSS: 7.8CWE: N/A

Critical

CVE-2019-9855

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice…

CVSS: 9.8CWE: CWE-417

Critical

CVE-2019-16060

The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 an…

CVSS: 9.8CWE: N/A

High

CVE-2019-16056

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters.…

CVSS: 7.5CWE: N/A

High

CVE-2019-13953

An exploitable authentication bypass vulnerability exists in the Bluetooth Low Energy (BLE) authentication module of YI M1 Mirrorless Camera V3.2-cn. An attacker can send a set of BLE commands to tri…

CVSS: 8.8CWE: N/A

Critical

CVE-2019-15846

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.

CVSS: 9.8CWE: N/A

2019-09-05

High

CVE-2019-2177

In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code execution with no addi…

CVSS: 8.8CWE: CWE-275

Medium

CVE-2019-2124

In ComposeActivityEmailExternal of ComposeActivityEmailExternal.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible way to silently attach files to an email due to a confused deputy. Th…

CVSS: 5.5CWE: N/A

High

CVE-2019-11380

The master-password feature in the ES File Explorer File Manager application 4.2.0.1.3 for Android can be bypassed via a com.estrongs.android.pop.ftp.ESFtpShortcut intent, leading to remote FTP acces…

CVSS: 7.5CWE: N/A

Medium

CVE-2019-14339

The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's m…

CVSS: 5.5CWE: N/A

Medium

CVE-2019-14278

In Knowage through 6.1.1, an unauthenticated user can enumerated valid usernames via the ChangePwdServlet page.

CVSS: 5.3CWE: N/A

2019-09-04

Medium

CVE-2019-12586

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows…

CVSS: 6.5CWE: N/A

High

CVE-2019-6646

On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges.

CVSS: 8.8CWE: N/A

High

CVE-2019-6643

On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured wi…

CVSS: 7.5CWE: N/A

Critical

CVE-2019-6644

Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoke…

CVSS: 9.4CWE: N/A

High

CVE-2019-6645

On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, FTP traffic passing through a Virtual Server with both an active FTP profile associated and connection mirroring configured m…

CVSS: 7.5CWE: N/A

Medium

CVE-2019-15718

In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access…

CVSS: 4.4CWE: N/A

Critical

CVE-2019-10709

AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoC…

CVSS: 9.8CWE: CWE-264

2019-09-03

Medium

CVE-2019-1125

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged…

CVSS: 5.6CWE: N/A

High

CVE-2019-14261

An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due to an insufficient implementation of jamming detection, an attacker is able to suppress correctly received RF messages sent betw…

CVSS: 7.5CWE: CWE-310

High

CVE-2019-15863

The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation (with the none role) via a request for variants.

CVSS: 7.5CWE: N/A

2019-08-30

Critical

CVE-2019-15826

The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field.

CVSS: 9.8CWE: N/A

Critical

CVE-2019-15825

The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass.

CVSS: 9.8CWE: N/A

Critical

CVE-2019-15824

The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass.

CVSS: 9.8CWE: N/A