BULLETIN (SB19-280) VULNERABILITY SUMMARY FOR THE … · jetbrains -- teamcity An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute

BULLETIN (SB19-280)

VULNERABILITY SUMMARY FOR THE WEEK OF

SEPTEMBER 30, 2019

Bulletin (SB19-280)

Vulnerability Summary for the Week of

September 30, 2019

Cybernetic GI Security Bulletin provides a summary of new vulnerabilities that have been recorded by the

National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past

week. The Department of Homeland Security (DHS) National Cybersecurity and Communications

Integration Center (NCCIC) / United States Computer Emergency Readiness Team, is sponsored by The NVD.

For modified or updated entries, please visit the NVD, which contains historical vulnerability information .

The vulnerabilities are based on the CVE vulnerability naming standard and determined by the Common

Vulnerability Scoring System (CVSS) standard. They are organized according to severity, by the division of

high, medium and low severities correspond to the following scores :

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 .

Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 .

Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 .

Entries may include additional information provided by organizations and efforts sponsored by Cybernetic

GI. This data may include identifying information, values, definitions, and related links. The patch

information is provided to users when available. Please note that some of the information in the bulletin is

compiled from external, open source reports and is not a direct result of Cybernetic GI analysis .

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute

of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the

vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated

vulnerability entries, which include CVSS scores once they are available .

High Vulnerabilities

Primary Vendor -- Product

Description Published CVSS Score

Source & Patch Info

adobe -- coldfusion

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user.

2019-09-27

10.0

CVE-2019-8073 CONFIRM

adobe -- coldfusion

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user.

2019-09-27

10.0


corsair -- link

The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\SYSTEM, leading to total system takeover, a similar issue to CVE-2018-12441.

2019-09-27

7.2

CVE-2018-19592 MISC MISC

dlink -- dhp-1565_firmware

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise.

2019-09-27

10.0

CVE-2019-16920 MISC

exim -- exim

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.

2019-09-27

7.5

CVE-2019-16928 FEDORA FEDORA BUGTRAQ UBUNTU DEBIAN

google -- android

In the Bluetooth stack, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113575306

2019-09-27

7.2

CVE-2019-9259 MISC

google -- android

In sensorservice, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-119501435

2019-09-27

7.2

CVE-2019-9266 MISC

google -- android

In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112663384

2019-09-27

7.5

CVE-2019-9301 MISC

https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-8073&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-8073


https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html





https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-19592&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C)



http://forum.corsair.com/v3/showthread.php?t=155646

https://github.com/BradyDonovan/CVE-2018-19592/blob/master/CLink4Service




https://fortiguard.com/zeroday/FG-VD-19-117

https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-16928&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)



https://lists.fedoraproject.org/archives/list/[email protected]/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/

https://lists.fedoraproject.org/archives/list/[email protected]/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/

https://seclists.org/bugtraq/2019/Sep/60

https://usn.ubuntu.com/4141-1/

https://www.debian.org/security/2019/dsa-4536




https://source.android.com/security/bulletin/android-10












Source & Patch Info

google -- android

In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128431761

2019-09-27

7.1

CVE-2019-9348 MISC

google -- android

In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124330204

2019-09-27

7.1

CVE-2019-9349 MISC

google -- android

In Bluetooth, there is a possible deserialization error due to missing string validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109838537

2019-09-27

7.5

CVE-2019-9365 MISC

google -- android

In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254

2019-09-27

7.1

CVE-2019-9371 MISC

google -- android

In libskia, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132782448

2019-09-27

7.1

CVE-2019-9372 MISC

google -- android

In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124329638

2019-09-27

7.1

CVE-2019-9379 MISC

google -- android

In LockPatternUtils, there is a possible escalation of privilege due to an improper permissions check. This could lead to local bypass of the Lockguard with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120568007

2019-09-27

7.2

CVE-2019-9384 MISC

google -- android

In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111450210

2019-09-27

7.1

CVE-2019-9418 MISC

https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-9348&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:C)



































Source & Patch Info

google -- android

In libttspico, there is a possible OOB write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79593569

2019-09-27

7.5

CVE-2019-9459 MISC

govicture -- pc530_firmware

Victure PC530 devices allow unauthenticated TELNET access as root.

2019-10-01

10.0


idcos -- cloudboot

CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI.

2019-09-30

7.5

CVE-2019-16999 MISC

ilch -- ilch_cms

Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page.

2019-09-30

9.0

CVE-2019-17046 MISC

jetbrains -- ktor

JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.

2019-10-02

7.5


jetbrains -- teamcity

An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1.

2019-10-02

9.0


linux -- linux_kernel

In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.

2019-09-30

7.8


linux -- linux_kernel

In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.

2019-09-30

7.8

CVE-2019-16995 MISC MISC MISC

mozilla -- firefox

Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69.

2019-09-27

7.5

CVE-2019-11734 MISC CONFIRM

mozilla -- firefox

Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we

2019-09-27

7.5

CVE-2019-11735 SUSE








https://blog.avira.com/victure-pc530-home-insecurity-you-can-install-yourself/

https://www.govicture.com/pc530




https://github.com/idcos/Cloudboot/issues/22

https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-17046&vector=(AV:N/AC:L/Au:S/C:C/I:C/A:C)



https://syhack.wordpress.com/2019/09/29/ilch-content-management-system-v-2-1-22-insecure-file-upload-lfi-remote-code-execution-critical-vulnerability-disclosure/




https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/

https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-15036&vector=(AV:N/AC:L/Au:S/C:C/I:C/A:C)




https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-16994&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)



https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07f12b26e21ab359261bf75cfcb424fdc7daeb6d

https://github.com/torvalds/linux/commit/07f12b26e21ab359261bf75cfcb424fdc7daeb6d




https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.3

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6caabe7f197d3466d238f70915d65301f1716626

https://github.com/torvalds/linux/commit/6caabe7f197d3466d238f70915d65301f1716626




https://bugzilla.mozilla.org/buglist.cgi?bug_id=1352875%2C1536227%2C1557208%2C1560641

https://www.mozilla.org/security/advisories/mfsa2019-25/




http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html




Source & Patch Info

presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.

SUSE MISC CONFIRM CONFIRM

mozilla -- firefox

Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.

2019-09-27

7.5

CVE-2019-11740 SUSE SUSE SUSE SUSE MISC CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM

mozilla -- firefox

It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.

2019-09-27

9.3

CVE-2019-11752 SUSE SUSE SUSE SUSE MISC CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM

plataformatec -- simple_form

Plataformatec Simple Form has Incorrect Access Control in file_method? in lib/simple_form/form_builder.rb, because a user-supplied string is invoked as a method call.

2019-09-30

7.5

CVE-2019-16676 CONFIRM MISC MISC

qualcomm -- ipq4019_firmware

Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo can lead to out-of-bound access. in Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, QCS405, SD 665, SD 675, SD 730, SD 855

2019-09-30

7.2



Possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA8081, QCA9379, QCS404, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD

2019-09-30

10.0



https://bugzilla.mozilla.org/buglist.cgi?bug_id=1561404%2C1561484%2C1568047%2C1561912%2C1565744%2C1568858%2C1570358










https://bugzilla.mozilla.org/buglist.cgi?bug_id=1563133%2C1573160






https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-11752&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)







https://bugzilla.mozilla.org/show_bug.cgi?id=1501152









http://blog.plataformatec.com.br/2019/09/incorrect-access-control-in-simple-form-cve-2019-16676/

https://github.com/plataformatec/simple_form/commits/master

https://github.com/plataformatec/simple_form/security/advisories/GHSA-r74q-gxcg-73hx




https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin




https://www.qualcomm.com/company/product-security/bulletins




Source & Patch Info

425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SXR1130


Buffer overflow in WLAN NAN function due to lack of check of count value received in NAN availability attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MSM8996AU, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCS404, QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SXR1130

2019-09-30

10.0


qualcomm -- mdm9205_firmware

Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

2019-09-30

10.0



Possible null-pointer dereference can occur while parsing avi clip during copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20

2019-09-30

7.8



Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 820, SD 820A, SDM439

2019-09-30

7.2





















Source & Patch Info


Classic buffer overflow vulnerability while playing the specific video whose Decode picture buffer size is more than 16 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

2019-09-30

10.0


qualcomm -- msm8909w_firmware

Device record of the pairing device used after free during ACL disconnection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016

2019-09-30

10.0



Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range which can compromise HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM660, SDX20, SDX24

2019-09-30

10.0


qualcomm -- qcs405_firmware

BT process died and BT toggled due to null pointer dereference when invalid vendor pass through command sent from remote in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 675, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660

2019-09-30

8.5


rsyslog -- rsyslog

contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled.

2019-09-30

7.5

CVE-2019-17040 MISC

salesagility -- suitecrm

SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation.

2019-10-02

7.5

CVE-2019-14454 CONFIRM CONFIRM













https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-10510&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:C)







https://github.com/rsyslog/rsyslog/pull/3875




https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_20





Source & Patch Info

tcpdump -- tcpdump

The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().

2019-10-03

7.5


tcpdump -- tcpdump

The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().

2019-10-03

7.5


tcpdump -- tcpdump

The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().

2019-10-03

7.5


tcpdump -- tcpdump

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).

2019-10-03

7.5


tcpdump -- tcpdump

The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.

2019-10-03

7.5


tcpdump -- tcpdump

The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.

2019-10-03

7.5


tcpdump -- tcpdump

The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().

2019-10-03

7.5


tcpdump -- tcpdump

The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().

2019-10-03

7.5


tcpdump -- tcpdump

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).

2019-10-03

7.5


tcpdump -- tcpdump

The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.

2019-10-03

7.5

CVE-2018-16451




https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES

https://github.com/the-tcpdump-group/tcpdump/commit/aa3e54f594385ce7e1e319b0c84999e51192578b





https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6





https://github.com/the-tcpdump-group/tcpdump/commit/e01c9bf76740802025c9328901b55ee4a0c49ed6





https://github.com/the-tcpdump-group/tcpdump/commit/86326e880d31b328a151d45348c35220baa9a1ff





https://github.com/the-tcpdump-group/tcpdump/commit/d7505276842e85bfd067fa21cdb32b8a2dc3c5e4





https://github.com/the-tcpdump-group/tcpdump/commit/4846b3c5d0a850e860baf4f07340495d29837d09





https://github.com/the-tcpdump-group/tcpdump/commit/83a412a5275cac973c5841eca3511c766bed778d





https://github.com/the-tcpdump-group/tcpdump/commit/211124b972e74f0da66bc8b16f181f78793e2f66





https://github.com/the-tcpdump-group/tcpdump/commit/13d52e9c0e7caf7e6325b0051bc90a49968be67f







Source & Patch Info

MISC CONFIRM

tcpdump -- tcpdump

lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.

2019-10-03

7.5


umbraco -- umbraco

In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter.

2019-10-02

7.5



https://github.com/the-tcpdump-group/tcpdump/commit/96480ab95308cd9234b4f09b175ebf60e17792c6





https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4




https://gist.github.com/shiham101/d1de44d1dcf2c33d401ef2f8cbb04f9f

https://our.umbraco.com/download/releases/738/

Medium Vulnerabilities



Source & Patch Info

adobe -- coldfusion ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.

2019-09-27 5.0 CVE-2019-8072 CONFIRM

adobe -- flash_player Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.

2019-09-27 5.0 CVE-2019-8075 CONFIRM

dell -- emc_integrated_data_protection_appliance_firmware

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to access other components using the privileges of the compromised user.

2019-09-27 4.0 CVE-2019-3736 CONFIRM


Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system.

2019-09-27 6.5 CVE-2019-3746 CONFIRM

ebrigade -- ebrigade eBrigade before 5.0 has evenement_ical.php evenement SQL Injection.

2019-09-30 6.5 CVE-2019-16743 MISC MISC

ebrigade -- ebrigade eBrigade before 5.0 has evenements.php cid SQL Injection. 2019-09-30 6.5 CVE-2019-16744 MISC MISC

ebrigade -- ebrigade eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection.

2019-09-30 6.5 CVE-2019-16745 MISC MISC

emlog -- emlog emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal.

2019-10-01 5.5 CVE-2019-17073 MISC

esafenet -- cdg CDG through 2017-01-01 allows downloadDocument.jsp?command=download&pathAndName= directory traversal.

2019-09-30 5.0 CVE-2017-18636 MISC

evernote -- evernote Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for

2019-09-30 6.8 CVE-2019-17051

https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-8072&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)







https://helpx.adobe.com/security/products/flash-player/apsb19-30.html

https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-3736&vector=(AV:N/AC:L/Au:S/C:P/I:N/A:N)



https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities

https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-3746&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P)







http://packetstormsecurity.com/files/154624/eBrigade-SQL-Injection.html

https://sourceforge.net/projects/ebrigade/files/




https://packetstormsecurity.com/files/154624/eBrigade-SQL-Injection.html





https://packetstormsecurity.com/files/154624/eBrigade-SQL-Injection.html


https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-17073&vector=(AV:N/AC:L/Au:S/C:N/I:P/A:P)



https://github.com/emlog/emlog/issues/49




http://www.warmeng.com/2017/01/01/CDG-filedown/

https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-17051&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)






Source & Patch Info

attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file.

MISC MISC

flower_project -- flower Flower 0.9.3 has XSS via the name parameter in an @app.task call.

2019-09-27 4.3 CVE-2019-16925 MISC

flower_project -- flower Flower 0.9.3 has XSS via a crafted worker name. 2019-09-27 4.3 CVE-2019-16926 MISC

foxitsoftware -- foxit_reader

Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 1 of 2).

2019-09-30 5.0 CVE-2019-13123 CONFIRM

foxitsoftware -- foxit_reader

Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 2 of 2).

2019-09-30 5.0 CVE-2019-13124 CONFIRM

gfi -- kerio_control A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via a login/?reason=failure&NTLM= URI.

2019-09-30 4.3 CVE-2019-16414 MISC MISC MISC MISC

glyphandcog -- xpdf Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877.

2019-09-27 4.3 CVE-2019-16927 MISC

golang -- go Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

2019-09-30 5.0 CVE-2019-16276 CONFIRM MISC

google -- android In Platform, there is a possible bypass of user interaction requirements due to missing permission checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73884967

2019-09-27 4.6 CVE-2018-9425 MISC

google -- android In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113164693

2019-09-27 6.8 CVE-2019-2055 MISC

https://evernote.com/security/updates#MACOSNOTE-28956

https://www.youtube.com/watch?v=OG2tKlZX5bg

https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-16925&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)



https://fatihhcelik.blogspot.com/2019/09/flower-100-has-xss-via-name-parameter.html




https://fatihhcelik.blogspot.com/2019/09/flower-100-has-xss-via-crafted-worker.html

https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-13123&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)



https://www.foxitsoftware.com/support/security-bulletins.php




https://www.foxitsoftware.com/support/security-bulletins.php




http://packetstormsecurity.com/files/154678/GFI-Kerio-Control-9.3.0-Cross-Site-Scripting.html

http://seclists.org/fulldisclosure/2019/Sep/35

https://twitter.com/haxel0rd/status/1174279811751174144

https://www.youtube.com/watch?v=ZqqR89vzZ_I

https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-16927&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)



https://forum.xpdfreader.com/viewtopic.php?f=3&t=41885

https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-16276&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:N)



https://github.com/golang/go/issues/34540

https://groups.google.com/forum/#!msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ

https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-9425&vector=(AV:L/AC:L/Au:N/C:P/I:P/A:P)











Source & Patch Info


2019-09-27 6.8 CVE-2019-2059 MISC

google -- android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112709994

2019-09-27 4.3 CVE-2019-2060 MISC


2019-09-27 6.8 CVE-2019-2061 MISC


2019-09-27 6.8 CVE-2019-2062 MISC

google -- android In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116019594

2019-09-27 6.8 CVE-2019-2063 MISC


2019-09-27 6.8 CVE-2019-2064 MISC


2019-09-27 6.8 CVE-2019-2065 MISC


2019-09-27 6.8 CVE-2019-2066 MISC





https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-2060&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)































Source & Patch Info


2019-09-27 6.8 CVE-2019-2067 MISC


2019-09-27 6.8 CVE-2019-2068 MISC


2019-09-27 6.8 CVE-2019-2069 MISC


2019-09-27 6.8 CVE-2019-2070 MISC

google -- android In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117216549

2019-09-27 6.8 CVE-2019-2071 MISC


2019-09-27 6.8 CVE-2019-2072 MISC

google -- android In libxaac there is a possible out of bounds write to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117100484

2019-09-27 6.8 CVE-2019-2073 MISC


2019-09-27 6.8 CVE-2019-2074 MISC




































Source & Patch Info


2019-09-27 6.8 CVE-2019-2075 MISC


2019-09-27 6.8 CVE-2019-2076 MISC


2019-09-27 6.8 CVE-2019-2077 MISC


2019-09-27 6.8 CVE-2019-2078 MISC


2019-09-27 4.3 CVE-2019-2079 MISC


2019-09-27 6.8 CVE-2019-2080 MISC


2019-09-27 6.8 CVE-2019-2081 MISC


2019-09-27 6.8 CVE-2019-2082 MISC




































Source & Patch Info


2019-09-27 6.8 CVE-2019-2083 MISC


2019-09-27 6.8 CVE-2019-2084 MISC


2019-09-27 6.8 CVE-2019-2085 MISC


2019-09-27 6.8 CVE-2019-2086 MISC


2019-09-27 6.8 CVE-2019-2087 MISC


2019-09-27 4.3 CVE-2019-2138 MISC


2019-09-27 4.3 CVE-2019-2139 MISC

google -- android In libxaac, there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112705708

2019-09-27 4.3 CVE-2019-2140 MISC




































Source & Patch Info


2019-09-27 6.8 CVE-2019-2141 MISC


2019-09-27 4.3 CVE-2019-2142 MISC


2019-09-27 4.3 CVE-2019-2143 MISC


2019-09-27 4.3 CVE-2019-2144 MISC


2019-09-27 4.3 CVE-2019-2145 MISC


2019-09-27 4.3 CVE-2019-2146 MISC


2019-09-27 4.3 CVE-2019-2147 MISC


2019-09-27 4.3 CVE-2019-2148 MISC




































Source & Patch Info


2019-09-27 4.3 CVE-2019-2149 MISC


2019-09-27 4.3 CVE-2019-2150 MISC


2019-09-27 4.3 CVE-2019-2151 MISC


2019-09-27 4.3 CVE-2019-2152 MISC


2019-09-27 4.3 CVE-2019-2153 MISC


2019-09-27 4.3 CVE-2019-2154 MISC


2019-09-27 4.3 CVE-2019-2155 MISC


2019-09-27 4.3 CVE-2019-2156 MISC




































Source & Patch Info


2019-09-27 4.3 CVE-2019-2157 MISC


2019-09-27 4.3 CVE-2019-2158 MISC


2019-09-27 6.8 CVE-2019-2159 MISC

google -- android In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112715795

2019-09-27 4.3 CVE-2019-2160 MISC


2019-09-27 4.3 CVE-2019-2161 MISC

google -- android In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112713720

2019-09-27 4.3 CVE-2019-2162 MISC


2019-09-27 4.3 CVE-2019-2163 MISC


2019-09-27 4.3 CVE-2019-2164 MISC




































Source & Patch Info


2019-09-27 4.3 CVE-2019-2165 MISC

google -- android In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117661478

2019-09-27 4.3 CVE-2019-2166 MISC


2019-09-27 4.3 CVE-2019-2167 MISC


2019-09-27 4.3 CVE-2019-2168 MISC


2019-09-27 4.3 CVE-2019-2169 MISC


2019-09-27 4.3 CVE-2019-2170 MISC


2019-09-27 4.3 CVE-2019-2172 MISC

google -- android In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112309571

2019-09-27 6.9 CVE-2019-2188 MISC





























https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-2188&vector=(AV:L/AC:M/Au:N/C:C/I:C/A:C)



https://source.android.com/security/bulletin/pixel/2019-09-01




Source & Patch Info

google -- android In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112312381

2019-09-27 6.9 CVE-2019-2189 MISC

google -- android In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483

2019-09-27 5.0 CVE-2019-9232 MISC

google -- android In wpa_supplicant_8, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122529021

2019-09-27 5.0 CVE-2019-9233 MISC

google -- android In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122465453

2019-09-27 5.0 CVE-2019-9234 MISC

google -- android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121325979

2019-09-27 4.3 CVE-2019-9237 MISC

google -- android In the NFC stack, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121267042

2019-09-27 6.9 CVE-2019-9238 MISC

google -- android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121036603

2019-09-27 5.0 CVE-2019-9241 MISC

google -- android In AAC Codec, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120426166

2019-09-27 4.3 CVE-2019-9247 MISC




































Source & Patch Info


2019-09-27 5.0 CVE-2019-9250 MISC

google -- android In libavc there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73339042

2019-09-27 4.3 CVE-2019-9252 MISC

google -- android In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109769728

2019-09-27 4.9 CVE-2019-9253 MISC

google -- android In libmediaextractor there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111921829

2019-09-27 6.8 CVE-2019-9256 MISC

google -- android In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113572342

2019-09-27 4.6 CVE-2019-9257 MISC

google -- android In wifilogd, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113655028

2019-09-27 4.6 CVE-2019-9258 MISC

google -- android In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113495295

2019-09-27 5.0 CVE-2019-9260 MISC

google -- android In libxaac there is a possible out of bounds read due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116774214

2019-09-27 4.3 CVE-2019-9261 MISC









https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-9253&vector=(AV:L/AC:L/Au:N/C:C/I:N/A:N)



























Source & Patch Info

google -- android In MPEG4Extractor, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111792351

2019-09-27 6.8 CVE-2019-9262 MISC

google -- android In libxaac there is a possible out of bounds read due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116774502

2019-09-27 4.3 CVE-2019-9264 MISC

google -- android In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-37994606

2019-09-27 5.0 CVE-2019-9265 MISC

google -- android In System Settings, there is a possible permissions bypass due to a cached Linux user ID. This could lead to a local permissions bypass with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-36899497

2019-09-27 4.4 CVE-2019-9269 MISC

google -- android In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774

2019-09-27 6.8 CVE-2019-9278 MISC

google -- android In the wifi hotspot service, there is a possible denial of service due to a null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110476382

2019-09-27 5.0 CVE-2019-9279 MISC

google -- android In GoogleContactsSyncAdapter, there is a possible path traversal due to improper input sanitization. This could lead to a bypass of user interaction requirements with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-32748076

2019-09-27 5.0 CVE-2019-9281 MISC

google -- android In skia, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113211371

2019-09-27 4.3 CVE-2019-9282 MISC













https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-9269&vector=(AV:L/AC:M/Au:N/C:P/I:P/A:P)























Source & Patch Info

google -- android In AAC Codec, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112663564

2019-09-27 4.3 CVE-2019-9283 MISC

google -- android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure, with no additional privileges required. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111850706

2019-09-27 5.0 CVE-2019-9284 MISC

google -- android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111215315

2019-09-27 5.0 CVE-2019-9285 MISC


2019-09-27 5.0 CVE-2019-9286 MISC

google -- android In libhidcommand_jni, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the USB service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111363077

2019-09-27 4.6 CVE-2019-9288 MISC

google -- android In tzdata there is possible memory corruption due to a mismatch between allocation and deallocation functions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113039724

2019-09-27 4.6 CVE-2019-9290 MISC

google -- android In Bluetooth, there is a possible remote code execution due to an improper memory allocation. This could lead to remote code execution in Bluetooth with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112159179

2019-09-27 6.8 CVE-2019-9291 MISC

google -- android In libstagefright, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117661116

2019-09-27 4.3 CVE-2019-9293 MISC




































Source & Patch Info

google -- android In libstagefright, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111764444

2019-09-27 4.3 CVE-2019-9294 MISC

google -- android In com.android.apps.tag, there is a possible bypass of user interaction requirements due to a missing permission check. This could lead to a to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-36885811

2019-09-27 4.6 CVE-2019-9295 MISC

google -- android In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112890242

2019-09-27 6.8 CVE-2019-9297 MISC


2019-09-27 6.8 CVE-2019-9298 MISC


2019-09-27 6.8 CVE-2019-9299 MISC


2019-09-27 6.8 CVE-2019-9300 MISC


2019-09-27 6.8 CVE-2019-9302 MISC

google -- android In libFDK, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661057

2019-09-27 6.8 CVE-2019-9303 MISC




































Source & Patch Info

google -- android In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112662270

2019-09-27 6.8 CVE-2019-9304 MISC


2019-09-27 6.8 CVE-2019-9305 MISC

google -- android In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661348

2019-09-27 6.8 CVE-2019-9306 MISC


2019-09-27 6.8 CVE-2019-9307 MISC


2019-09-27 6.8 CVE-2019-9308 MISC

google -- android In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to a to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117985575

2019-09-27 4.4 CVE-2019-9309 MISC

google -- android In libFDK, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112891546

2019-09-27 6.8 CVE-2019-9310 MISC

google -- android In Bluetooth, there is a possible crash due to an integer overflow. This could lead to remote denial of service on incoming calls with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79431031

2019-09-27 5.0 CVE-2019-9311 MISC




































Source & Patch Info

google -- android In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112005441

2019-09-27 4.3 CVE-2019-9313 MISC

google -- android In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112329563

2019-09-27 4.3 CVE-2019-9314 MISC

google -- android In libhevc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112326216

2019-09-27 4.3 CVE-2019-9315 MISC


2019-09-27 4.3 CVE-2019-9316 MISC


2019-09-27 4.3 CVE-2019-9317 MISC

google -- android In libhevc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111764725

2019-09-27 4.3 CVE-2019-9318 MISC


2019-09-27 4.3 CVE-2019-9319 MISC


2019-09-27 4.3 CVE-2019-9320 MISC




































Source & Patch Info


2019-09-27 4.3 CVE-2019-9321 MISC

google -- android In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111128067

2019-09-27 4.3 CVE-2019-9322 MISC

google -- android In the Wallpaper Manager service, there is a possible information disclosure due to a missing permission check. Any application can access wallpaper image with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-30770233

2019-09-27 5.0 CVE-2019-9323 MISC

google -- android In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302

2019-09-27 4.3 CVE-2019-9325 MISC


2019-09-27 5.0 CVE-2019-9326 MISC


2019-09-27 5.0 CVE-2019-9327 MISC

google -- android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure, with no additional privileges required. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111895000

2019-09-27 5.0 CVE-2019-9328 MISC

google -- android In Bluetooth, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure, with no additional privileges required. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112917952

2019-09-27 5.0 CVE-2019-9329 MISC




































Source & Patch Info


2019-09-27 5.0 CVE-2019-9330 MISC


2019-09-27 5.0 CVE-2019-9331 MISC


2019-09-27 5.0 CVE-2019-9332 MISC


2019-09-27 5.0 CVE-2019-9333 MISC

google -- android In libhevc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112859934

2019-09-27 4.3 CVE-2019-9334 MISC


2019-09-27 4.3 CVE-2019-9335 MISC


2019-09-27 4.3 CVE-2019-9336 MISC


2019-09-27 4.3 CVE-2019-9337 MISC




































Source & Patch Info


2019-09-27 4.3 CVE-2019-9338 MISC


2019-09-27 5.0 CVE-2019-9341 MISC


2019-09-27 5.0 CVE-2019-9342 MISC


2019-09-27 5.0 CVE-2019-9343 MISC

google -- android In libstagefright, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128433933

2019-09-27 6.8 CVE-2019-9346 MISC

google -- android In Keymaster, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129562815

2019-09-27 4.6 CVE-2019-9350 MISC

google -- android In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124253062

2019-09-27 4.3 CVE-2019-9352 MISC

google -- android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-123024201

2019-09-27 4.3 CVE-2019-9353 MISC




































Source & Patch Info

google -- android In NFC server, there's a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118148142

2019-09-27 4.3 CVE-2019-9354 MISC


2019-09-27 5.0 CVE-2019-9355 MISC


2019-09-27 6.8 CVE-2019-9357 MISC

google -- android In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to a to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120156401

2019-09-27 4.4 CVE-2019-9358 MISC


2019-09-27 4.3 CVE-2019-9359 MISC

google -- android In the TEE, there's a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120610663

2019-09-27 4.9 CVE-2019-9360 MISC


2019-09-27 4.3 CVE-2019-9361 MISC

google -- android In libSACdec, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120426980

2019-09-27 4.3 CVE-2019-9362 MISC





















https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-9360&vector=(AV:L/AC:L/Au:N/C:C/I:N/A:N)















Source & Patch Info

google -- android In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-123584306

2019-09-27 6.8 CVE-2019-9363 MISC

google -- android In libSBRdec there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112052062

2019-09-27 4.3 CVE-2019-9366 MISC


2019-09-27 5.0 CVE-2019-9367 MISC

google -- android In sonivox, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-133880046

2019-09-27 4.3 CVE-2019-9370 MISC

google -- android In CompanionDeviceManager, there is a possible bypass of user interaction requirements due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129476618

2019-09-27 4.6 CVE-2019-9374 MISC

google -- android In hostapd, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129344244

2019-09-27 6.9 CVE-2019-9375 MISC

google -- android In the Accounts package, there is a possible crash due to improper input validation. This could lead to permanent local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129287265

2019-09-27 4.9 CVE-2019-9376 MISC

google -- android In the Activity Manager service, there is a possible permission bypass due to incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124539196

2019-09-27 4.6 CVE-2019-9378 MISC

























https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-9376&vector=(AV:L/AC:L/Au:N/C:N/I:N/A:C)











Source & Patch Info

google -- android In the settings UI, there is a possible spoofing vulnerability due to a missing permission check. This could lead to a user mistakenly changing permission settings with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-123700098

2019-09-27 4.3 CVE-2019-9380 MISC

google -- android In netd, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122677612

2019-09-27 5.0 CVE-2019-9381 MISC

google -- android In libeffects, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120874654

2019-09-27 6.8 CVE-2019-9382 MISC

google -- android In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120452956

2019-09-27 4.3 CVE-2019-9385 MISC

google -- android In NFC server, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122361874

2019-09-27 6.9 CVE-2019-9386 MISC


2019-09-27 5.0 CVE-2019-9387 MISC

google -- android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117567437

2019-09-27 5.0 CVE-2019-9388 MISC


2019-09-27 5.0 CVE-2019-9389 MISC




































Source & Patch Info


2019-09-27 5.0 CVE-2019-9390 MISC

google -- android In libxaac, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111050781

2019-09-27 4.3 CVE-2019-9391 MISC

google -- android In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116357965

2019-09-27 5.0 CVE-2019-9393 MISC


2019-09-27 5.0 CVE-2019-9394 MISC


2019-09-27 5.0 CVE-2019-9395 MISC


2019-09-27 5.0 CVE-2019-9396 MISC


2019-09-27 5.0 CVE-2019-9397 MISC


2019-09-27 5.0 CVE-2019-9398 MISC




































Source & Patch Info

google -- android The Print Service is susceptible to man in the middle attacks due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115635664

2019-09-27 4.3 CVE-2019-9399 MISC

google -- android In Bluetooth, there is a possible null pointer dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115509589

2019-09-27 5.0 CVE-2019-9400 MISC


2019-09-27 5.0 CVE-2019-9401 MISC


2019-09-27 5.0 CVE-2019-9402 MISC

google -- android In cn-cbor, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113512324

2019-09-27 4.3 CVE-2019-9403 MISC


2019-09-27 5.0 CVE-2019-9404 MISC


2019-09-27 6.8 CVE-2019-9405 MISC


2019-09-27 4.3 CVE-2019-9406 MISC




































Source & Patch Info

google -- android In notification management of the service manager, there is a possible permissions bypass. This could lead to local escalation of privilege by preventing user notification, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112434609

2019-09-27 4.6 CVE-2019-9407 MISC


2019-09-27 4.3 CVE-2019-9408 MISC


2019-09-27 4.3 CVE-2019-9409 MISC


2019-09-27 4.3 CVE-2019-9410 MISC


2019-09-27 4.3 CVE-2019-9411 MISC

google -- android In libSBRdec there is a possible out of bounds read due to incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112006096

2019-09-27 4.3 CVE-2019-9412 MISC


2019-09-27 5.0 CVE-2019-9413 MISC

google -- android In wpa_supplicant, there is a possible man in the middle vulnerability due to improper input validation of the basicConstraints field of intermediary certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111893041

2019-09-27 4.3 CVE-2019-9414 MISC




































Source & Patch Info

google -- android In libstagefright there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111805098

2019-09-27 4.3 CVE-2019-9415 MISC

google -- android In libstagefright there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111804142

2019-09-27 4.3 CVE-2019-9416 MISC


2019-09-27 5.0 CVE-2019-9419 MISC

google -- android In libhevc, there is a possible out of bounds read due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111272481

2019-09-27 4.3 CVE-2019-9420 MISC


2019-09-27 5.0 CVE-2019-9422 MISC

google -- android In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616

2019-09-27 4.6 CVE-2019-9423 MISC

google -- android In the Screen Lock, there is a possible information disclosure due to an unusual root cause. In certain circumstances, the setting to hide the unlock pattern can be ignored. Product: AndroidVersions: Android-10Android ID: A-110941092

2019-09-27 4.3 CVE-2019-9424 MISC


2019-09-27 5.0 CVE-2019-9425 MISC




































Source & Patch Info

google -- android In the Framework, it is possible to set up BROWSEABLE intents to take over certain URLs. This could lead to remote information disclosure of sensitive URLs with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110150807

2019-09-27 4.3 CVE-2019-9428 MISC

google -- android In profman, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110035108

2019-09-27 4.6 CVE-2019-9429 MISC

google -- android In Bluetooth, there is a possible null pointer dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109838296

2019-09-27 5.0 CVE-2019-9430 MISC

google -- android In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with heap information written to the log with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109755179

2019-09-27 4.0 CVE-2019-9431 MISC

google -- android In Bluetooth, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80546108

2019-09-27 5.0 CVE-2019-9432 MISC

google -- android In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354

2019-09-27 4.3 CVE-2019-9433 MISC

google -- android In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with heap information written to the log with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80432895

2019-09-27 4.0 CVE-2019-9434 MISC

google -- android In mediaserver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-62535446

2019-09-27 4.6 CVE-2019-9460 MISC




































Source & Patch Info

google -- android In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-91544774

2019-09-27 5.0 CVE-2019-9462 MISC

google -- android In Platform, there is a possible bypass of user interaction requirements due to background app interception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113584607

2019-09-27 4.4 CVE-2019-9463 MISC

ibm -- daeja_viewone IBM Daeja ViewONE Virtual 5.0 through 5.0.6 could expose internal parameters to ViewONE clients that could be used in further attacks against the system. IBM X-Force ID: 159521.

2019-10-01 5.0 CVE-2019-4246 XF CONFIRM

ibm -- security_directory_server

IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178.

2019-10-02 5.0 CVE-2019-4520 XF CONFIRM


IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 165660.

2019-10-02 5.8 CVE-2019-4538 XF CONFIRM


IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812.

2019-10-02 5.5 CVE-2019-4539 XF CONFIRM


IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 165815.

2019-10-02 4.3 CVE-2019-4542 XF CONFIRM


IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951.

2019-10-02 5.0 CVE-2019-4549 XF CONFIRM












https://exchange.xforce.ibmcloud.com/vulnerabilities/159521

https://www.ibm.com/support/pages/node/884380






https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-4538&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N)





https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-4539&vector=(AV:N/AC:L/Au:S/C:N/I:P/A:P)


















Source & Patch Info

ibm -- security_guardium IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could allow an authenticated user to change the accessmgr password. IBM X-Force ID: 162768.

2019-10-03 6.5 CVE-2019-4422 XF CONFIRM

ibm -- sterling_file_gateway

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503.

2019-09-30 5.0 CVE-2019-4280 XF CONFIRM

ibm -- sterling_file_gateway

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162769.

2019-09-30 5.0 CVE-2019-4423 XF CONFIRM

ibm -- websphere_application_server

IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950.

2019-09-30 6.5 CVE-2019-4304 XF CONFIRM


IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951.

2019-09-30 5.0 CVE-2019-4305 XF CONFIRM


IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177.

2019-10-03 5.0 CVE-2019-4441 XF CONFIRM

ibm -- websphere_extreme_scale

IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 158102.

2019-09-30 5.8 CVE-2019-4109 XF CONFIRM

jenkins -- ldap_email Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

2019-10-01 5.0 CVE-2019-10434 MLIST CONFIRM

jenkins -- sourcegear_vault

Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.






https://supportcontent.ibm.com/support/pages/node/957491


































http://www.openwall.com/lists/oss-security/2019/10/01/2

https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1515





https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1524




Source & Patch Info

jetbrains -- teamcity An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1.

2019-10-02 4.3 CVE-2019-15037 CONFIRM

jetbrains -- teamcity An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2018.2.5 and 2019.1.

2019-10-01 6.8 CVE-2019-15039 CONFIRM

jetbrains -- youtrack JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles.

2019-10-01 4.3 CVE-2019-14952 CONFIRM

jetbrains -- youtrack JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser.

2019-10-01 4.3 CVE-2019-14953 MISC

jetbrains -- youtrack JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.

2019-10-02 4.0 CVE-2019-14956 CONFIRM

jetbrains -- youtrack JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page.

2019-10-02 6.8 CVE-2019-15040 MISC

jetbrains -- youtrack In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page.

2019-10-02 4.3 CVE-2019-16171 MISC

libreoffice -- libreoffice LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in the possibility to construct a document where macro execution bypassed the security settings. The documents were correctly detected as containing macros, and prompted the user to their existence within the documents, but macros within the document were subsequently not controlled by the security settings allowing arbitrary macro execution This issue affects: LibreOffice 6.2 series versions prior to 6.2.7; LibreOffice 6.3 series versions prior to 6.3.1.


metinfo -- metinfo In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.

2019-09-30 6.5 CVE-2019-16996 MISC
































https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html

https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9853/




https://github.com/XiaOkuoAi/XiaOkuoAi.github.io/issues/1




Source & Patch Info

metinfo -- metinfo In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.

2019-09-30 6.5 CVE-2019-16997 MISC

mozilla -- firefox When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. This vulnerability affects Firefox < 68.0.2 and Firefox ESR < 68.0.2.

2019-09-27 5.0 CVE-2019-11733 SUSE SUSE MISC CONFIRM

mozilla -- firefox The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during checks for junctions and symbolic links by the Maintenance Service, allowing for potential local file and directory manipulation to be undetected in some circumstances. This allows for potential privilege escalation by a user with unprivileged local access. <br>*Note: These attacks requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.

2019-09-27 4.4 CVE-2019-11736 SUSE SUSE MISC MISC CONFIRM CONFIRM

mozilla -- firefox If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox < 69.

2019-09-27 5.0 CVE-2019-11737 MISC CONFIRM

mozilla -- firefox If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.

2019-09-27 6.8 CVE-2019-11738 SUSE SUSE MISC CONFIRM CONFIRM

mozilla -- firefox A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these sites within the browser can potentially be used to modify a user's Firefox configuration. These two sites will now be isolated into their own process and not allowed to be loaded in a standard content process. This vulnerability affects Firefox < 69.

2019-09-27 4.3 CVE-2019-11741 MISC CONFIRM




https://github.com/XiaOkuoAi/XiaOkuoAi.github.io/issues/2






































Source & Patch Info

mozilla -- firefox A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.

2019-09-27 4.3 CVE-2019-11742 SUSE SUSE SUSE SUSE MISC CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM

mozilla -- firefox Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.

2019-09-27 4.3 CVE-2019-11743 SUSE SUSE SUSE SUSE MISC MISC CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM

mozilla -- firefox Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.


mozilla -- firefox A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.























https://w3c.github.io/navigation-timing



































Source & Patch Info

mozilla -- firefox The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security (HSTS) settings received from sites that use it. Due to a bug, sites on the pre-load list also have their HSTS setting removed. On the next visit to that site if the user specifies an http: URL rather than secure https: they will not be protected by the pre-loaded HSTS setting. After that visit the site's HSTS setting will be restored. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.


mozilla -- firefox WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.


mozilla -- firefox A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.


mozilla -- firefox A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.


mozilla -- firefox Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. <br>*Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.


mozilla -- firefox The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This

2019-09-27 4.6 CVE-2019-11753 SUSE SUSE MISC CONFIRM CONFIRM CONFIRM





















































Source & Patch Info

allows for privilege escalation if the executable has been replaced locally. <br>*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69, Firefox ESR < 60.9, and Firefox ESR < 68.1.

mozilla -- firefox When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users. This vulnerability affects Firefox < 69.0.1.

2019-09-27 4.3 CVE-2019-11754 MISC CONFIRM

mozilla -- thunderbird Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 68.1 and Thunderbird < 60.9.


mozilla -- thunderbird A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message. Previous versions had only suppressed showing a digital signature for messages with an outer multipart/signed layer. This vulnerability affects Thunderbird < 68.1.1.

2019-09-27 5.0 CVE-2019-11755 SUSE SUSE MISC CONFIRM

netdisco -- netdisco Insufficient sanitization during device search in Netdisco 2.042010 allows for reflected XSS via manipulation of a URL parameter.

2019-09-30 4.3 CVE-2019-15810 MISC MISC

netgear -- srx5308_firmware

NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account.

2019-09-30 5.0 CVE-2019-17049 MISC

nsa -- ghidra NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java. An attack could start with an XML document that was originally created by DumpFunctionPatternInfoScript but then directly modified by an attacker (for example, to make a java.lang.Runtime.exec call).

2019-09-28 6.8 CVE-2019-16941 MISC MISC MISC MISC MISC MISC

online_store_system_project -- online_store_system

Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed

2019-10-01 4.3 CVE-2019-8290 MLIST
























https://github.com/netdisco/netdisco/commit/deb9b62c7f839f5e41aa4d620bcdac5f9321a8a3

https://github.com/netdisco/netdisco/commits/master




https://community.netgear.com/t5/Hardware-VPN-Firewalls-and/Successful-hack-of-our-SRX5308/m-p/1805846




https://github.com/NationalSecurityAgency/ghidra/blob/79d8f164f8bb8b15cfb60c5d4faeb8e1c25d15ca/Ghidra/Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java#L187-L188

https://github.com/NationalSecurityAgency/ghidra/commit/a17728f8c12effa171b17a25ccfb7e7d9528c5d0

https://github.com/NationalSecurityAgency/ghidra/issues/1090

https://github.com/purpleracc00n/CVE-2019-16941

https://twitter.com/NSAGov/status/1178812792159248385

https://www.symantec.com/security-center/vulnerabilities/writeup/110223?om_rssid=sr-advisories








Source & Patch Info

by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected.

MISC MISC

phpbb -- phpbb In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them.

2019-09-30 6.8 CVE-2019-16993 MISC MLIST MISC MISC

python -- python The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.



Use after free issue occurs If another instance of open for voice_svc node has been called from application without closing the previous one. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

2019-09-30 4.6 CVE-2019-10497 CONFIRM


Buffer overflow scenario if the client sends more than 5 io_vec requests to the server in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

2019-09-30 4.6 CVE-2019-10498 CONFIRM


Possible use after free issue due to improper input validation in volume listener library in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD

2019-09-30 4.6 CVE-2019-10501 CONFIRM

http://www.vapidlabs.com/advisory.php?v=210

https://www.abcprintf.com/view_download.php?id=17




https://github.com/phpbb/phpbb/commit/18abef716ecf42a35416444f3f84f5459d573789

https://lists.debian.org/debian-lts-announce/2019/09/msg00036.html

https://www.phpbb.com/community/viewtopic.php?t=2352606

https://www.phpbb.com/support/documents.php?mode=changelog&version=3#v317




https://bugs.python.org/issue38243

https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897

https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213

https://github.com/python/cpython/pull/16373
















Source & Patch Info

820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24


Lack of check of extscan change results received from firmware can lead to an out of buffer read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 210/SD 212/SD 205, SD 425, SD 430, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24

2019-09-30 4.6 CVE-2019-10507 CONFIRM


Lack of input validation for data received from user space can lead to OOB access in WLAN in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820A, SDX20

2019-09-30 4.6 CVE-2019-10508 CONFIRM


Buffer overflow due to improper validation of buffer size while IPA driver processing to perform read operation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

2019-09-30 4.6 CVE-2019-2333 CONFIRM


Buffer overflow when the audio buffer size provided by user is larger than the maximum allowable audio buffer size. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

2019-09-30 4.6 CVE-2019-2341 CONFIRM




















Source & Patch Info


While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor command, driver does not validate the data obtained from the user space which could be invalid and thus leads to an undesired behaviour in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24

2019-09-30 4.6 CVE-2019-10506 CONFIRM


Possible use-after-free issue due to a race condition while calling camera ioctl concurrently in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDX24

2019-09-30 4.4 CVE-2019-2284 CONFIRM

salesagility -- suitecrm SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS. 2019-09-30 4.3 CVE-2019-14752 CONFIRM CONFIRM

salesagility -- suitecrm SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files.

2019-09-27 5.0 CVE-2019-16922 MISC

tcpdump -- tcpdump The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.

2019-10-03 5.0 CVE-2018-16452 MISC CONFIRM

thecontrolgroup -- voyager

An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production environment.

2019-09-30 6.5 CVE-2019-17050 MISC

themeisle -- visualizer A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.

2019-09-30 5.8 CVE-2019-16932 MISC MISC MISC

whatsapp -- whatsapp An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images.

2019-09-27 6.8 CVE-2019-11927 CONFIRM






















https://github.com/the-tcpdump-group/tcpdump/commit/24182d959f661327525a20d9a94c98a8ec016778




https://github.com/the-control-group/voyager/issues/4322




https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf

https://wordpress.org/plugins/visualizer/#developers

https://wpvulndb.com/vulnerabilities/9892




https://www.facebook.com/security/advisories/cve-2019-11927




Source & Patch Info

This issue affects WhatsApp for Android before version 2.19.143 and WhatsApp for iOS before version 2.19.100.

z.cash -- zcash Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a full node that owns a shielded address, related to mishandling of exceptions during deserialization of note plaintexts. This affects anyone who has disclosed their zaddr to a third party.





http://duke.leto.net/2019/10/01/zcash-metadata-leakage-cve-2019-16930.html

https://github.com/zcash/zcash/commit/c1fbf8ab5d73cff5e1f45236995857c75ba4128d

https://github.com/zcash/zcash/releases/tag/v2.0.7-3

https://z.cash/support/security/announcements/security-announcement-2019-09-24/

Low Vulnerabilities



Source & Patch Info


Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users access the page through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.

2019-09-27

3.5


dolibarr -- dolibarr

Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.

2019-09-27

3.5

CVE-2019-16685 MISC

dolibarr -- dolibarr Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.

2019-09-27

3.5

CVE-2019-16686 MISC


Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.

2019-09-27

3.5

CVE-2019-16687 MISC


Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.)

2019-09-27

3.5

CVE-2019-16688 MISC

google -- android

In WiFi, the RSSI value and SSID information is broadcast as part of android.net.wifi.RSSI_CHANGE and android.net.wifi.STATE_CHANGE intents. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111698366

2019-09-27

2.1

CVE-2018-9581 MISC

google -- android

In LG's LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check. This could lead to local information disclosure via USB with

2019-09-27

2.1

CVE-2019-2190 MISC

https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-3747&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)









http://verneet.com/cve-2019-16685/





http://verneet.com/cve-2019-16686











https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-9581&vector=(AV:L/AC:L/Au:N/C:P/I:N/A:N)










Low Vulnerabilities



Source & Patch Info

User execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-68771598

google -- android

In LG's LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check. This could lead to local information disclosure via USB with User execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-68770980

2019-09-27

2.1

CVE-2019-2191 MISC

google -- android

In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122323053

2019-09-27

1.9

CVE-2019-9235 MISC

google -- android


2019-09-27

1.9

CVE-2019-9236 MISC

google -- android


2019-09-27

1.9

CVE-2019-9239 MISC






https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-9235&vector=(AV:L/AC:M/Au:N/C:P/I:N/A:N)















Documents

BULLETIN (SB19-280) VULNERABILITY SUMMARY FOR THE … · jetbrains -- teamcity An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute