The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2019-15817 | The easy-property-listings plugin before 3.4 for WordPress has XSS. | -- | Aug 30, 2019 |
CVE-2019-15816 | The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. | MEDIUM | Sep 5, 2019 |
CVE-2019-15815 | ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges. | MEDIUM | Nov 12, 2019 |
CVE-2019-15814 | Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML. | LOW | Sep 4, 2019 |
CVE-2019-15813 | Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell. | MEDIUM | Sep 4, 2019 |
CVE-2019-15811 | In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS. | -- | Aug 29, 2019 |
CVE-2019-15810 | Insufficient sanitization during device search in Netdisco 2.042010 allows for reflected XSS via manipulation of a URL parameter. | MEDIUM | Oct 2, 2019 |
CVE-2019-15809 | Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because the Atmel Toolbox 00.03.11.05 contains two versions of ECDSA signature functions, described as fast and secure, but the affected cards chose to use the fast version, which leaks the bit length of the random nonce via timing. This affects Athena IDProtect 010b.0352.0005, Athena IDProtect 010e.1245.0002, Athena IDProtect 0106.0130.0401, Athena IDProtect 010e.1245.0002, Valid S/A IDflex V 010b.0352.0005, SafeNet eToken 4300 010e.1245.0002, TecSec Armored Card 010e.0264.0001, and TecSec Armored Card 108.0264.0001. | LOW | Oct 3, 2019 |
CVE-2019-15807 | In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. | HIGH | Aug 29, 2019 |
CVE-2019-15806 | CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basic_sett.html. Any user connected to the Wi-Fi can exploit this. | -- | Aug 29, 2019 |
CVE-2019-15805 | CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this. | HIGH | Sep 5, 2019 |
CVE-2019-15804 | An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains Password recovery for specific user options. The menu is believed to be accessible using a serial console. | MEDIUM | Nov 14, 2019 |
CVE-2019-15803 | An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips. | MEDIUM | Nov 14, 2019 |
CVE-2019-15802 | An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware. | MEDIUM | Nov 14, 2019 |
CVE-2019-15801 | An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0. | MEDIUM | Nov 14, 2019 |
CVE-2019-15800 | An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.) | HIGH | Nov 14, 2019 |
CVE-2019-15799 | An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained. | HIGH | Nov 14, 2019 |
CVE-2019-15796 | Python-apt doesn\'t check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn\'t be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5. | LOW | Mar 26, 2020 |
CVE-2019-15795 | python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5. | LOW | Mar 26, 2020 |
CVE-2019-15794 | Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow. | HIGH | Apr 24, 2020 |
CVE-2019-15793 | In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions. | MEDIUM | Apr 24, 2020 |
CVE-2019-15792 | In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a struct shiftfs_file_info *. As the private_data is not required to be a pointer, an attacker can use this to cause a denial of service or possibly execute arbitrary code. | MEDIUM | Apr 24, 2020 |
CVE-2019-15791 | In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed, which then puts a reference to that file, leading to a refcount underflow. | MEDIUM | Apr 24, 2020 |
CVE-2019-15790 | Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3. | LOW | Apr 28, 2020 |
CVE-2019-15789 | Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to the host by provisioning a privileged container. Fixed in MicroK8s 1.15.3. | HIGH | Apr 9, 2020 |
CVE-2019-15788 | Clara Genomics Analysis before 0.2.0 has an integer overflow for cudapoa memory management in allocate_block.cpp. | -- | Aug 29, 2019 |
CVE-2019-15787 | libZetta.rs through 0.1.2 has an integer overflow in the zpool parser (for error stats) that leads to a panic. | HIGH | Sep 4, 2019 |
CVE-2019-15786 | ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large rxpacket. | -- | Aug 29, 2019 |
CVE-2019-15785 | FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c. | HIGH | Aug 29, 2019 |
CVE-2019-15784 | Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array overflow if there are many SRT connections. | HIGH | Sep 7, 2019 |
CVE-2019-15783 | Lute-Tab before2019-08-23 has a buffer overflow in pdf_print.cc. | -- | Aug 29, 2019 |
CVE-2019-15782 | WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name. | -- | Aug 29, 2019 |
CVE-2019-15781 | The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF. | MEDIUM | Aug 30, 2019 |
CVE-2019-15780 | The formidable plugin before 4.02.01 for WordPress has unsafe deserialization. | -- | Aug 29, 2019 |
CVE-2019-15779 | The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete. | -- | Aug 29, 2019 |
CVE-2019-15778 | The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS. | -- | Aug 29, 2019 |
CVE-2019-15777 | The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS. | -- | Aug 29, 2019 |
CVE-2019-15776 | The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file. | MEDIUM | Sep 4, 2019 |
CVE-2019-15775 | The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | MEDIUM | Sep 4, 2019 |
CVE-2019-15774 | The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | MEDIUM | Sep 4, 2019 |
CVE-2019-15773 | The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | MEDIUM | Sep 4, 2019 |
CVE-2019-15772 | The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | MEDIUM | Sep 4, 2019 |
CVE-2019-15771 | The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | MEDIUM | Sep 4, 2019 |
CVE-2019-15770 | The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks. | MEDIUM | Sep 4, 2019 |
CVE-2019-15769 | The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option. | -- | Aug 29, 2019 |
CVE-2019-15767 | In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file. | -- | Aug 29, 2019 |
CVE-2019-15766 | The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to (and the config_text parameter set to the content of the file to be created). This can be a PHP file that is written to in the public web directory and subsequently executed. The attacker must have network connectivity to the PHP server that is running on the Android device. | MEDIUM | Oct 9, 2019 |
CVE-2019-15759 | An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js. | MEDIUM | Aug 29, 2019 |
CVE-2019-15758 | An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js. | -- | Aug 29, 2019 |
CVE-2019-15757 | libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG parser in parser.c. | -- | Aug 29, 2019 |