<!DOCTYPE html>
<html><head>
    <meta charset="UTF-8">
</head><body><p style="font-size: 14pt; font-family: "times new roman", times; color: rgb(0, 0, 0);"><br></p><blockquote type="cite">Vulnerability Summary for the Week of August 12, 2019 ---------- Original Message ---------- <br>From: US-CERT <US-CERT@ncas.us-cert.gov> <br>To: w3hwn@arrl.net <br>Date: August 19, 2019 at 3:10 PM <br>Subject: Vulnerability Summary for the Week of August 12, 2019 <br> <br><table width="700" border="0" cellspacing="0" cellpadding="0" align="center" style="border-collapse: collapse;" class="mce-item-table"><tbody><tr><td style="padding: 0px;"><a id="ox-25eb77d27b-gd_top" name="gd_top" class="mce-item-anchor"></a><p><img src="https://content.govdelivery.com/attachments/fancy_images/USDHSUSCERT/2019/02/2396006/cisa-logo_original.png" alt="Cybersecurity and Infrastructure Security Agency Logo" width="254" height="103" style="width: 254px; height: 103px;"></p><p>National Cyber Awareness System:</p><p> </p><div class="ox-25eb77d27b-rss_item" style="margin-bottom: 2em;"><div class="ox-25eb77d27b-rss_title" style="font-weight: bold; font-size: 120%; margin: 0 0 0.3em; padding: 0;"><a href="https://www.us-cert.gov/ncas/bulletins/sb19-231">Vulnerability Summary for the Week of August 12, 2019</a></div><div class="ox-25eb77d27b-rss_pub_date" style="font-size: 90%; font-style: italic; color: #666666; margin: 0 0 0.3em; padding: 0;">08/19/2019 06:21 AM EDT</div><br><div class="ox-25eb77d27b-rss_description" style="margin: 0 0 0.3em; padding: 0;">Original release date: August 19, 2019 <br><p> </p><p>The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST <a href="https://nvd.nist.gov/vuln/search">NVD</a>. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available</p><p><a name="high" class="mce-item-anchor"></a></p><h2 id="ox-25eb77d27b-high_v_title"><a name="high" class="mce-item-anchor"></a>High Vulnerabilities</h2><table border="1" summary="High Vulnerabilities" align="center"><thead><tr><th class="ox-25eb77d27b-vendor-product" style="width: 24%;" scope="col">Primary<br>Vendor -- Product</th><th style="width: 44%;" scope="col">Description</th><th style="width: 8%;" scope="col">Published</th><th style="width: 4%;" scope="col">CVSS Score</th><th style="width: 10%;" scope="col">Source & Patch Info</th></tr></thead><tbody><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">foliovision -- fv_flowplayer_video_player</td><td style="text-align: left;" align="left">The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14801&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14801" target="_blank" rel="noopener">CVE-2019-14801</a><br><a href="https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">frappe -- frappe</td><td style="text-align: left;" align="left">An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. A server side template injection (SSTI) issue exists.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14965&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14965" target="_blank" rel="noopener">CVE-2019-14965</a><br><a href="https://github.com/frappe/frappe/compare/v12.0.3...v12.0.4" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/frappe/frappe/pull/8044" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/frappe/frappe/pull/8045" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/frappe/frappe/pull/8046" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/frappe/frappe/pull/8047" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/frappe/frappe/releases/tag/v12.0.4" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">hashicorp -- nomad</td><td style="text-align: left;" align="left">HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-12618&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12618" target="_blank" rel="noopener">CVE-2019-12618</a><br><a href="https://github.com/hashicorp/nomad/issues/5783" target="_blank" rel="noopener">MISC</a><br><a href="https://www.hashicorp.com/blog/category/nomad" target="_blank" rel="noopener">MISC</a><br><a href="https://www.hashicorp.com/blog/hashicorp-nomad-0-9-2" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">hp -- 3par_storeserv_management_console</td><td style="text-align: left;" align="left">A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-5402&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5402" target="_blank" rel="noopener">CVE-2019-5402</a><br><a href="https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03946en_us" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">hp -- 3par_storeserv_management_console</td><td style="text-align: left;" align="left">A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-5404&vector=(AV:N/AC:L/Au:S/C:C/I:C/A:P)" target="_blank" rel="noopener">8.7</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5404" target="_blank" rel="noopener">CVE-2019-5404</a><br><a href="https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03946en_us" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">hp -- 3par_storeserv_management_console</td><td style="text-align: left;" align="left">A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-5406&vector=(AV:N/AC:L/Au:S/C:C/I:C/A:C)" target="_blank" rel="noopener">9.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5406" target="_blank" rel="noopener">CVE-2019-5406</a><br><a href="https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03946en_us" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">imagely -- nextgen_gallery</td><td style="text-align: left;" align="left">The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10889&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10889" target="_blank" rel="noopener">CVE-2016-10889</a><br><a href="https://wordpress.org/plugins/nextgen-gallery/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- office</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1152.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-1151&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1151" target="_blank" rel="noopener">CVE-2019-1151</a><br><a href="http://packetstormsecurity.com/files/154092/Microsoft-Font-Subsetting-DLL-ReadAllocFormat12CharGlyphMapList-Heap-Corruption.html" target="_blank" rel="noopener">MISC</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1151" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- windows_10</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-1144&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1144" target="_blank" rel="noopener">CVE-2019-1144</a><br><a href="http://packetstormsecurity.com/files/154085/Microsoft-Font-Subsetting-DLL-MergeFormat12Cmap-MakeFormat12MergedGlyphList-Double-Free.html" target="_blank" rel="noopener">MISC</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1144" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- windows_10</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1151, CVE-2019-1152.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-1150&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1150" target="_blank" rel="noopener">CVE-2019-1150</a><br><a href="http://packetstormsecurity.com/files/154087/Microsoft-Font-Subsetting-DLL-ReadTableIntoStructure-Heap-Corruption.html" target="_blank" rel="noopener">MISC</a><br><a href="http://packetstormsecurity.com/files/154093/Microsoft-Font-Subsetting-DLL-WriteTableFromStructure-Out-Of-Bounds-Read.html" target="_blank" rel="noopener">MISC</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1150" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- windows_10</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-1152&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank" rel="noopener">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1152" target="_blank" rel="noopener">CVE-2019-1152</a><br><a href="http://packetstormsecurity.com/files/154096/Microsoft-Font-Subsetting-DLL-MakeFormat12MergedGlyphList-Heap-Corruption.html" target="_blank" rel="noopener">MISC</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1152" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">newstatpress_project -- newstatpress</td><td style="text-align: left;" align="left">The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9313&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9313" target="_blank" rel="noopener">CVE-2015-9313</a><br><a href="https://wordpress.org/plugins/newstatpress/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">newstatpress_project -- newstatpress</td><td style="text-align: left;" align="left">The newstatpress plugin before 1.0.1 for WordPress has SQL injection.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9315&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9315" target="_blank" rel="noopener">CVE-2015-9315</a><br><a href="https://wordpress.org/plugins/newstatpress/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">txjia -- imcat</td><td style="text-align: left;" align="left">An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14968&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14968" target="_blank" rel="noopener">CVE-2019-14968</a><br><a href="https://github.com/peacexie/imcat/issues/2" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">veronalabs -- wp_statistics</td><td style="text-align: left;" align="left">The wp-statistics plugin before 12.0.8 for WordPress has SQL injection.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-18515&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18515" target="_blank" rel="noopener">CVE-2017-18515</a><br><a href="https://wordpress.org/plugins/wp-statistics/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wp-events-plugin -- events_manager</td><td style="text-align: left;" align="left">The events-manager plugin before 5.6 for WordPress has code injection.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9298&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9298" target="_blank" rel="noopener">CVE-2015-9298</a><br><a href="https://wordpress.org/plugins/events-manager/#developers" target="_blank" rel="noopener">MISC</a></td></tr></tbody></table><a href="https://www.us-cert.gov#top">Back to top</a><p><a name="medium" class="mce-item-anchor"></a> </p><h2 id="ox-25eb77d27b-medium_v_title">Medium Vulnerabilities</h2><table border="1" summary="Medium Vulnerabilities" align="center"><thead><tr><th class="ox-25eb77d27b-vendor-product" style="width: 24%;" scope="col">Primary<br>Vendor -- Product</th><th style="width: 44%;" scope="col">Description</th><th style="width: 8%;" scope="col">Published</th><th style="width: 4%;" scope="col">CVSS Score</th><th style="width: 10%;" scope="col">Source & Patch Info</th></tr></thead><tbody><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">10web -- photo_gallery</td><td style="text-align: left;" align="left">The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14798&vector=(AV:N/AC:L/Au:S/C:P/I:N/A:N)" target="_blank" rel="noopener">4.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14798" target="_blank" rel="noopener">CVE-2019-14798</a><br><a href="https://wordpress.org/plugins/photo-gallery/#developers" target="_blank" rel="noopener">MISC</a><br><a href="https://wpvulndb.com/vulnerabilities/9361" target="_blank" rel="noopener">MISC</a><br><a href="https://www.pluginvulnerabilities.com/2019/05/14/authenticated-local-file-inclusion-lfi-vulnerability-in-photo-gallery-by-10web/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">23systems -- lightbox_plus_colorbox</td><td style="text-align: left;" align="left">The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10865&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10865" target="_blank" rel="noopener">CVE-2016-10865</a><br><a href="https://wordpress.org/plugins/lightbox-plus/#developers" target="_blank" rel="noopener">MISC</a><br><a href="https://www.pluginvulnerabilities.com/2016/04/05/cross-site-request-forgery-csrfcross-site-scripting-xss-vulnerability-in-lightbox-plus-colorbox/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">atlassian -- jira</td><td style="text-align: left;" align="left">The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-20826&vector=(AV:N/AC:L/Au:S/C:N/I:P/A:N)" target="_blank" rel="noopener">4.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20826" target="_blank" rel="noopener">CVE-2018-20826</a><br><a href="https://jira.atlassian.com/browse/JRASERVER-69239" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">axiosys -- bento4</td><td style="text-align: left;" align="left">An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the function AP4_BitReader::SkipBits at Core/Ap4Utils.cpp.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-15047&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15047" target="_blank" rel="noopener">CVE-2019-15047</a><br><a href="https://github.com/axiomatic-systems/bento4/issues/408" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">axiosys -- bento4</td><td style="text-align: left;" align="left">An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer overflow in the AP4_RtpAtom class at Core/Ap4RtpAtom.cpp.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-15048&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15048" target="_blank" rel="noopener">CVE-2019-15048</a><br><a href="https://github.com/axiomatic-systems/bento4/issues/409" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">axiosys -- bento4</td><td style="text-align: left;" align="left">An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_Dec3Atom class at Core/Ap4Dec3Atom.cpp.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-15049&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15049" target="_blank" rel="noopener">CVE-2019-15049</a><br><a href="https://github.com/axiomatic-systems/bento4/issues/408" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">axiosys -- bento4</td><td style="text-align: left;" align="left">An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_AvccAtom class at Core/Ap4AvccAtom.cpp.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-15050&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15050" target="_blank" rel="noopener">CVE-2019-15050</a><br><a href="https://github.com/axiomatic-systems/bento4/issues/409" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">backup-guard -- backup_guard</td><td style="text-align: left;" align="left">The Backup Guard plugin before 1.1.47 for WordPress has multiple XSS issues.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-18488&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18488" target="_blank" rel="noopener">CVE-2017-18488</a><br><a href="https://wordpress.org/plugins/backup/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">bestwebsoft -- contact_form</td><td style="text-align: left;" align="left">The contact-form-plugin plugin before 3.52 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-7475&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7475" target="_blank" rel="noopener">CVE-2013-7475</a><br><a href="https://wordpress.org/plugins/contact-form-plugin/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">bestwebsoft -- contact_form</td><td style="text-align: left;" align="left">The contact-form-plugin plugin before 3.96 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9295&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9295" target="_blank" rel="noopener">CVE-2015-9295</a><br><a href="https://wordpress.org/plugins/contact-form-plugin/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">bestwebsoft -- contact_form</td><td style="text-align: left;" align="left">The contact-form-plugin plugin before 4.0.2 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10869&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10869" target="_blank" rel="noopener">CVE-2016-10869</a><br><a href="https://wordpress.org/plugins/contact-form-plugin/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">bestwebsoft -- contact_form</td><td style="text-align: left;" align="left">The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-18491&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18491" target="_blank" rel="noopener">CVE-2017-18491</a><br><a href="https://wordpress.org/plugins/contact-form-plugin/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">bestwebsoft -- contact_form_to_db</td><td style="text-align: left;" align="left">The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-18492&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18492" target="_blank" rel="noopener">CVE-2017-18492</a><br><a href="https://wordpress.org/plugins/contact-form-to-db/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">bestwebsoft -- custom_search</td><td style="text-align: left;" align="left">The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-18494&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18494" target="_blank" rel="noopener">CVE-2017-18494</a><br><a href="https://wordpress.org/plugins/custom-search-plugin/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">bestwebsoft -- htaccess</td><td style="text-align: left;" align="left">The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-18496&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18496" target="_blank" rel="noopener">CVE-2017-18496</a><br><a href="https://wordpress.org/plugins/htaccess/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">bestwebsoft -- social_buttons_pack</td><td style="text-align: left;" align="left">The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-18500&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18500" target="_blank" rel="noopener">CVE-2017-18500</a><br><a href="https://wordpress.org/plugins/social-buttons-pack/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">bestwebsoft -- social_login</td><td style="text-align: left;" align="left">The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-18501&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18501" target="_blank" rel="noopener">CVE-2017-18501</a><br><a href="https://wordpress.org/plugins/social-login-bws/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">bestwebsoft -- subscriber</td><td style="text-align: left;" align="left">The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-18502&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18502" target="_blank" rel="noopener">CVE-2017-18502</a><br><a href="https://wordpress.org/plugins/subscriber/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">bestwebsoft -- twitter_button</td><td style="text-align: left;" align="left">The twitter-plugin plugin before 2.55 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-18505&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18505" target="_blank" rel="noopener">CVE-2017-18505</a><br><a href="https://wordpress.org/plugins/twitter-plugin/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">codepeople -- appointment_booking_calendar</td><td style="text-align: left;" align="left">The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14791&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14791" target="_blank" rel="noopener">CVE-2019-14791</a><br><a href="https://wordpress.org/plugins/appointment-booking-calendar/#developers" target="_blank" rel="noopener">MISC</a><br><a href="https://wpvulndb.com/vulnerabilities/9426" target="_blank" rel="noopener">MISC</a><br><a href="https://www.pluginvulnerabilities.com/2019/07/03/hackers-look-to-be-targeting-the-wordpress-plugin-appointment-booking-calendar-which-is-yet-another-insecure-plugin-from-code-people/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">codepeople -- contact_form_email</td><td style="text-align: left;" align="left">The contact-form-to-email plugin before 1.2.66 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-20963&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20963" target="_blank" rel="noopener">CVE-2018-20963</a><br><a href="https://wordpress.org/plugins/contact-form-to-email/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">codepeople -- contact_form_email</td><td style="text-align: left;" align="left">The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-20964&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20964" target="_blank" rel="noopener">CVE-2018-20964</a><br><a href="https://wordpress.org/plugins/contact-form-to-email/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">edx -- recommender</td><td style="text-align: left;" align="left">Recommender before 2018-07-18 allows XSS.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-20858&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20858" target="_blank" rel="noopener">CVE-2018-20858</a><br><a href="https://github.com/edx/RecommenderXBlock/pull/2" target="_blank" rel="noopener">MISC</a><br><a href="https://groups.google.com/forum/#!topic/openedx-announce/SF8Sn6MuUTg" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">exiv2 -- exiv2</td><td style="text-align: left;" align="left">In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffset function in webpimage.cpp. It can lead to a buffer overflow vulnerability and a crash.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14982&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14982" target="_blank" rel="noopener">CVE-2019-14982</a><br><a href="https://github.com/Exiv2/exiv2/compare/v0.27.2-RC2...v0.27.2" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/Exiv2/exiv2/issues/960" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/Exiv2/exiv2/pull/962/commits/e925bc5addd881543fa503470c8a859e112cca62" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">flippercode -- google_map</td><td style="text-align: left;" align="left">The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS related to the add_query_arg() and remove_query_arg() functions.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9305&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9305" target="_blank" rel="noopener">CVE-2015-9305</a><br><a href="https://wordpress.org/plugins/wp-google-map-plugin/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">flippercode -- google_map</td><td style="text-align: left;" align="left">The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10878&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10878" target="_blank" rel="noopener">CVE-2016-10878</a><br><a href="https://wordpress.org/plugins/wp-google-map-plugin/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">foliovision -- fv_flowplayer_video_player</td><td style="text-align: left;" align="left">The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14799&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14799" target="_blank" rel="noopener">CVE-2019-14799</a><br><a href="https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers" target="_blank" rel="noopener">MISC</a><br><a href="https://www.pluginvulnerabilities.com/2019/05/15/information-disclosure-vulnerability-in-fv-player-fv-flowplayer-video-player/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">frappe -- frappe</td><td style="text-align: left;" align="left">An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14966&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P)" target="_blank" rel="noopener">6.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14966" target="_blank" rel="noopener">CVE-2019-14966</a><br><a href="https://github.com/frappe/frappe/compare/v12.0.3...v12.0.4" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/frappe/frappe/pull/8044" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/frappe/frappe/pull/8045" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/frappe/frappe/pull/8046" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/frappe/frappe/pull/8047" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/frappe/frappe/releases/tag/v12.0.4" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">frappe -- frappe</td><td style="text-align: left;" align="left">An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and 12. There exists an XSS vulnerability.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14967&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14967" target="_blank" rel="noopener">CVE-2019-14967</a><br><a href="https://github.com/frappe/frappe/compare/v11.1.45...v11.1.46" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/frappe/frappe/pull/7981" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/frappe/frappe/releases/tag/v11.1.46" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">hp -- 3par_storeserv_management_console</td><td style="text-align: left;" align="left">A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-5405&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5405" target="_blank" rel="noopener">CVE-2019-5405</a><br><a href="https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03946en_us" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">hp -- 3par_storeserv_management_console</td><td style="text-align: left;" align="left">A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-5407&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P)" target="_blank" rel="noopener">6.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5407" target="_blank" rel="noopener">CVE-2019-5407</a><br><a href="https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03946en_us" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">huawei -- pcmanager</td><td style="text-align: left;" align="left">PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code execution.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-5223&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5223" target="_blank" rel="noopener">CVE-2019-5223</a><br><a href="https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190718-01-pcmanager-en" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">ibericode -- mailchimp</td><td style="text-align: left;" align="left">The mailchimp-for-wp plugin before 4.0.11 for WordPress has XSS on the integration settings page.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10871&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10871" target="_blank" rel="noopener">CVE-2016-10871</a><br><a href="https://wordpress.org/plugins/mailchimp-for-wp/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">icmsdev -- icms</td><td style="text-align: left;" align="left">iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14976&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14976" target="_blank" rel="noopener">CVE-2019-14976</a><br><a href="https://github.com/idreamsoft/iCMS/issues/71" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14980&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14980" target="_blank" rel="noopener">CVE-2019-14980</a><br><a href="https://github.com/ImageMagick/ImageMagick/commit/c5d012a46ae22be9444326aa37969a3f75daa3ba" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/ImageMagick/ImageMagick/compare/7.0.8-41...7.0.8-42" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/ImageMagick/ImageMagick6/commit/614a257295bdcdeda347086761062ac7658b6830" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/ImageMagick/ImageMagick6/issues/43" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14981&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14981" target="_blank" rel="noopener">CVE-2019-14981</a><br><a href="https://github.com/ImageMagick/ImageMagick/commit/a77d8d97f5a7bced0468f0b08798c83fb67427bc" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/1552" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">istio -- istio</td><td style="text-align: left;" align="left">Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14993&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank" rel="noopener">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14993" target="_blank" rel="noopener">CVE-2019-14993</a><br><a href="https://discuss.istio.io/t/upcoming-security-updates-in-istio-1-2-4-and-1-1-13/3383" target="_blank" rel="noopener">MISC</a><br><a href="https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86164" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/envoyproxy/envoy/issues/7728" target="_blank" rel="noopener">MISC</a><br><a href="https://istio.io/blog/2019/istio-security-003-004/" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">kunena -- kunena</td><td style="text-align: left;" align="left">The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-15120&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15120" target="_blank" rel="noopener">CVE-2019-15120</a><br><a href="https://vel.joomla.org/resolved/2260-kunena-5-0-x-5-1-14-xss-cross-site-scripting" target="_blank" rel="noopener">MISC</a><br><a href="https://www.kunena.org/blog/207-kunena-5-1-14-released" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">lansweeper -- lansweeper</td><td style="text-align: left;" align="left">Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-13462&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:N)" target="_blank" rel="noopener">6.4</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13462" target="_blank" rel="noopener">CVE-2019-13462</a><br><a href="https://www.lansweeper.com/forum/yaf_topics33_Announcements.aspx" target="_blank" rel="noopener">MISC</a><br><a href="https://www.nccgroup.trust/uk/our-research/technical-advisory-unauthenticated-sql-injection-in-lansweeper/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">mediaburst -- gravity_forms</td><td style="text-align: left;" align="left">The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-18495&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18495" target="_blank" rel="noopener">CVE-2017-18495</a><br><a href="https://wordpress.org/plugins/gravity-forms-sms-notifications/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">mediawiki -- mediawiki</td><td style="text-align: left;" align="left">In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14807&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14807" target="_blank" rel="noopener">CVE-2019-14807</a><br><a href="https://gerrit.wikimedia.org/g/mediawiki/extensions/MobileFrontend/+/08dfc59771d0ed9b739a59bb521baf7f59d169f9" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://phabricator.wikimedia.org/T229541" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">metabox -- meta_box</td><td style="text-align: left;" align="left">The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14793&vector=(AV:N/AC:L/Au:S/C:N/I:P/A:P)" target="_blank" rel="noopener">5.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14793" target="_blank" rel="noopener">CVE-2019-14793</a><br><a href="https://metabox.io/changelog/" target="_blank" rel="noopener">MISC</a><br><a href="https://www.pluginvulnerabilities.com/2019/02/01/full-disclosure-of-authenticated-arbitrary-file-deletion-vulnerability-in-wordpress-plugin-with-300000-installs/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">metabox -- meta_box</td><td style="text-align: left;" align="left">The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14794&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14794" target="_blank" rel="noopener">CVE-2019-14794</a><br><a href="https://metabox.io/changelog/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">netapp -- oncommand_insight</td><td style="text-align: left;" align="left">OnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-5498&vector=(AV:N/AC:L/Au:S/C:P/I:N/A:N)" target="_blank" rel="noopener">4.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5498" target="_blank" rel="noopener">CVE-2019-5498</a><br><a href="https://security.netapp.com/advisory/ntap-20190809-0001/" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">never5 -- download_monitor</td><td style="text-align: left;" align="left">The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9296&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9296" target="_blank" rel="noopener">CVE-2015-9296</a><br><a href="https://wordpress.org/plugins/download-monitor/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">newstatpress_project -- newstatpress</td><td style="text-align: left;" align="left">The newstatpress plugin before 1.0.6 for WordPress has reflected XSS.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9311&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9311" target="_blank" rel="noopener">CVE-2015-9311</a><br><a href="https://wordpress.org/plugins/newstatpress/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">newstatpress_project -- newstatpress</td><td style="text-align: left;" align="left">The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9312&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9312" target="_blank" rel="noopener">CVE-2015-9312</a><br><a href="https://wordpress.org/plugins/newstatpress/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">newstatpress_project -- newstatpress</td><td style="text-align: left;" align="left">The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9314&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9314" target="_blank" rel="noopener">CVE-2015-9314</a><br><a href="https://wordpress.org/plugins/newstatpress/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">palletsprojects -- werkzeug</td><td style="text-align: left;" align="left">Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14806&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank" rel="noopener">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14806" target="_blank" rel="noopener">CVE-2019-14806</a><br><a href="https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246" target="_blank" rel="noopener">MISC</a><br><a href="https://palletsprojects.com/blog/werkzeug-0-15-3-released/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">php -- php</td><td style="text-align: left;" align="left">When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-11041&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11041" target="_blank" rel="noopener">CVE-2019-11041</a><br><a href="https://bugs.php.net/bug.php?id=78222" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html" target="_blank" rel="noopener">MLIST</a><br><a href="https://usn.ubuntu.com/4097-1/" target="_blank" rel="noopener">UBUNTU</a><br><a href="https://usn.ubuntu.com/4097-2/" target="_blank" rel="noopener">UBUNTU</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">php -- php</td><td style="text-align: left;" align="left">When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-11042&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11042" target="_blank" rel="noopener">CVE-2019-11042</a><br><a href="https://bugs.php.net/bug.php?id=78256" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html" target="_blank" rel="noopener">MLIST</a><br><a href="https://usn.ubuntu.com/4097-1/" target="_blank" rel="noopener">UBUNTU</a><br><a href="https://usn.ubuntu.com/4097-2/" target="_blank" rel="noopener">UBUNTU</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">presstigers -- simple_job_board</td><td style="text-align: left;" align="left">The simple-job-board plugin before 2.4.4 for WordPress has reflected XSS via keyword search.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-18498&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18498" target="_blank" rel="noopener">CVE-2017-18498</a><br><a href="https://wordpress.org/plugins/simple-job-board/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">siemens -- siprotec_5_firmware</td><td style="text-align: left;" align="left">Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-12257&vector=(AV:A/AC:L/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">5.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12257" target="_blank" rel="noopener">CVE-2019-12257</a><br><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://security.netapp.com/advisory/ntap-20190802-0001/" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support.f5.com/csp/article/K41190253" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12257" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support2.windriver.com/index.php?page=security-notices" target="_blank" rel="noopener">MISC</a><br><a href="https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">simple-membership-plugin -- simple_membership</td><td style="text-align: left;" align="left">The simple-membership plugin before 3.5.7 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-18499&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18499" target="_blank" rel="noopener">CVE-2017-18499</a><br><a href="https://wordpress.org/plugins/simple-membership/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">tipsandtricks-hq -- all_in_one_wp_security_&_firewall</td><td style="text-align: left;" align="left">The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9293&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9293" target="_blank" rel="noopener">CVE-2015-9293</a><br><a href="https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">tipsandtricks-hq -- all_in_one_wp_security_&_firewall</td><td style="text-align: left;" align="left">The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9294&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9294" target="_blank" rel="noopener">CVE-2015-9294</a><br><a href="https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">tipsandtricks-hq -- all_in_one_wp_security_&_firewall</td><td style="text-align: left;" align="left">The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10866&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10866" target="_blank" rel="noopener">CVE-2016-10866</a><br><a href="https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">tipsandtricks-hq -- all_in_one_wp_security_&_firewall</td><td style="text-align: left;" align="left">The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10867&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10867" target="_blank" rel="noopener">CVE-2016-10867</a><br><a href="https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">tipsandtricks-hq -- all_in_one_wp_security_&_firewall</td><td style="text-align: left;" align="left">The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10868&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10868" target="_blank" rel="noopener">CVE-2016-10868</a><br><a href="https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">ultimatemember -- ultimate_member</td><td style="text-align: left;" align="left">The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9304&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9304" target="_blank" rel="noopener">CVE-2015-9304</a><br><a href="https://wordpress.org/plugins/ultimate-member/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">ultimatemember -- ultimate_member</td><td style="text-align: left;" align="left">The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10872&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10872" target="_blank" rel="noopener">CVE-2016-10872</a><br><a href="https://wordpress.org/plugins/ultimate-member/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">ultimatemember -- ultimate_member</td><td style="text-align: left;" align="left">The ultimate-member plugin before 2.0.4 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-20965&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20965" target="_blank" rel="noopener">CVE-2018-20965</a><br><a href="https://wordpress.org/plugins/ultimate-member/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">w3eden -- live_forms</td><td style="text-align: left;" align="left">The liveforms plugin before 3.4.0 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-18497&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18497" target="_blank" rel="noopener">CVE-2017-18497</a><br><a href="https://wordpress.org/plugins/liveforms/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">webkul -- bagisto</td><td style="text-align: left;" align="left">Bagisto 0.1.5 allows CSRF under /admin URIs.</td><td style="text-align: center;" align="center">2019-08-11</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14933&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14933" target="_blank" rel="noopener">CVE-2019-14933</a><br><a href="https://forums.bagisto.com/category/1/announcements" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/bagisto/bagisto/issues/750" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wp-events-plugin -- events_manager</td><td style="text-align: left;" align="left">The events-manager plugin before 5.6 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9297&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9297" target="_blank" rel="noopener">CVE-2015-9297</a><br><a href="https://wordpress.org/plugins/events-manager/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wp-events-plugin -- events_manager</td><td style="text-align: left;" align="left">The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9299&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9299" target="_blank" rel="noopener">CVE-2015-9299</a><br><a href="https://wordpress.org/plugins/events-manager/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wp-events-plugin -- events_manager</td><td style="text-align: left;" align="left">The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9300&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9300" target="_blank" rel="noopener">CVE-2015-9300</a><br><a href="https://wordpress.org/plugins/events-manager/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wp-jobmanager -- job_manager</td><td style="text-align: left;" align="left">The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2012-6713&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6713" target="_blank" rel="noopener">CVE-2012-6713</a><br><a href="https://wordpress.org/plugins/job-manager/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wp-livechat -- wp_live_chat_support</td><td style="text-align: left;" align="left">The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10879&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10879" target="_blank" rel="noopener">CVE-2016-10879</a><br><a href="https://wordpress.org/plugins/wp-live-chat-support/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wp-livechat -- wp_live_chat_support</td><td style="text-align: left;" align="left">The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-18507&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18507" target="_blank" rel="noopener">CVE-2017-18507</a><br><a href="https://wordpress.org/plugins/wp-live-chat-support/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wp-livechat -- wp_live_chat_support</td><td style="text-align: left;" align="left">The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-18508&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18508" target="_blank" rel="noopener">CVE-2017-18508</a><br><a href="https://wordpress.org/plugins/wp-live-chat-support/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wp-livechat -- wp_live_chat_support</td><td style="text-align: left;" align="left">The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14950&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14950" target="_blank" rel="noopener">CVE-2019-14950</a><br><a href="https://wordpress.org/plugins/wp-live-chat-support/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wp_editor_project -- wp_editor</td><td style="text-align: left;" align="left">The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10877&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10877" target="_blank" rel="noopener">CVE-2016-10877</a><br><a href="https://wordpress.org/plugins/wp-editor/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wpdeveloper -- twitter_cards_meta</td><td style="text-align: left;" align="left">The twitter-cards-meta plugin before 2.5.0 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-18503&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18503" target="_blank" rel="noopener">CVE-2017-18503</a><br><a href="https://wordpress.org/plugins/twitter-cards-meta/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wpdeveloper -- twitter_cards_meta</td><td style="text-align: left;" align="left">The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-18504&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18504" target="_blank" rel="noopener">CVE-2017-18504</a><br><a href="https://wordpress.org/plugins/twitter-cards-meta/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wpseeds -- wp_database_backup</td><td style="text-align: left;" align="left">The wp-database-backup plugin before 4.3.3 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10873&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10873" target="_blank" rel="noopener">CVE-2016-10873</a><br><a href="https://wordpress.org/plugins/wp-database-backup/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wpseeds -- wp_database_backup</td><td style="text-align: left;" align="left">The wp-database-backup plugin before 4.3.3 for WordPress has CSRF.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10874&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10874" target="_blank" rel="noopener">CVE-2016-10874</a><br><a href="https://wordpress.org/plugins/wp-database-backup/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wpseeds -- wp_database_backup</td><td style="text-align: left;" align="left">The wp-database-backup plugin before 4.3.1 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10875&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10875" target="_blank" rel="noopener">CVE-2016-10875</a><br><a href="https://wordpress.org/plugins/wp-database-backup/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wpseeds -- wp_database_backup</td><td style="text-align: left;" align="left">The wp-database-backup plugin before 4.3.1 for WordPress has CSRF.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10876&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank" rel="noopener">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10876" target="_blank" rel="noopener">CVE-2016-10876</a><br><a href="https://wordpress.org/plugins/wp-database-backup/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wpseeds -- wp_database_backup</td><td style="text-align: left;" align="left">The wp-database-backup plugin before 5.1.2 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14949&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank" rel="noopener">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14949" target="_blank" rel="noopener">CVE-2019-14949</a><br><a href="https://wordpress.org/plugins/wp-database-backup/#developers" target="_blank" rel="noopener">MISC</a></td></tr></tbody></table><a href="https://www.us-cert.gov#top">Back to top</a><p><a name="low" class="mce-item-anchor"></a> </p><h2 id="ox-25eb77d27b-low_v_title">Low Vulnerabilities</h2><table border="1" summary="Low Vulnerabilities" align="center"><thead><tr><th class="ox-25eb77d27b-vendor-product" style="width: 24%;" scope="col">Primary<br>Vendor -- Product</th><th style="width: 44%;" scope="col">Description</th><th style="width: 8%;" scope="col">Published</th><th style="width: 4%;" scope="col">CVSS Score</th><th style="width: 10%;" scope="col">Source & Patch Info</th></tr></thead><tbody><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">10web -- photo_gallery</td><td style="text-align: left;" align="left">The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14797&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank" rel="noopener">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14797" target="_blank" rel="noopener">CVE-2019-14797</a><br><a href="https://wordpress.org/plugins/photo-gallery/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">atlassian -- jira</td><td style="text-align: left;" align="left">The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2018-20827&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank" rel="noopener">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20827" target="_blank" rel="noopener">CVE-2018-20827</a><br><a href="https://jira.atlassian.com/browse/JRASERVER-69237" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">codecabin -- wp_google_maps</td><td style="text-align: left;" align="left">The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14792&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank" rel="noopener">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14792" target="_blank" rel="noopener">CVE-2019-14792</a><br><a href="https://wordpress.org/plugins/wp-google-maps/#developers" target="_blank" rel="noopener">MISC</a><br><a href="https://wpvulndb.com/vulnerabilities/9442" target="_blank" rel="noopener">MISC</a><br><a href="https://www.pluginvulnerabilities.com/2019/07/08/recently-closed-wordpress-plugin-with-400000-installs-contains-another-authenticated-persistent-xss-vulnerability/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">codepeople -- cp_contact_form_with_paypal</td><td style="text-align: left;" align="left">The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14785&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank" rel="noopener">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14785" target="_blank" rel="noopener">CVE-2019-14785</a><br><a href="https://wordpress.org/plugins/cp-contact-form-with-paypal/#developers" target="_blank" rel="noopener">MISC</a><br><a href="https://www.pluginvulnerabilities.com/2019/06/24/reflected-cross-site-scripting-xss-vulnerability-in-cp-contact-form-with-paypal/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">hp -- 3par_storeserv_management_console</td><td style="text-align: left;" align="left">A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-5403&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank" rel="noopener">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5403" target="_blank" rel="noopener">CVE-2019-5403</a><br><a href="https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03946en_us" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">mq-woocommerce-products-price-bulk-edit_project -- mq-woocommerce-products-price-bulk-edit</td><td style="text-align: left;" align="left">The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14796&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank" rel="noopener">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14796" target="_blank" rel="noopener">CVE-2019-14796</a><br><a href="https://wordpress.org/plugins/mq-woocommerce-products-price-bulk-edit/#developers" target="_blank" rel="noopener">MISC</a><br><a href="https://www.pluginvulnerabilities.com/2019/05/16/is-this-authenticated-persistent-cross-site-scripting-xss-vulnerability-what-hackers-would-be-interested-in-woocommerce-products-price-bulk-edit-for/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">schben -- framework</td><td style="text-align: left;" align="left">Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14987&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank" rel="noopener">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14987" target="_blank" rel="noopener">CVE-2019-14987</a><br><a href="https://www.sevenlayers.com/index.php/231-adive-framework-2-0-7-xss" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">tribulant -- newsletters</td><td style="text-align: left;" align="left">The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14787&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank" rel="noopener">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14787" target="_blank" rel="noopener">CVE-2019-14787</a><br><a href="https://wordpress.org/plugins/newsletters-lite/#developers" target="_blank" rel="noopener">MISC</a><br><a href="https://www.pluginvulnerabilities.com/2019/07/01/reflected-cross-site-scripting-xss-vulnerability-in-newsletters/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">ultimatemember -- ultimate_member</td><td style="text-align: left;" align="left">The ultimate-member plugin before 2.0.54 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14945&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank" rel="noopener">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14945" target="_blank" rel="noopener">CVE-2019-14945</a><br><a href="https://wordpress.org/plugins/ultimate-member/#developers" target="_blank" rel="noopener">MISC</a><br><a href="https://wpvulndb.com/vulnerabilities/9506" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">ultimatemember -- ultimate_member</td><td style="text-align: left;" align="left">The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14946&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank" rel="noopener">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14946" target="_blank" rel="noopener">CVE-2019-14946</a><br><a href="https://wordpress.org/plugins/ultimate-member/#developers" target="_blank" rel="noopener">MISC</a><br><a href="https://wpvulndb.com/vulnerabilities/9449" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">ultimatemember -- ultimate_member</td><td style="text-align: left;" align="left">The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14947&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank" rel="noopener">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14947" target="_blank" rel="noopener">CVE-2019-14947</a><br><a href="https://wordpress.org/plugins/ultimate-member/#developers" target="_blank" rel="noopener">MISC</a><br><a href="https://wpvulndb.com/vulnerabilities/9449" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">una -- una</td><td style="text-align: left;" align="left">studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14804&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank" rel="noopener">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14804" target="_blank" rel="noopener">CVE-2019-14804</a><br><a href="http://packetstormsecurity.com/files/154018/UNA-10.0.0-RC1-Cross-Site-Scripting.html" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/unaio/una/commits/master/studio" target="_blank" rel="noopener">MISC</a><br><a href="https://pastebin.com/iMfs1BsM" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">una -- una</td><td style="text-align: left;" align="left">studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets during set editing.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2019-14805&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank" rel="noopener">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14805" target="_blank" rel="noopener">CVE-2019-14805</a><br><a href="https://github.com/unaio/una/commits/master/studio" target="_blank" rel="noopener">MISC</a><br><a href="https://pastebin.com/BRFQkqLQ" target="_blank" rel="noopener">MISC</a></td></tr></tbody></table><a href="https://www.us-cert.gov#top">Back to top</a><p><a name="severity_not_yet_assigned" class="mce-item-anchor"></a> </p><h2 id="ox-25eb77d27b-snya_v_title">Severity Not Yet Assigned</h2><table id="ox-25eb77d27b-table_severity_not_yet_assigned" border="1" summary="Severity Not Yet Assigned" align="center"><thead><tr><th class="ox-25eb77d27b-vendor-product" style="width: 24%;" scope="col">Primary<br>Vendor -- Product</th><th style="width: 44%;" scope="col">Description</th><th style="width: 8%;" scope="col">Published</th><th style="width: 229px;" scope="col">CVSS Score</th><th style="width: 328px;" scope="col">Source & Patch Info</th></tr></thead><tbody><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">20-20 -- storage</td><td style="text-align: left;" align="left">An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specified basepath. If the application using this library does not sanitize user-supplied filenames, then this issue may be exploited to read or write arbitrary files. This affects LocalStorageProvider.cs.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12479" target="_blank" rel="noopener">CVE-2019-12479</a><br><a href="https://security401.com/twentytwenty-storage-path-traversal/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">3cx -- 3cx_windows_client</td><td style="text-align: left;" align="left">3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link.</td><td style="text-align: center;" align="center">2019-08-11</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14935" target="_blank" rel="noopener">CVE-2019-14935</a><br><a href="https://www.3cx.com/community/threads/security-issue-with-3cx-windows-client-install.64432/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">3s-smart_software_solutions -- codesys_products</td><td style="text-align: left;" align="left">An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-9010" target="_blank" rel="noopener">CVE-2019-9010</a><br><a href="https://www.us-cert.gov/ics/advisories/icsa-19-213-03" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">3s-smart_software_solutions -- codesys_products</td><td style="text-align: left;" align="left">An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-9012" target="_blank" rel="noopener">CVE-2019-9012</a><br><a href="https://www.us-cert.gov/ics/advisories/icsa-19-213-03" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">3s-smart_software_solutions -- codesys_products</td><td style="text-align: left;" align="left">An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-9013" target="_blank" rel="noopener">CVE-2019-9013</a><br><a href="https://www.us-cert.gov/ics/advisories/icsa-19-213-04" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- after_effects</td><td style="text-align: left;" align="left">Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-8062" target="_blank" rel="noopener">CVE-2019-8062</a><br><a href="https://helpx.adobe.com/security/products/after_effects/apsb19-31.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- character_animator</td><td style="text-align: left;" align="left">Adobe Character Animator versions 2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-7870" target="_blank" rel="noopener">CVE-2019-7870</a><br><a href="https://helpx.adobe.com/security/products/character_animator/apsb19-32.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- creative_cloud_desktop_application</td><td style="text-align: left;" align="left">Creative Cloud Desktop Application 4.6.1 and earlier versions have an insecure transmission of sensitive data vulnerability. Successful exploitation could lead to information leakage.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-8063" target="_blank" rel="noopener">CVE-2019-8063</a><br><a href="https://helpx.adobe.com/security/products/creative-cloud/apsb19-39.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- creative_cloud_desktop_application</td><td style="text-align: left;" align="left">Creative Cloud Desktop Application versions 4.6.1 and earlier have a security bypass vulnerability. Successful exploitation could lead to denial of service.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-7957" target="_blank" rel="noopener">CVE-2019-7957</a><br><a href="https://helpx.adobe.com/security/products/creative-cloud/apsb19-39.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- creative_cloud_desktop_application</td><td style="text-align: left;" align="left">Creative Cloud Desktop Application versions 4.6.1 and earlier have an insecure inherited permissions vulnerability. Successful exploitation could lead to privilege escalation.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-7958" target="_blank" rel="noopener">CVE-2019-7958</a><br><a href="https://helpx.adobe.com/security/products/creative-cloud/apsb19-39.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- creative_cloud_desktop_application</td><td style="text-align: left;" align="left">Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-7959" target="_blank" rel="noopener">CVE-2019-7959</a><br><a href="https://helpx.adobe.com/security/products/creative-cloud/apsb19-39.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- experience_manager</td><td style="text-align: left;" align="left">Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Successful exploitation could lead to remote code execution.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-7964" target="_blank" rel="noopener">CVE-2019-7964</a><br><a href="https://helpx.adobe.com/security/products/experience-manager/apsb19-42.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- prelude_cc</td><td style="text-align: left;" align="left">Adobe Prelude CC versions 8.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-7961" target="_blank" rel="noopener">CVE-2019-7961</a><br><a href="https://helpx.adobe.com/security/products/prelude/apsb19-35.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">adobe -- premiere_pro_cc</td><td style="text-align: left;" align="left">Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-7931" target="_blank" rel="noopener">CVE-2019-7931</a><br><a href="https://helpx.adobe.com/security/products/premiere_pro/apsb19-33.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">altools -- altools_update_service</td><td style="text-align: left;" align="left">ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulnerability and execute arbitrary code with system privileges.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12808" target="_blank" rel="noopener">CVE-2019-12808</a><br><a href="https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35116" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">alzip -- alzip</td><td style="text-align: left;" align="left">Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12807" target="_blank" rel="noopener">CVE-2019-12807</a><br><a href="https://www.altools.co.kr/Download/ALZip.aspx#n" target="_blank" rel="noopener">MISC</a><br><a href="https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35114" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">arista -- cloudvision_portal</td><td style="text-align: left;" align="left">Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12357" target="_blank" rel="noopener">CVE-2018-12357</a><br><a href="https://www.arista.com/en/support/advisories-notices" target="_blank" rel="noopener">MISC</a><br><a href="https://www.arista.com/en/support/advisories-notices/security-advisories/5432-security-advisory-35" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">arista -- eos</td><td style="text-align: left;" align="left">Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-14008" target="_blank" rel="noopener">CVE-2018-14008</a><br><a href="https://www.arista.com/en/support/advisories-notices" target="_blank" rel="noopener">MISC</a><br><a href="https://www.arista.com/en/support/advisories-notices/security-advisories/6072-security-advisory-38" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left"><p>artica -- integria_ims</p></td><td style="text-align: left;" align="left">filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15091" target="_blank" rel="noopener">CVE-2019-15091</a><br><a href="https://pastebin.com/k7FuvNvx" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">artiflex -- mupdf</td><td style="text-align: left;" align="left">Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14975" target="_blank" rel="noopener">CVE-2019-14975</a><br><a href="http://git.ghostscript.com/?p=mupdf.git;a=commit;h=97096297d409ec6f206298444ba00719607e8ba8" target="_blank" rel="noopener">MISC</a><br><a href="https://bugs.ghostscript.com/show_bug.cgi?id=701292" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">atlassian -- confluence_server</td><td style="text-align: left;" align="left">The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15053" target="_blank" rel="noopener">CVE-2019-15053</a><br><a href="https://marketplace.atlassian.com/apps/4885/html-include-and-replace-macro?hosting=server&tab=versions" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">atlassian -- jira_server_and_data_center</td><td style="text-align: left;" align="left">There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11581" target="_blank" rel="noopener">CVE-2019-11581</a><br><a href="https://jira.atlassian.com/browse/JRASERVER-69532" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">bluetooth -- bluetooth_br/edr</td><td style="text-align: left;" align="left">The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-9506" target="_blank" rel="noopener">CVE-2019-9506</a><br><a href="http://seclists.org/fulldisclosure/2019/Aug/11" target="_blank" rel="noopener">FULLDISC</a><br><a href="http://seclists.org/fulldisclosure/2019/Aug/13" target="_blank" rel="noopener">FULLDISC</a><br><a href="http://seclists.org/fulldisclosure/2019/Aug/14" target="_blank" rel="noopener">FULLDISC</a><br><a href="http://seclists.org/fulldisclosure/2019/Aug/15" target="_blank" rel="noopener">FULLDISC</a><br><a href="http://www.cs.ox.ac.uk/publications/publication12404-abstract.html" target="_blank" rel="noopener">MISC</a><br><a href="https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.kb.cert.org/vuls/id/918987/" target="_blank" rel="noopener">CERT-VN</a><br><a href="https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">cloud_foundry -- uaa</td><td style="text-align: left;" align="left">Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11274" target="_blank" rel="noopener">CVE-2019-11274</a><br><a href="https://www.cloudfoundry.org/blog/cve-2019-11274" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">cms_clipper -- cms_clipper</td><td style="text-align: left;" align="left">CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12101" target="_blank" rel="noopener">CVE-2018-12101</a><br><a href="https://github.com/ClipperCMS/ClipperCMS/issues/487" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/ClipperCMS/ClipperCMS/issues/488" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/ClipperCMS/ClipperCMS/issues/496" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">cnlh -- nps</td><td style="text-align: left;" align="left">lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15119" target="_blank" rel="noopener">CVE-2019-15119</a><br><a href="https://github.com/cnlh/nps/commit/7178b3380720e910d283036a8d39879a94105515" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/cnlh/nps/issues/176" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">cospas-sarsat -- cospas-sarsat</td><td style="text-align: left;" align="left">The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages (unrelated to distress alerts) via a crafted 406 MHz digital signal.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-14062" target="_blank" rel="noopener">CVE-2018-14062</a><br><a href="https://conference.hitb.org/hitbsecconf2019ams/materials/D1T1%20-%20The%20Birdman%20and%20Cospas-Sarsat%20Satellites%20-%20Hao%20Jingli.pdf" target="_blank" rel="noopener">MISC</a><br><a href="https://conference.hitb.org/hitbsecconf2019ams/sessions/the-birdman-hacking-cospas-sarsat-satellites/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">dell -- dell_digital_delivery_and_alienware_digital_delivery</td><td style="text-align: left;" align="left">Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a path traversal exploit in order to run a malicious executable with elevated privileges.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3744" target="_blank" rel="noopener">CVE-2019-3744</a><br><a href="https://www.dell.com/support/article/SLN318085" target="_blank" rel="noopener">FULLDISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">dell -- dell_digital_delivery_and_alienware_digital_delivery</td><td style="text-align: left;" align="left">Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject malicous code to run an executable with elevated privileges.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3742" target="_blank" rel="noopener">CVE-2019-3742</a><br><a href="https://www.dell.com/support/article/SLN318085" target="_blank" rel="noopener">FULLDISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">delta_electronics -- delta_industrial_automation_dopsoft</td><td style="text-align: left;" align="left">In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds read vulnerabilities, which may allow information disclosure, remote code execution, or crash of the application.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13513" target="_blank" rel="noopener">CVE-2019-13513</a><br><a href="https://www.us-cert.gov/ics/advisories/icsa-19-225-01" target="_blank" rel="noopener">MISC</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-19-718/" target="_blank" rel="noopener">MISC</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-19-719/" target="_blank" rel="noopener">MISC</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-19-720/" target="_blank" rel="noopener">MISC</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-19-721/" target="_blank" rel="noopener">MISC</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-19-722/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">delta_electronics -- delta_industrial_automation_dopsoft</td><td style="text-align: left;" align="left">In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger a use-after-free vulnerability, which may allow information disclosure, remote code execution, or crash of the application.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13514" target="_blank" rel="noopener">CVE-2019-13514</a><br><a href="https://www.us-cert.gov/ics/advisories/icsa-19-225-01" target="_blank" rel="noopener">MISC</a><br><a href="https://www.zerodayinitiative.com/advisories/ZDI-19-717/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">dolibarr -- dolibarr</td><td style="text-align: left;" align="left">An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application's own settings pages, this mechanism is bypassed.)</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15062" target="_blank" rel="noopener">CVE-2019-15062</a><br><a href="https://gauravnarwani.com/publications/CVE-2019-15062/" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/Dolibarr/dolibarr/issues/11671" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">dwsurvey -- dwsurvey</td><td style="text-align: left;" align="left">DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15095" target="_blank" rel="noopener">CVE-2019-15095</a><br><a href="https://github.com/wkeyuan/DWSurvey/issues/48" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">eclipse_foundation -- birt</td><td style="text-align: left;" align="left">In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11776" target="_blank" rel="noopener">CVE-2019-11776</a><br><a href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=546816" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">eq-3 -- homematic_ccu2_and_ccu3_devices</td><td style="text-align: left;" align="left">eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11, 3.43.16, 3.45.5, 3.45.7, 3.47.10, 3.47.15.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-9583" target="_blank" rel="noopener">CVE-2019-9583</a><br><a href="https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_pentests/CVEs/2019-03-27-CVE-2019-9583.md" target="_blank" rel="noopener">MISC</a><br><a href="https://psytester.github.io/CVE-2019-9583/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">eq-3 -- homematic_ccu2_and_ccu3_devices</td><td style="text-align: left;" align="left">eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-9584" target="_blank" rel="noopener">CVE-2019-9584</a><br><a href="https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_pentests/CVEs/2019-03-27-CVE-2019-9584.md" target="_blank" rel="noopener">MISC</a><br><a href="https://psytester.github.io/CVE-2019-9584/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">eq-3 -- homematic_ccu2_and_ccu3_devices</td><td style="text-align: left;" align="left">eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC virtual device type 28.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14985" target="_blank" rel="noopener">CVE-2019-14985</a><br><a href="https://psytester.github.io/CVE-2019-14985/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">eq-3 -- homematic_ccu2_and_ccu3_devices</td><td style="text-align: left;" align="left">eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script uses CMD_EXEC to execute TCL code from a POST request.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14984" target="_blank" rel="noopener">CVE-2019-14984</a><br><a href="https://psytester.github.io/CVE-2019-14984/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">eq-3 -- homematic_ccu2_and_ccu3_devices</td><td style="text-align: left;" align="left">eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command (as well as "Set root password") are exposed.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14986" target="_blank" rel="noopener">CVE-2019-14986</a><br><a href="https://psytester.github.io/CVE-2019-14986/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">eq-3 -- homematic_ccu2_and_ccu3_devices</td><td style="text-align: left;" align="left">eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion of Metadata.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-9585" target="_blank" rel="noopener">CVE-2019-9585</a><br><a href="https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_pentests/CVEs/2019-03-27-CVE-2019-9585.md" target="_blank" rel="noopener">MISC</a><br><a href="https://psytester.github.io/CVE-2019-9585/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">eq-3 -- homematic_ccu2_devices</td><td style="text-align: left;" align="left">eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-9582" target="_blank" rel="noopener">CVE-2019-9582</a><br><a href="https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_pentests/CVEs/2019-03-27-CVE-2019-9582.md" target="_blank" rel="noopener">MISC</a><br><a href="https://psytester.github.io/CVE-2019-9582/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">eq-3 -- homematic_ccu3_devices</td><td style="text-align: left;" align="left">eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a missing check in rc.d/97NeoServer.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13030" target="_blank" rel="noopener">CVE-2019-13030</a><br><a href="https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_pentests/CVEs/2019-06-29-CVE-2019-13030.md" target="_blank" rel="noopener">MISC</a><br><a href="https://psytester.github.io/CVE-2019-13030/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">exosip -- exosip</td><td style="text-align: left;" align="left">handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-10375" target="_blank" rel="noopener">CVE-2014-10375</a><br><a href="http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=2549e421c14aff886629b8482c14af800f411070" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">extenua -- silvershield</td><td style="text-align: left;" align="left">extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service.</td><td style="text-align: center;" align="center">2019-08-17</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13069" target="_blank" rel="noopener">CVE-2019-13069</a><br><a href="http://kb.extenua.com" target="_blank" rel="noopener">MISC</a><br><a href="https://www.fobz.net/adv/ag47ex/info.html" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">eyesofnetwork -- eyesofnetwork</td><td style="text-align: left;" align="left">EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14923" target="_blank" rel="noopener">CVE-2019-14923</a><br><a href="https://www.exploit-db.com/exploits/47280" target="_blank" rel="noopener">MISC</a><br><a href="https://www.eyesofnetwork.com/?p=2072" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">fuji_electric -- frenic_loader</td><td style="text-align: left;" align="left">Fuji Electric FRENIC Loader 3.5.0.0 and prior is vulnerable to an out-of-bounds read vulnerability, which may allow an attacker to read limited information from the device.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13512" target="_blank" rel="noopener">CVE-2019-13512</a><br><a href="https://www.us-cert.gov/ics/advisories/icsa-19-213-02" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">gcdwebserver -- gcdwebserver</td><td style="text-align: left;" align="left">An issue was discovered in GCDWebServer before 3.5.3. The method moveItem in the GCDWebUploader class checks the FileExtension of newAbsolutePath but not oldAbsolutePath. By leveraging this vulnerability, an adversary can make an inaccessible file be available (the credential of the app, for instance).</td><td style="text-align: center;" align="center">2019-08-10</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14924" target="_blank" rel="noopener">CVE-2019-14924</a><br><a href="https://github.com/swisspol/GCDWebServer/commit/02738433bf2e1b820ef48f04edd15df304081802" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/swisspol/GCDWebServer/compare/3.5.2...3.5.3" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/swisspol/GCDWebServer/issues/433" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">giflib -- giflib</td><td style="text-align: left;" align="left">In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.</td><td style="text-align: center;" align="center">2019-08-17</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15133" target="_blank" rel="noopener">CVE-2019-15133</a><br><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13008" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">gnu -- patch</td><td style="text-align: left;" align="left">do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20969" target="_blank" rel="noopener">CVE-2018-20969</a><br><a href="http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html" target="_blank" rel="noopener">MISC</a><br><a href="https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0" target="_blank" rel="noopener">MISC</a><br><a href="https://seclists.org/bugtraq/2019/Aug/29" target="_blank" rel="noopener">BUGTRAQ</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">golang -- go</td><td style="text-align: left;" align="left">net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14809" target="_blank" rel="noopener">CVE-2019-14809</a><br><a href="https://github.com/golang/go/issues/29098" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://groups.google.com/forum/#!topic/golang-announce/0uuMm1BwpHE" target="_blank" rel="noopener">MISC</a><br><a href="https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">gonicus -- gosa</td><td style="text-align: left;" align="left">Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11187" target="_blank" rel="noopener">CVE-2019-11187</a><br><a href="https://github.com/gonicus/gosa/commits/master" target="_blank" rel="noopener">MISC</a><br><a href="https://lists.debian.org/debian-lts-announce/2019/08/msg00009.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">gradle -- gradle</td><td style="text-align: left;" align="left">The HTTP client in the Build tool in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15052" target="_blank" rel="noopener">CVE-2019-15052</a><br><a href="https://github.com/gradle/gradle/issues/10278" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/gradle/gradle/pull/10176" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">hewlett_packard_enterprise -- 3par_service_processor</td><td style="text-align: left;" align="left">A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5398" target="_blank" rel="noopener">CVE-2019-5398</a><br><a href="https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03942en_us" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">hewlett_packard_enterprise -- 3par_service_processor</td><td style="text-align: left;" align="left">A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5396" target="_blank" rel="noopener">CVE-2019-5396</a><br><a href="https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03942en_us" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">hewlett_packard_enterprise -- 3par_service_processor</td><td style="text-align: left;" align="left">A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5397" target="_blank" rel="noopener">CVE-2019-5397</a><br><a href="https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03942en_us" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">hewlett_packard_enterprise -- 3par_service_processor</td><td style="text-align: left;" align="left">A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5395" target="_blank" rel="noopener">CVE-2019-5395</a><br><a href="https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03942en_us" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">hewlett_packard_enterprise -- 3par_service_processor</td><td style="text-align: left;" align="left">A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5399" target="_blank" rel="noopener">CVE-2019-5399</a><br><a href="https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03942en_us" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">hewlett_packard_enterprise -- 3par_service_processor</td><td style="text-align: left;" align="left">A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5400" target="_blank" rel="noopener">CVE-2019-5400</a><br><a href="https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03942en_us" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">hewlett_packard_enterprise -- command_view_advanced_edition</td><td style="text-align: left;" align="left">Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5408" target="_blank" rel="noopener">CVE-2019-5408</a><br><a href="https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03938en_us" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">hostapd_and_wpa_supplicant -- hostapd_and_wpa_supplicant</td><td style="text-align: left;" align="left">The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13377" target="_blank" rel="noopener">CVE-2019-13377</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IELLEPIXWQOJFW4SZMU3WQHO63JFAHA4/" target="_blank" rel="noopener">FEDORA</a><br><a href="https://usn.ubuntu.com/4098-1/" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://w1.fi/cgit/hostap/commit/?id=147bf7b88a9c231322b5b574263071ca6dbb0503" target="_blank" rel="noopener">MISC</a><br><a href="https://w1.fi/cgit/hostap/commit/?id=cd803299ca485eb857e37c88f973fccfbb8600e5" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">http/2 -- http/2</td><td style="text-align: left;" align="left">Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-9513" target="_blank" rel="noopener">CVE-2019-9513</a><br><a href="https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" target="_blank" rel="noopener">MISC</a><br><a href="https://kb.cert.org/vuls/id/605641/" target="_blank" rel="noopener">CERT-VN</a><br><a href="https://usn.ubuntu.com/4099-1/" target="_blank" rel="noopener">UBUNTU</a><br><a href="https://www.synology.com/security/advisory/Synology_SA_19_33" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">http/2 -- http/2</td><td style="text-align: left;" align="left">Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-9511" target="_blank" rel="noopener">CVE-2019-9511</a><br><a href="https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" target="_blank" rel="noopener">MISC</a><br><a href="https://kb.cert.org/vuls/id/605641/" target="_blank" rel="noopener">CERT-VN</a><br><a href="https://usn.ubuntu.com/4099-1/" target="_blank" rel="noopener">UBUNTU</a><br><a href="https://www.synology.com/security/advisory/Synology_SA_19_33" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">http/2 -- http/2</td><td style="text-align: left;" align="left">Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-9512" target="_blank" rel="noopener">CVE-2019-9512</a><br><a href="http://seclists.org/fulldisclosure/2019/Aug/16" target="_blank" rel="noopener">FULLDISC</a><br><a href="https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" target="_blank" rel="noopener">MISC</a><br><a href="https://kb.cert.org/vuls/id/605641/" target="_blank" rel="noopener">CERT-VN</a><br><a href="https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E" target="_blank" rel="noopener">MLIST</a><br><a href="https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E" target="_blank" rel="noopener">MLIST</a><br><a href="https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E" target="_blank" rel="noopener">MLIST</a><br><a href="https://seclists.org/bugtraq/2019/Aug/24" target="_blank" rel="noopener">BUGTRAQ</a><br><a href="https://www.synology.com/security/advisory/Synology_SA_19_33" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">http/2 -- http/2</td><td style="text-align: left;" align="left">Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-9515" target="_blank" rel="noopener">CVE-2019-9515</a><br><a href="http://seclists.org/fulldisclosure/2019/Aug/16" target="_blank" rel="noopener">FULLDISC</a><br><a href="https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" target="_blank" rel="noopener">MISC</a><br><a href="https://kb.cert.org/vuls/id/605641/" target="_blank" rel="noopener">CERT-VN</a><br><a href="https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E" target="_blank" rel="noopener">MLIST</a><br><a href="https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E" target="_blank" rel="noopener">MLIST</a><br><a href="https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E" target="_blank" rel="noopener">MLIST</a><br><a href="https://seclists.org/bugtraq/2019/Aug/24" target="_blank" rel="noopener">BUGTRAQ</a><br><a href="https://www.synology.com/security/advisory/Synology_SA_19_33" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">http/2 -- http/2</td><td style="text-align: left;" align="left">Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-9516" target="_blank" rel="noopener">CVE-2019-9516</a><br><a href="http://seclists.org/fulldisclosure/2019/Aug/16" target="_blank" rel="noopener">FULLDISC</a><br><a href="https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" target="_blank" rel="noopener">MISC</a><br><a href="https://kb.cert.org/vuls/id/605641/" target="_blank" rel="noopener">CERT-VN</a><br><a href="https://seclists.org/bugtraq/2019/Aug/24" target="_blank" rel="noopener">BUGTRAQ</a><br><a href="https://usn.ubuntu.com/4099-1/" target="_blank" rel="noopener">UBUNTU</a><br><a href="https://www.synology.com/security/advisory/Synology_SA_19_33" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">http/2 -- http/2</td><td style="text-align: left;" align="left">HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10081" target="_blank" rel="noopener">CVE-2019-10081</a><br><a href="https://httpd.apache.org/security/vulnerabilities_24.html" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">http/2 -- http/2</td><td style="text-align: left;" align="left">Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-9514" target="_blank" rel="noopener">CVE-2019-9514</a><br><a href="http://seclists.org/fulldisclosure/2019/Aug/16" target="_blank" rel="noopener">FULLDISC</a><br><a href="https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" target="_blank" rel="noopener">MISC</a><br><a href="https://kb.cert.org/vuls/id/605641/" target="_blank" rel="noopener">CERT-VN</a><br><a href="https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E" target="_blank" rel="noopener">MLIST</a><br><a href="https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E" target="_blank" rel="noopener">MLIST</a><br><a href="https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E" target="_blank" rel="noopener">MLIST</a><br><a href="https://seclists.org/bugtraq/2019/Aug/24" target="_blank" rel="noopener">BUGTRAQ</a><br><a href="https://www.synology.com/security/advisory/Synology_SA_19_33" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">http/2 -- http/2</td><td style="text-align: left;" align="left">Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-9517" target="_blank" rel="noopener">CVE-2019-9517</a><br><a href="http://www.openwall.com/lists/oss-security/2019/08/15/7" target="_blank" rel="noopener">MLIST</a><br><a href="https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" target="_blank" rel="noopener">MISC</a><br><a href="https://kb.cert.org/vuls/id/605641/" target="_blank" rel="noopener">CERT-VN</a><br><a href="https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb@%3Cannounce.httpd.apache.org%3E" target="_blank" rel="noopener">MLIST</a><br><a href="https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" target="_blank" rel="noopener">MLIST</a><br><a href="https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50@%3Cdev.httpd.apache.org%3E" target="_blank" rel="noopener">MLIST</a><br><a href="https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c@%3Cdev.httpd.apache.org%3E" target="_blank" rel="noopener">MLIST</a><br><a href="https://www.synology.com/security/advisory/Synology_SA_19_33" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">http/2 -- http/2</td><td style="text-align: left;" align="left">Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-9518" target="_blank" rel="noopener">CVE-2019-9518</a><br><a href="http://seclists.org/fulldisclosure/2019/Aug/16" target="_blank" rel="noopener">FULLDISC</a><br><a href="https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" target="_blank" rel="noopener">MISC</a><br><a href="https://kb.cert.org/vuls/id/605641/" target="_blank" rel="noopener">CERT-VN</a><br><a href="https://seclists.org/bugtraq/2019/Aug/24" target="_blank" rel="noopener">BUGTRAQ</a><br><a href="https://www.synology.com/security/advisory/Synology_SA_19_33" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">huawei -- cloudlink_phone_7900</td><td style="text-align: left;" align="left">The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks, leading to the affected phones registered abnormally, affecting the availability of IP phones.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5280" target="_blank" rel="noopener">CVE-2019-5280</a><br><a href="https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190724-01-7900-en" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">huawei -- hima-al00b_smart_phones</td><td style="text-align: left;" align="left">Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. Attackers can induce users to install malicious applications. Due to a defect in the signature verification logic, the malicious applications can invoke specific interface to execute malicious code. A successful exploit may result in the execution of arbitrary code.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5299" target="_blank" rel="noopener">CVE-2019-5299</a><br><a href="https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-phone-en" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">humanica -- humatrix_7</td><td style="text-align: left;" align="left">The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates' information on the website via a modified selApp variable to personalData/resumeDetail.cfm. This includes personal information and other sensitive data.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14932" target="_blank" rel="noopener">CVE-2019-14932</a><br><a href="https://gist.github.com/donut117/1ddbb8290a1186502da81b46a5d53c63" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">jasper -- jasper</td><td style="text-align: left;" align="left">The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14232" target="_blank" rel="noopener">CVE-2017-14232</a><br><a href="https://security.gentoo.org/glsa/201908-03" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">jira -- jira</td><td style="text-align: left;" align="left">The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-8448" target="_blank" rel="noopener">CVE-2019-8448</a><br><a href="https://jira.atlassian.com/browse/JRASERVER-69797" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">joomla! -- joomla!</td><td style="text-align: left;" align="left">In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15028" target="_blank" rel="noopener">CVE-2019-15028</a><br><a href="https://developer.joomla.org/security-centre/789-20190801-core-hardening-com-contact-contact-form" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">keycloak -- keycloak</td><td style="text-align: left;" align="left">It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10199" target="_blank" rel="noopener">CVE-2019-10199</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">keycloak -- keycloak</td><td style="text-align: left;" align="left">It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10201" target="_blank" rel="noopener">CVE-2019-10201</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">leaf_admin -- leaf_admin</td><td style="text-align: left;" align="left">The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows Unrestricted Upload of a File with a Dangerous Type.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14755" target="_blank" rel="noopener">CVE-2019-14755</a><br><a href="http://intruderlabs.com.br/" target="_blank" rel="noopener">MISC</a><br><a href="http://leaftecnologia.com.br/" target="_blank" rel="noopener">MISC</a><br><a href="https://gist.github.com/alacerda/8fd4557e585a8707e9d3b798968e24c1" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">ledger -- nano_2_and_nano_x_devices</td><td style="text-align: left;" align="left">On Ledger Nano S and Nano X devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data.</td><td style="text-align: center;" align="center">2019-08-10</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14354" target="_blank" rel="noopener">CVE-2019-14354</a><br><a href="https://ledger-donjon.github.io/oled-vuln/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">libreoffice -- document_foundation_libreoffice</td><td style="text-align: left;" align="left">LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-9852" target="_blank" rel="noopener">CVE-2019-9852</a><br><a href="https://seclists.org/bugtraq/2019/Aug/28" target="_blank" rel="noopener">BUGTRAQ</a><br><a href="https://www.debian.org/security/2019/dsa-4501" target="_blank" rel="noopener">DEBIAN</a><br><a href="https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9852" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">libreoffice -- document_foundation_libreoffice</td><td style="text-align: left;" align="left">LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from script event handers. However an insufficient url validation vulnerability in LibreOffice allowed malicious to bypass that protection and again trigger calling LibreLogo from script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-9850" target="_blank" rel="noopener">CVE-2019-9850</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVSDPZJG3UA43X3JXRHJAWXLDZEW77LM/" target="_blank" rel="noopener">FEDORA</a><br><a href="https://seclists.org/bugtraq/2019/Aug/28" target="_blank" rel="noopener">BUGTRAQ</a><br><a href="https://www.debian.org/security/2019/dsa-4501" target="_blank" rel="noopener">DEBIAN</a><br><a href="https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9850" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">libreoffice -- document_foundation_libreoffice</td><td style="text-align: left;" align="left">LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-9851" target="_blank" rel="noopener">CVE-2019-9851</a><br><a href="https://seclists.org/bugtraq/2019/Aug/28" target="_blank" rel="noopener">BUGTRAQ</a><br><a href="https://www.debian.org/security/2019/dsa-4501" target="_blank" rel="noopener">DEBIAN</a><br><a href="https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9851" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">libtiff -- libtiff</td><td style="text-align: left;" align="left">_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14973" target="_blank" rel="noopener">CVE-2019-14973</a><br><a href="https://gitlab.com/libtiff/libtiff/merge_requests/90" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">linux -- linux_kernel</td><td style="text-align: left;" align="left">drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15099" target="_blank" rel="noopener">CVE-2019-15099</a><br><a href="https://lore.kernel.org/linux-wireless/20190804003101.11541-1-benquike@gmail.com/T/#u" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">linux -- linux_kernel</td><td style="text-align: left;" align="left">An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15090" target="_blank" rel="noopener">CVE-2019-15090</a><br><a href="https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.12" target="_blank" rel="noopener">MISC</a><br><a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c09581a52765a85f19fc35340127396d5e3379cc" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/torvalds/linux/commit/c09581a52765a85f19fc35340127396d5e3379cc" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">linux -- linux_kernel</td><td style="text-align: left;" align="left">parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15117" target="_blank" rel="noopener">CVE-2019-15117</a><br><a href="https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=daac07156b330b18eb5071aec4b3ddca1c377f2c" target="_blank" rel="noopener">MISC</a><br><a href="https://lore.kernel.org/lkml/20190814023625.21683-1-benquike@gmail.com/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">linux -- linux_kernel</td><td style="text-align: left;" align="left">check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15118" target="_blank" rel="noopener">CVE-2019-15118</a><br><a href="https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=19bce474c45be69a284ecee660aa12d8f1e88f18" target="_blank" rel="noopener">MISC</a><br><a href="https://lore.kernel.org/lkml/20190815043554.16623-1-benquike@gmail.com/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">linux -- linux_kernel</td><td style="text-align: left;" align="left">drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15098" target="_blank" rel="noopener">CVE-2019-15098</a><br><a href="https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike@gmail.com/T/#u" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">linux -- linux_kernel</td><td style="text-align: left;" align="left">A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS).</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10140" target="_blank" rel="noopener">CVE-2019-10140</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10140" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">linux -- linux_kernel</td><td style="text-align: left;" align="left">An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18509" target="_blank" rel="noopener">CVE-2017-18509</a><br><a href="http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" target="_blank" rel="noopener">MISC</a><br><a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99253eb750fda6a644d5188fb26c43bad8d5a745" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/torvalds/linux/commit/99253eb750fda6a644d5188fb26c43bad8d5a745" target="_blank" rel="noopener">MISC</a><br><a href="https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html" target="_blank" rel="noopener">MLIST</a><br><a href="https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html" target="_blank" rel="noopener">MLIST</a><br><a href="https://lists.openwall.net/netdev/2017/12/04/40" target="_blank" rel="noopener">MISC</a><br><a href="https://pulsesecurity.co.nz/advisories/linux-kernel-4.9-inetcsklistenstop-gpf" target="_blank" rel="noopener">MISC</a><br><a href="https://salsa.debian.org/kernel-team/linux/commit/baefcdc2f29923e7325ce4e1a72c3ff0a9800f32" target="_blank" rel="noopener">MISC</a><br><a href="https://seclists.org/bugtraq/2019/Aug/26" target="_blank" rel="noopener">BUGTRAQ</a><br><a href="https://www.debian.org/security/2019/dsa-4497" target="_blank" rel="noopener">DEBIAN</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">maadhaar -- maadhaar_application</td><td style="text-align: left;" align="left">The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14516" target="_blank" rel="noopener">CVE-2019-14516</a><br><a href="https://github.com/fs0c131y/ConPresentations/blob/master/AppSecVillageDefcon27.mAadhaar.pdf" target="_blank" rel="noopener">MISC</a><br><a href="https://play.google.com/store/apps/details?id=in.gov.uidai.mAadhaarPlus&hl=en_US" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">mcafee -- frp</td><td style="text-align: left;" align="left">Privilege Escalation vulnerability in McAfee FRP 5.x prior to 5.1.0.209 allows local users to gain elevated privileges via running McAfee Tray with elevated privileges.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3637" target="_blank" rel="noopener">CVE-2019-3637</a><br><a href="https://kc.mcafee.com/corporate/index?page=content&id=SB10291" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">mcafee -- web_gateway</td><td style="text-align: left;" align="left">Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3639" target="_blank" rel="noopener">CVE-2019-3639</a><br><a href="https://kc.mcafee.com/corporate/index?page=content&id=SB10293" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">mcafee -- web_gateway</td><td style="text-align: left;" align="left">Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows attackers to obtain sensitive data via crafting a complex webpage that will trigger the Web Gateway to block the user accessing an iframe.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3635" target="_blank" rel="noopener">CVE-2019-3635</a><br><a href="https://kc.mcafee.com/corporate/index?page=content&id=SB10293" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">mediatek -- emmc_for_android</td><td style="text-align: left;" align="left">The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in platform/mt6577/external/meta/emmc/meta_clr_emmc.c invokes 'system("/system/bin/rm -r /data/' followed by this filename upon an eMMC clearance from a Meta Mode boot. NOTE: compromise of Fire OS on the Amazon Echo Dot would require a second hypothetical vulnerability that allows creation of the required file under /data.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15027" target="_blank" rel="noopener">CVE-2019-15027</a><br><a href="https://dojo.bullguard.com/dojo-by-bullguard/blog/gaining-rooting-primitives-for-android-mediatek-chips/" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/andr3jx/MTK6577/blob/238012ebf18e3751397884d1742ff7ab6417e80d/mediatek/platform/mt6577/external/meta/emmc/meta_clr_emmc.c#L302-L305" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">micro_focus -- self_service_password_reset</td><td style="text-align: left;" align="left">A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11652" target="_blank" rel="noopener">CVE-2019-11652</a><br><a href="https://www.netiq.com/documentation/self-service-password-reset-42/release-notes-sspr42-p6/data/release-notes-sspr42-p6.html" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.netiq.com/documentation/self-service-password-reset-43/release-notes-sspr-43-p3/data/release-notes-sspr-43-p3.html" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p3/data/release-notes-sspr-44-p3.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- azure_active_directory_authentication_library</td><td style="text-align: left;" align="left">An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches tokens, aka 'Azure Active Directory Authentication Library Elevation of Privilege Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1258" target="_blank" rel="noopener">CVE-2019-1258</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1258" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- azure_active_directory_microsoft_account</td><td style="text-align: left;" align="left">An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session, aka 'Windows Information Disclosure Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1172" target="_blank" rel="noopener">CVE-2019-1172</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1172" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- defender</td><td style="text-align: left;" align="left">An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1161" target="_blank" rel="noopener">CVE-2019-1161</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1161" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- dhcp_client</td><td style="text-align: left;" align="left">A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0736" target="_blank" rel="noopener">CVE-2019-0736</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0736" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- directx</td><td style="text-align: left;" align="left">An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1176" target="_blank" rel="noopener">CVE-2019-1176</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1176" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- dynamics_on-premise</td><td style="text-align: left;" align="left">An elevation of privilege vulnerability exists in Dynamics On-Premise v9, aka 'Dynamics On-Premise Elevation of Privilege Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1229" target="_blank" rel="noopener">CVE-2019-1229</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1229" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- edge</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1141" target="_blank" rel="noopener">CVE-2019-1141</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1141" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- edge</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1131" target="_blank" rel="noopener">CVE-2019-1131</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1131" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- edge</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1140" target="_blank" rel="noopener">CVE-2019-1140</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1140" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- edge</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1197" target="_blank" rel="noopener">CVE-2019-1197</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1197" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- edge</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1197.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1196" target="_blank" rel="noopener">CVE-2019-1196</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1196" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- edge</td><td style="text-align: left;" align="left">An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka 'Microsoft Edge Information Disclosure Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1030" target="_blank" rel="noopener">CVE-2019-1030</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1030" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- edge</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1139" target="_blank" rel="noopener">CVE-2019-1139</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1139" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- edge</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1196, CVE-2019-1197.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1195" target="_blank" rel="noopener">CVE-2019-1195</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1195" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- git_for_visual_studio</td><td style="text-align: left;" align="left">An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files, aka 'Git for Visual Studio Elevation of Privilege Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1211" target="_blank" rel="noopener">CVE-2019-1211</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1211" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- hyper-v</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0965" target="_blank" rel="noopener">CVE-2019-0965</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0965" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- hyper-v_network_switch</td><td style="text-align: left;" align="left">A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0714, CVE-2019-0715, CVE-2019-0717, CVE-2019-0718.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0723" target="_blank" rel="noopener">CVE-2019-0723</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0723" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- hyper-v_network_switch</td><td style="text-align: left;" align="left">A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0714, CVE-2019-0715, CVE-2019-0718, CVE-2019-0723.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0717" target="_blank" rel="noopener">CVE-2019-0717</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0717" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- hyper-v_network_switch</td><td style="text-align: left;" align="left">A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0715, CVE-2019-0717, CVE-2019-0718, CVE-2019-0723.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0714" target="_blank" rel="noopener">CVE-2019-0714</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0714" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- hyper-v_network_switch</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0720" target="_blank" rel="noopener">CVE-2019-0720</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0720" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- hyper-v_network_switch</td><td style="text-align: left;" align="left">A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0714, CVE-2019-0717, CVE-2019-0718, CVE-2019-0723.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0715" target="_blank" rel="noopener">CVE-2019-0715</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0715" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- hyper-v_network_switch</td><td style="text-align: left;" align="left">A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0714, CVE-2019-0715, CVE-2019-0717, CVE-2019-0723.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0718" target="_blank" rel="noopener">CVE-2019-0718</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0718" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- internet_explorer</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1194.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1133" target="_blank" rel="noopener">CVE-2019-1133</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1133" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- internet_explorer</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1133.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1194" target="_blank" rel="noopener">CVE-2019-1194</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1194" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- internet_explorer_and_edge</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1193" target="_blank" rel="noopener">CVE-2019-1193</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1193" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- internet_explorer_and_edge</td><td style="text-align: left;" align="left">A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka 'Microsoft Browsers Security Feature Bypass Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1192" target="_blank" rel="noopener">CVE-2019-1192</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1192" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1174, CVE-2019-1175, CVE-2019-1177, CVE-2019-1178, CVE-2019-1179, CVE-2019-1180, CVE-2019-1184, CVE-2019-1186.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1173" target="_blank" rel="noopener">CVE-2019-1173</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1173" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1146, CVE-2019-1147, CVE-2019-1156, CVE-2019-1157.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1155" target="_blank" rel="noopener">CVE-2019-1155</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1155" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1177, CVE-2019-1178, CVE-2019-1179, CVE-2019-1180, CVE-2019-1184.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1186" target="_blank" rel="noopener">CVE-2019-1186</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1186" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1146, CVE-2019-1147, CVE-2019-1155, CVE-2019-1156.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1157" target="_blank" rel="noopener">CVE-2019-1157</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1157" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1159.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1164" target="_blank" rel="noopener">CVE-2019-1164</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1164" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1177, CVE-2019-1178, CVE-2019-1179, CVE-2019-1180, CVE-2019-1186.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1184" target="_blank" rel="noopener">CVE-2019-1184</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1184" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1228.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1227" target="_blank" rel="noopener">CVE-2019-1227</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1227" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1188" target="_blank" rel="noopener">CVE-2019-1188</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1188" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Server Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1224.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1225" target="_blank" rel="noopener">CVE-2019-1225</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1225" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Server Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1225.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1224" target="_blank" rel="noopener">CVE-2019-1224</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1224" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services? Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1181, CVE-2019-1182, CVE-2019-1222.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1226" target="_blank" rel="noopener">CVE-2019-1226</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services? Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1181, CVE-2019-1182, CVE-2019-1226.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1222" target="_blank" rel="noopener">CVE-2019-1222</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1177, CVE-2019-1178, CVE-2019-1179, CVE-2019-1184, CVE-2019-1186.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1180" target="_blank" rel="noopener">CVE-2019-1180</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1180" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1173, CVE-2019-1175, CVE-2019-1177, CVE-2019-1178, CVE-2019-1179, CVE-2019-1180, CVE-2019-1184, CVE-2019-1186.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1174" target="_blank" rel="noopener">CVE-2019-1174</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1174" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage, aka 'SymCrypt Information Disclosure Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1171" target="_blank" rel="noopener">CVE-2019-1171</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1171" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1177, CVE-2019-1178, CVE-2019-1179, CVE-2019-1180, CVE-2019-1184, CVE-2019-1186.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1175" target="_blank" rel="noopener">CVE-2019-1175</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1175" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1162" target="_blank" rel="noopener">CVE-2019-1162</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1162" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1144, CVE-2019-1145, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1149" target="_blank" rel="noopener">CVE-2019-1149</a><br><a href="http://packetstormsecurity.com/files/154086/Microsoft-Font-Subsetting-DLL-FixSbitSubTables-Heap-Corruption.html" target="_blank" rel="noopener">MISC</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1149" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">A security feature bypass exists when Windows incorrectly validates CAB file signatures, aka 'Windows File Signature Security Feature Bypass Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1163" target="_blank" rel="noopener">CVE-2019-1163</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1163" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.To exploit this vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows p2pimsvc Elevation of Privilege Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1168" target="_blank" rel="noopener">CVE-2019-1168</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1168" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory.An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.The security update addresses the vulnerability by ensuring the Windows kernel image properly handles objects in memory., aka 'Windows Image Elevation of Privilege Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1190" target="_blank" rel="noopener">CVE-2019-1190</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1190" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1177, CVE-2019-1178, CVE-2019-1180, CVE-2019-1184, CVE-2019-1186.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1179" target="_blank" rel="noopener">CVE-2019-1179</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1179" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1144, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1145" target="_blank" rel="noopener">CVE-2019-1145</a><br><a href="http://packetstormsecurity.com/files/154081/Microsoft-Font-Subsetting-DLL-MergeFontPackage-Dangling-Pointer.html" target="_blank" rel="noopener">MISC</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1145" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1078, CVE-2019-1148.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1153" target="_blank" rel="noopener">CVE-2019-1153</a><br><a href="http://packetstormsecurity.com/files/154098/Microsoft-Font-Subsetting-DLL-FixSbitSubTableFormat1-Out-Of-Bounds-Read.html" target="_blank" rel="noopener">MISC</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1153" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1078, CVE-2019-1153.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1148" target="_blank" rel="noopener">CVE-2019-1148</a><br><a href="http://packetstormsecurity.com/files/154084/Microsoft-Font-Subsetting-DLL-GetGlyphId-Out-Of-Bounds-Read.html" target="_blank" rel="noopener">MISC</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1148" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1146, CVE-2019-1155, CVE-2019-1156, CVE-2019-1157.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1147" target="_blank" rel="noopener">CVE-2019-1147</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1147" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1143, CVE-2019-1154.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1158" target="_blank" rel="noopener">CVE-2019-1158</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1158" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1154, CVE-2019-1158.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1143" target="_blank" rel="noopener">CVE-2019-1143</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1143" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1178, CVE-2019-1179, CVE-2019-1180, CVE-2019-1184, CVE-2019-1186.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1177" target="_blank" rel="noopener">CVE-2019-1177</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1177" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input, aka 'XmlLite Runtime Denial of Service Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1187" target="_blank" rel="noopener">CVE-2019-1187</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1187" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An elevation of privilege exists in SyncController.dll, aka 'Microsoft Windows Elevation of Privilege Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1198" target="_blank" rel="noopener">CVE-2019-1198</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1198" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1164.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1159" target="_blank" rel="noopener">CVE-2019-1159</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1159" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1146, CVE-2019-1147, CVE-2019-1155, CVE-2019-1157.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1156" target="_blank" rel="noopener">CVE-2019-1156</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1156" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1147, CVE-2019-1155, CVE-2019-1156, CVE-2019-1157.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1146" target="_blank" rel="noopener">CVE-2019-1146</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1146" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1177, CVE-2019-1179, CVE-2019-1180, CVE-2019-1184, CVE-2019-1186.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1178" target="_blank" rel="noopener">CVE-2019-1178</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1178" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services? Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1181, CVE-2019-1222, CVE-2019-1226.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1182" target="_blank" rel="noopener">CVE-2019-1182</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_operating_systems</td><td style="text-align: left;" align="left">An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape, aka 'Windows NTFS Elevation of Privilege Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1170" target="_blank" rel="noopener">CVE-2019-1170</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1170" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_products</td><td style="text-align: left;" align="left">A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets, aka 'Windows DHCP Server Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1206.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1212" target="_blank" rel="noopener">CVE-2019-1212</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1212" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_products</td><td style="text-align: left;" align="left">A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1212.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1206" target="_blank" rel="noopener">CVE-2019-1206</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1206" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_products</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1205.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1201" target="_blank" rel="noopener">CVE-2019-1201</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1201" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_products</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1201.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1205" target="_blank" rel="noopener">CVE-2019-1205</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1205" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_products</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1057" target="_blank" rel="noopener">CVE-2019-1057</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1057" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left"><p>microsoft -- multiple_windows_products</p></td><td style="text-align: left;" align="left">An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1169" target="_blank" rel="noopener">CVE-2019-1169</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1169" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_products</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services? Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1182, CVE-2019-1222, CVE-2019-1226.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1181" target="_blank" rel="noopener">CVE-2019-1181</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_products</td><td style="text-align: left;" align="left">A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0716" target="_blank" rel="noopener">CVE-2019-0716</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0716" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multiple_windows_products</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1183" target="_blank" rel="noopener">CVE-2019-1183</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1183" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- multple_windows_products</td><td style="text-align: left;" align="left">An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1148, CVE-2019-1153.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1078" target="_blank" rel="noopener">CVE-2019-1078</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1078" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- outlook</td><td style="text-align: left;" align="left">An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages, aka 'Microsoft Outlook Elevation of Privilege Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1204" target="_blank" rel="noopener">CVE-2019-1204</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1204" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- outlook_and_office365_proplus</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Memory Corruption Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1199" target="_blank" rel="noopener">CVE-2019-1199</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1199" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- outlook_and_office365_proplus</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1200" target="_blank" rel="noopener">CVE-2019-1200</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1200" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- outlook_ios</td><td style="text-align: left;" align="left">A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages, aka 'Outlook iOS Spoofing Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1218" target="_blank" rel="noopener">CVE-2019-1218</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1218" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- remote_desktop_protocol</td><td style="text-align: left;" align="left">A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1223" target="_blank" rel="noopener">CVE-2019-1223</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1223" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- sharepoint</td><td style="text-align: left;" align="left">An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1202" target="_blank" rel="noopener">CVE-2019-1202</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1202" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- sharepoint_server</td><td style="text-align: left;" align="left">A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1203" target="_blank" rel="noopener">CVE-2019-1203</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1203" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- windows_10_and_windows_server</td><td style="text-align: left;" align="left">An elevation of privilege vulnerability exists due to a stack corruption in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1185" target="_blank" rel="noopener">CVE-2019-1185</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1185" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- windows_7_and_windows_server_2008</td><td style="text-align: left;" align="left">An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1143, CVE-2019-1158.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1154" target="_blank" rel="noopener">CVE-2019-1154</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1154" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- windows_7_and_windows_server_2008</td><td style="text-align: left;" align="left">An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1227.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1228" target="_blank" rel="noopener">CVE-2019-1228</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1228" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">microsoft -- windows_server_2008</td><td style="text-align: left;" align="left">A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-1213" target="_blank" rel="noopener">CVE-2019-1213</a><br><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1213" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">netgear -- nighthawk_m1_devices</td><td style="text-align: left;" align="left">An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authentication.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14527" target="_blank" rel="noopener">CVE-2019-14527</a><br><a href="https://www.pentestpartners.com/security-blog/how-not-to-do-cross-site-request-forgery-protection-the-netgear-nighthawk-m1/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">netgear -- nighthawk_m1_devices</td><td style="text-align: left;" align="left">An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web interface. This entirely bypasses the intended security benefits of the use of a CSRF-protection token.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14526" target="_blank" rel="noopener">CVE-2019-14526</a><br><a href="https://www.pentestpartners.com/security-blog/how-not-to-do-cross-site-request-forgery-protection-the-netgear-nighthawk-m1/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">netwrix -- auditor</td><td style="text-align: left;" align="left">Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. In addition, the service Netwrix.ADA.StorageAuditService (which writes to that directory) does not perform proper impersonation, and thus the target file will have the same permissions as the invoking process (in this case, granting Authenticated Users full access over the target file). This vulnerability can be triggered by a low-privileged user to perform DLL Hijacking/Binary Planting attacks and ultimately execute code as NT AUTHORITY\SYSTEM with the help of Symbolic Links.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14969" target="_blank" rel="noopener">CVE-2019-14969</a><br><a href="https://github.com/active-labs/Advisories/blob/master/ACTIVE-2019-010.md" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">node.js -- node.js</td><td style="text-align: left;" align="left">An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default.</td><td style="text-align: center;" align="center">2019-08-11</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14939" target="_blank" rel="noopener">CVE-2019-14939</a><br><a href="https://github.com/mysqljs/mysql/issues/2257" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">nvidia -- shield_tv</td><td style="text-align: left;" align="left">NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead to code execution, denial of service, or information disclosure.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-5681" target="_blank" rel="noopener">CVE-2019-5681</a><br><a href="https://nvidia.custhelp.com/app/answers/detail/a_id/4804" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">opencart -- opencart</td><td style="text-align: left;" align="left">OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15081" target="_blank" rel="noopener">CVE-2019-15081</a><br><a href="https://github.com/nipunsomani/Opencart-3.x.x-Authenticated-Stored-XSS/blob/master/README.md" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">openemr -- openemr</td><td style="text-align: left;" align="left">An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14530" target="_blank" rel="noopener">CVE-2019-14530</a><br><a href="https://github.com/openemr/openemr/pull/2592" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/Wezery/CVE-2019-14530" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">openstack -- nova</td><td style="text-align: left;" align="left">An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14433" target="_blank" rel="noopener">CVE-2019-14433</a><br><a href="http://www.openwall.com/lists/oss-security/2019/08/06/6" target="_blank" rel="noopener">MLIST</a><br><a href="https://launchpad.net/bugs/1837877" target="_blank" rel="noopener">MISC</a><br><a href="https://security.openstack.org/ossa/OSSA-2019-003.html" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">osisoft -- osisoft_pi_web_api</td><td style="text-align: left;" align="left">In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13516" target="_blank" rel="noopener">CVE-2019-13516</a><br><a href="https://www.us-cert.gov/ics/advisories/icsa-19-225-02" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">osisoft -- osisoft_pi_web_api</td><td style="text-align: left;" align="left">OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13515" target="_blank" rel="noopener">CVE-2019-13515</a><br><a href="https://www.us-cert.gov/ics/advisories/icsa-19-225-02" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">pdfresurrect -- pdfresurrect</td><td style="text-align: left;" align="left">An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write.</td><td style="text-align: center;" align="center">2019-08-11</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14934" target="_blank" rel="noopener">CVE-2019-14934</a><br><a href="https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/enferex/pdfresurrect/compare/v0.17...v0.18" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">project_redcap -- redcap</td><td style="text-align: left;" align="left">REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data.</td><td style="text-align: center;" align="center">2019-08-17</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14937" target="_blank" rel="noopener">CVE-2019-14937</a><br><a href="https://gist.github.com/hiennv20/6739606a4d0d25612f5139ec391060b7" target="_blank" rel="noopener">MISC</a><br><a href="https://projectredcap.org/resources/community/" target="_blank" rel="noopener">MISC</a><br><a href="https://www.evms.edu/research/resources_services/redcap/redcap_change_log/" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">prospecta -- master_data_online</td><td style="text-align: left;" align="left">Prospecta Master Data Online (MDO) 2.0 has Stored XSS.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17790" target="_blank" rel="noopener">CVE-2018-17790</a><br><a href="http://packetstormsecurity.com/files/154001/Master-Data-Online-2.0-Cross-Site-Scripting.html" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">realtek -- waves_maxxaudio_driver</td><td style="text-align: left;" align="left">Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, installs with incorrect file permissions. As a result, a local attacker can escalate to SYSTEM.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15084" target="_blank" rel="noopener">CVE-2019-15084</a><br><a href="https://www.exploit-db.com/exploits/46416" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">riot -- riot</td><td style="text-align: left;" align="left">RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _receive in sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloop.c upon receiving an ACK before a SYN.</td><td style="text-align: center;" align="center">2019-08-17</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15134" target="_blank" rel="noopener">CVE-2019-15134</a><br><a href="https://github.com/RIOT-OS/RIOT/pull/12001" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">rockwell_automation -- arena_simulation_software</td><td style="text-align: left;" align="left">Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13511" target="_blank" rel="noopener">CVE-2019-13511</a><br><a href="https://www.us-cert.gov/ics/advisories/icsa-19-213-05" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">rockwell_automation -- arena_simulation_software</td><td style="text-align: left;" align="left">Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13510" target="_blank" rel="noopener">CVE-2019-13510</a><br><a href="https://www.us-cert.gov/ics/advisories/icsa-19-213-05" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">sap -- businessobjects_business_intelligence_platform</td><td style="text-align: left;" align="left">In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.2, 4.3, the attacker can then query and receive the whole data set instead of just what is part of their authorized security profile, resulting in Information Disclosure.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0333" target="_blank" rel="noopener">CVE-2019-0333</a><br><a href="https://launchpad.support.sap.com/#/notes/2764513" target="_blank" rel="noopener">MISC</a><br><a href="https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">sap -- businessobjects_business_intelligence_platform</td><td style="text-align: left;" align="left">When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker could also access other sensitive information, leading to Stored Cross Site Scripting.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0334" target="_blank" rel="noopener">CVE-2019-0334</a><br><a href="https://launchpad.support.sap.com/#/notes/2771221" target="_blank" rel="noopener">MISC</a><br><a href="https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">sap -- businessobjects_business_intelligence_platform</td><td style="text-align: left;" align="left">Under certain conditions, SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, allows an attacker to access sensitive data such as directory structure, leading to Information Disclosure.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0331" target="_blank" rel="noopener">CVE-2019-0331</a><br><a href="https://launchpad.support.sap.com/#/notes/2742468" target="_blank" rel="noopener">MISC</a><br><a href="https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">sap -- businessobjects_business_intelligence_platform</td><td style="text-align: left;" align="left">SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting (XSS) vulnerability.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0332" target="_blank" rel="noopener">CVE-2019-0332</a><br><a href="https://launchpad.support.sap.com/#/notes/2742468" target="_blank" rel="noopener">MISC</a><br><a href="https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">sap -- businessobjects_business_intelligence_platform</td><td style="text-align: left;" align="left">Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Console), versions 4.1, 4.2, 4.3, allows an attacker to store a malicious payload within the description field of a user account. The payload is triggered when the mouse cursor is moved over the description field in the list, when generating the little yellow informational pop up box, resulting in Stored Cross Site Scripting Attack.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0335" target="_blank" rel="noopener">CVE-2019-0335</a><br><a href="https://launchpad.support.sap.com/#/notes/2742468" target="_blank" rel="noopener">MISC</a><br><a href="https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">sap -- businessobjects_business_intelligence_platform</td><td style="text-align: left;" align="left">SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0348" target="_blank" rel="noopener">CVE-2019-0348</a><br><a href="https://launchpad.support.sap.com/#/notes/2751470" target="_blank" rel="noopener">MISC</a><br><a href="https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">sap -- businessobjects_business_intelligence_platform</td><td style="text-align: left;" align="left">Unencrypted communication error in SAP Business Objects Business Intelligence Platform (Central Management Console), version 4.2, leads to disclosure of list of user names and roles imported from SAP NetWeaver BI systems, resulting in Information Disclosure.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0346" target="_blank" rel="noopener">CVE-2019-0346</a><br><a href="https://launchpad.support.sap.com/#/notes/2764513" target="_blank" rel="noopener">MISC</a><br><a href="https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">sap -- commerce_cloud</td><td style="text-align: left;" align="left">Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0344" target="_blank" rel="noopener">CVE-2019-0344</a><br><a href="https://launchpad.support.sap.com/#/notes/2786035" target="_blank" rel="noopener">MISC</a><br><a href="https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">sap -- commerce_cloud</td><td style="text-align: left;" align="left">SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0343" target="_blank" rel="noopener">CVE-2019-0343</a><br><a href="https://launchpad.support.sap.com/#/notes/2786035" target="_blank" rel="noopener">MISC</a><br><a href="https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">sap -- enable_now</td><td style="text-align: left;" align="left">The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the context of the application, he could get access to the session cookie. The session cookie could then be abused to gain access to the application.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0341" target="_blank" rel="noopener">CVE-2019-0341</a><br><a href="https://launchpad.support.sap.com/#/notes/2794742" target="_blank" rel="noopener">MISC</a><br><a href="https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">sap -- enable_now</td><td style="text-align: left;" align="left">The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file upload at multiple locations. An attacker can read local XXE files.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0340" target="_blank" rel="noopener">CVE-2019-0340</a><br><a href="https://launchpad.support.sap.com/#/notes/2794742" target="_blank" rel="noopener">MISC</a><br><a href="https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">sap -- gateway</td><td style="text-align: left;" align="left">During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0338" target="_blank" rel="noopener">CVE-2019-0338</a><br><a href="https://launchpad.support.sap.com/#/notes/2793351" target="_blank" rel="noopener">MISC</a><br><a href="https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">sap -- kernel</td><td style="text-align: left;" align="left">SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to execute ?Go to statement? without possessing the authorization S_DEVELOP DEBUG 02, resulting in Missing Authorization Check</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0349" target="_blank" rel="noopener">CVE-2019-0349</a><br><a href="https://launchpad.support.sap.com/#/notes/2798743" target="_blank" rel="noopener">MISC</a><br><a href="https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">sap -- netweaver_application_server</td><td style="text-align: left;" align="left">A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP Management console, resulting in Server-Side Request Forgery.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0345" target="_blank" rel="noopener">CVE-2019-0345</a><br><a href="https://launchpad.support.sap.com/#/notes/2813811" target="_blank" rel="noopener">MISC</a><br><a href="https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">sap -- netweaver_process_integration</td><td style="text-align: left;" align="left">Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting (XSS) vulnerability</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0337" target="_blank" rel="noopener">CVE-2019-0337</a><br><a href="https://launchpad.support.sap.com/#/notes/2789866" target="_blank" rel="noopener">MISC</a><br><a href="https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">sap -- netweaver_uddi_server</td><td style="text-align: left;" align="left">A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-0351" target="_blank" rel="noopener">CVE-2019-0351</a><br><a href="https://launchpad.support.sap.com/#/notes/2800779" target="_blank" rel="noopener">MISC</a><br><a href="https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">search_guard -- search_guard</td><td style="text-align: left;" align="left">Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13415" target="_blank" rel="noopener">CVE-2019-13415</a><br><a href="https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://search-guard.com/cve-advisory/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">search_guard -- search_guard</td><td style="text-align: left;" align="left">Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13419" target="_blank" rel="noopener">CVE-2019-13419</a><br><a href="https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://search-guard.com/cve-advisory/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">search_guard -- search_guard</td><td style="text-align: left;" align="left">Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s).</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13416" target="_blank" rel="noopener">CVE-2019-13416</a><br><a href="https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://search-guard.com/cve-advisory/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">search_guard -- search_guard</td><td style="text-align: left;" align="left">Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13418" target="_blank" rel="noopener">CVE-2019-13418</a><br><a href="https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://search-guard.com/cve-advisory/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">search_guard -- search_guard</td><td style="text-align: left;" align="left">Search Guard versions before 21.0 had an timing side channel issue when using the internal user database.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13420" target="_blank" rel="noopener">CVE-2019-13420</a><br><a href="https://docs.search-guard.com/6.x-21/changelog-searchguard-6-x-21_0" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://search-guard.com/cve-advisory/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">search_guard -- search_guard</td><td style="text-align: left;" align="left">Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13417" target="_blank" rel="noopener">CVE-2019-13417</a><br><a href="https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_0" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://search-guard.com/cve-advisory/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">siemens -- multiple_scalance_products</td><td style="text-align: left;" align="left">A vulnerability has been identified in SCALANCE X-200 (All versions), SCALANCE X-200IRT (All versions), SCALANCE X-200RNA (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10942" target="_blank" rel="noopener">CVE-2019-10942</a><br><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">siemens -- multiple_scalance_products</td><td style="text-align: left;" align="left">A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authenticated attacker with network access to to port 22/tcp of an affected device may cause a Denial-of-Service condition. The security vulnerability could be exploited by an authenticated attacker with network access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the availability of the affected device.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10927" target="_blank" rel="noopener">CVE-2019-10927</a><br><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">siemens -- multiple_simatic_products</td><td style="text-align: left;" align="left">A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7-1200 CPU family (All versions >= V4.0), SIMATIC S7-1500 CPU family (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device. No public exploitation of the vulnerability was known at the time of advisory publication.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10943" target="_blank" rel="noopener">CVE-2019-10943</a><br><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">siemens -- multiple_simatic_products</td><td style="text-align: left;" align="left">A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7-1200 CPU family (All versions >= V4.0), SIMATIC S7-1500 CPU family (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions). An attacker in a Man-in-the-Middle position could potentially modify network traffic exchanged on port 102/tcp, due to certain properties in the calculation used for integrity protection. In order to exploit the vulnerability, an attacker must be able to perform a Man-in-the-Middle attack. The vulnerability could impact the integrity of the communication. No public exploitation of the vulnerability was known at the time of advisory publication.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10929" target="_blank" rel="noopener">CVE-2019-10929</a><br><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">siemens -- scalance_sc-600</td><td style="text-align: left;" align="left">A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access to port 22/tcp as well as physical access to an affected device may trigger the device to allow execution of arbitrary commands. The security vulnerability could be exploited by an authenticated attacker with physical access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the confidentiality, integrity and availability of the affected device.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-10928" target="_blank" rel="noopener">CVE-2019-10928</a><br><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">solarwinds -- database_performance_analyzer</td><td style="text-align: left;" align="left">SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-19386" target="_blank" rel="noopener">CVE-2018-19386</a><br><a href="https://i.imgur.com/Y7t2AD6.png" target="_blank" rel="noopener">MISC</a><br><a href="https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">squid -- squid</td><td style="text-align: left;" align="left">Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12854" target="_blank" rel="noopener">CVE-2019-12854</a><br><a href="http://www.squid-cache.org/Advisories/SQUID-2019_1.txt" target="_blank" rel="noopener">MISC</a><br><a href="http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch" target="_blank" rel="noopener">MISC</a><br><a href="https://bugs.squid-cache.org/show_bug.cgi?id=4937" target="_blank" rel="noopener">MISC</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">stb_image_loader -- stb_image_loader</td><td style="text-align: left;" align="left">stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer over-read in stbi__tga_load, leading to Information Disclosure or Denial of Service.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15058" target="_blank" rel="noopener">CVE-2019-15058</a><br><a href="https://github.com/nothings/stb/issues/790" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">stb_vorbis -- stb_vorbis</td><td style="text-align: left;" align="left">A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13219" target="_blank" rel="noopener">CVE-2019-13219</a><br><a href="http://nothings.org/stb_vorbis/" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://github.com/nothings/stb/commits/master/stb_vorbis.c" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">stb_vorbis -- stb_vorbis</td><td style="text-align: left;" align="left">Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13220" target="_blank" rel="noopener">CVE-2019-13220</a><br><a href="http://nothings.org/stb_vorbis/" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://github.com/nothings/stb/commits/master/stb_vorbis.c" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">stb_vorbis -- stb_vorbis</td><td style="text-align: left;" align="left">An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13222" target="_blank" rel="noopener">CVE-2019-13222</a><br><a href="http://nothings.org/stb_vorbis/" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://github.com/nothings/stb/commits/master/stb_vorbis.c" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">stb_vorbis -- stb_vorbis</td><td style="text-align: left;" align="left">A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13217" target="_blank" rel="noopener">CVE-2019-13217</a><br><a href="http://nothings.org/stb_vorbis/" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://github.com/nothings/stb/commits/master/stb_vorbis.c" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">stb_vorbis -- stb_vorbis</td><td style="text-align: left;" align="left">A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13223" target="_blank" rel="noopener">CVE-2019-13223</a><br><a href="http://nothings.org/stb_vorbis/" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://github.com/nothings/stb/commits/master/stb_vorbis.c" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">stb_vorbis -- stb_vorbis</td><td style="text-align: left;" align="left">Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13218" target="_blank" rel="noopener">CVE-2019-13218</a><br><a href="http://nothings.org/stb_vorbis/" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://github.com/nothings/stb/commits/master/stb_vorbis.c" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">stb_vorbis -- stb_vorbis</td><td style="text-align: left;" align="left">A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13221" target="_blank" rel="noopener">CVE-2019-13221</a><br><a href="http://nothings.org/stb_vorbis/" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://github.com/nothings/stb/commits/master/stb_vorbis.c" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">storage_performance_development_kit -- storage_performance_development_kit</td><td style="text-align: left;" align="left">In Storage Performance Development Kit (SPDK) before 19.07, a user of a vhost can cause a crash if the target is sent invalid input.</td><td style="text-align: center;" align="center">2019-08-11</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14940" target="_blank" rel="noopener">CVE-2019-14940</a><br><a href="https://github.com/spdk/spdk/releases/tag/v19.07" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">sugarcrm -- sugarcrm</td><td style="text-align: left;" align="left">SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14974" target="_blank" rel="noopener">CVE-2019-14974</a><br><a href="https://www.exploit-db.com/exploits/47247" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">telenav -- scout_gps_link_app</td><td style="text-align: left;" align="left">The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network, as demonstrated by a DrivingRestriction method call to uma/jsonrpc/mobile.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14951" target="_blank" rel="noopener">CVE-2019-14951</a><br><a href="https://sites.google.com/site/iosappnss/more-vulnerable-apps-and-libraries" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">tenable -- nessus</td><td style="text-align: left;" align="left">Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3974" target="_blank" rel="noopener">CVE-2019-3974</a><br><a href="https://www.tenable.com/security/tns-2019-05" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">tibco -- multiple_products</td><td style="text-align: left;" align="left">The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as cross-site request forgery (CSRF) attacks. This issue affects: TIBCO Software Inc. TIBCO LogLogic Enterprise Virtual Appliance version 6.2.1 and prior versions. TIBCO Software Inc. TIBCO LogLogic Log Management Intelligence 6.2.1. TIBCO LogLogic LX825 Appliance 0.0.004, TIBCO LogLogic LX1025 Appliance 0.0.004, TIBCO LogLogic LX4025 Appliance 0.0.004, TIBCO LogLogic MX3025 Appliance 0.0.004, TIBCO LogLogic MX4025 Appliance 0.0.004, TIBCO LogLogic ST1025 Appliance 0.0.004, TIBCO LogLogic ST2025-SAN Appliance 0.0.004, and TIBCO LogLogic ST4025 Appliance 0.0.004 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below. TIBCO LogLogic LX1035 Appliance 0.0.005, TIBCO LogLogic LX1025R1 Appliance 0.0.004, TIBCO LogLogic LX1025R2 Appliance 0.0.004, TIBCO LogLogic LX4025R1 Appliance 0.0.004, TIBCO LogLogic LX4025R2 Appliance 0.0.004, TIBCO LogLogic LX4035 Appliance 0.0.005, TIBCO LogLogic ST2025-SANR1 Appliance 0.0.004, TIBCO LogLogic ST2025-SANR2 Appliance 0.0.004, TIBCO LogLogic ST2035-SAN Appliance 0.0.005, TIBCO LogLogic ST4025R1 Appliance 0.0.004, TIBCO LogLogic ST4025R2 Appliance 0.0.004, and TIBCO LogLogic ST4035 Appliance 0.0.005 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-11207" target="_blank" rel="noopener">CVE-2019-11207</a><br><a href="http://www.tibco.com/services/support/advisories" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-13-2019-tibco-loglogic-log-management-intelligence" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">tortoisesvn -- tortoisesvn</td><td style="text-align: left;" align="left">An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?path2:[file2] URI will execute a customised diff on [file1] and [file2] based on the file extension. For xls files, it will execute the script diff-xls.js using wscript, which will open the two files for analysis without any macro security warning. An attacker can exploit this by putting a macro virus in a network drive, and force the victim to open the workbooks and execute the macro inside.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14422" target="_blank" rel="noopener">CVE-2019-14422</a><br><a href="http://seclists.org/fulldisclosure/2019/Aug/7" target="_blank" rel="noopener">FULLDISC</a><br><a href="https://www.vulnerability-lab.com/get_content.php?id=2188" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">tp-link -- m7350_devices</td><td style="text-align: left;" align="left">The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by a pre-authentication command injection vulnerability.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12103" target="_blank" rel="noopener">CVE-2019-12103</a><br><a href="https://www.pentestpartners.com/security-blog/cve-2019-12103-analysis-of-a-pre-auth-rce-on-the-tp-link-m7350-with-ghidra/" target="_blank" rel="noopener">MISC</a><br><a href="https://www.tp-link.com/uk/support/download/m7350/v3/#Firmware" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">tp-link -- m7350_devices</td><td style="text-align: left;" align="left">The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12104" target="_blank" rel="noopener">CVE-2019-12104</a><br><a href="https://www.pentestpartners.com/security-blog/cve-2019-12103-analysis-of-a-pre-auth-rce-on-the-tp-link-m7350-with-ghidra/" target="_blank" rel="noopener">MISC</a><br><a href="https://www.tp-link.com/uk/support/download/m7350/v3/#Firmware" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">unisign -- unisign</td><td style="text-align: left;" align="left">UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote attacker to execute arbitrary code via crafted https packets.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12806" target="_blank" rel="noopener">CVE-2019-12806</a><br><a href="https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35111" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">vesta -- control_panel</td><td style="text-align: left;" align="left">A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12792" target="_blank" rel="noopener">CVE-2019-12792</a><br><a href="https://cardaci.xyz/advisories/2019/08/12/vesta-control-panel-0.9.8-24-privilege-escalation-in-the-upload-handler/" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/serghey-rodin/vesta/issues/1921" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">vesta -- control_panel</td><td style="text-align: left;" align="left">A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12791" target="_blank" rel="noopener">CVE-2019-12791</a><br><a href="https://cardaci.xyz/advisories/2019/08/12/vesta-control-panel-0.9.8-24-privilege-escalation-in-the-password-reset-form/" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/serghey-rodin/vesta/issues/1921" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">web_studio -- ultimate_loan_manager</td><td style="text-align: left;" align="left">XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14427" target="_blank" rel="noopener">CVE-2019-14427</a><br><a href="https://www.exploit-db.com/exploits/47198" target="_blank" rel="noopener">EXPLOIT-DB</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">webmin -- webmin</td><td style="text-align: left;" align="left">An issue was discovered in Webmin through 1.920. The parameter old in password_change.cgi contains a command injection vulnerability.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15107" target="_blank" rel="noopener">CVE-2019-15107</a><br><a href="http://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html" target="_blank" rel="noopener">MISC</a><br><a href="https://www.exploit-db.com/exploits/47230" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wind_river -- vxworks</td><td style="text-align: left;" align="left">Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12260" target="_blank" rel="noopener">CVE-2019-12260</a><br><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://security.netapp.com/advisory/ntap-20190802-0001/" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support.f5.com/csp/article/K41190253" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12260" target="_blank" rel="noopener">MISC</a><br><a href="https://support2.windriver.com/index.php?page=security-notices" target="_blank" rel="noopener">MISC</a><br><a href="https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wind_river -- vxworks</td><td style="text-align: left;" align="left">Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12259" target="_blank" rel="noopener">CVE-2019-12259</a><br><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://security.netapp.com/advisory/ntap-20190802-0001/" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support.f5.com/csp/article/K41190253" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12259" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support2.windriver.com/index.php?page=security-notices" target="_blank" rel="noopener">MISC</a><br><a href="https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wind_river -- vxworks</td><td style="text-align: left;" align="left">Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12258" target="_blank" rel="noopener">CVE-2019-12258</a><br><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://security.netapp.com/advisory/ntap-20190802-0001/" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support.f5.com/csp/article/K41190253" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12258" target="_blank" rel="noopener">MISC</a><br><a href="https://support2.windriver.com/index.php?page=security-notices" target="_blank" rel="noopener">MISC</a><br><a href="https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wind_river -- vxworks</td><td style="text-align: left;" align="left">Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets? IP options.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12256" target="_blank" rel="noopener">CVE-2019-12256</a><br><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://security.netapp.com/advisory/ntap-20190802-0001/" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support.f5.com/csp/article/K41190253" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12256" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support2.windriver.com/index.php?page=security-notices" target="_blank" rel="noopener">MISC</a><br><a href="https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wind_river -- vxworks</td><td style="text-align: left;" align="left">Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12255" target="_blank" rel="noopener">CVE-2019-12255</a><br><a href="http://packetstormsecurity.com/files/154022/VxWorks-6.8-Integer-Underflow.html" target="_blank" rel="noopener">MISC</a><br><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://security.netapp.com/advisory/ntap-20190802-0001/" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support.f5.com/csp/article/K41190253" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12255" target="_blank" rel="noopener">MISC</a><br><a href="https://support2.windriver.com/index.php?page=security-notices" target="_blank" rel="noopener">MISC</a><br><a href="https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wind_river -- vxworks</td><td style="text-align: left;" align="left">Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw).</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12262" target="_blank" rel="noopener">CVE-2019-12262</a><br><a href="https://support.f5.com/csp/article/K41190253" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12262" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wind_river -- vxworks</td><td style="text-align: left;" align="left">Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12265" target="_blank" rel="noopener">CVE-2019-12265</a><br><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://security.netapp.com/advisory/ntap-20190802-0001/" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support.f5.com/csp/article/K41190253" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12265" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support2.windriver.com/index.php?page=security-notices" target="_blank" rel="noopener">MISC</a><br><a href="https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wind_river -- vxworks</td><td style="text-align: left;" align="left">Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12263" target="_blank" rel="noopener">CVE-2019-12263</a><br><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://security.netapp.com/advisory/ntap-20190802-0001/" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support.f5.com/csp/article/K41190253" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12263" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support2.windriver.com/index.php?page=security-notices" target="_blank" rel="noopener">MISC</a><br><a href="https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wind_river -- vxworks</td><td style="text-align: left;" align="left">Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.</td><td style="text-align: center;" align="center">2019-08-09</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12261" target="_blank" rel="noopener">CVE-2019-12261</a><br><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://security.netapp.com/advisory/ntap-20190802-0001/" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support.f5.com/csp/article/K41190253" target="_blank" rel="noopener">CONFIRM</a><br><a href="https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12261" target="_blank" rel="noopener">MISC</a><br><a href="https://support2.windriver.com/index.php?page=security-notices" target="_blank" rel="noopener">MISC</a><br><a href="https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14948" target="_blank" rel="noopener">CVE-2019-14948</a><br><a href="https://wordpress.org/plugins/woocommerce-product-addon/#developers" target="_blank" rel="noopener">MISC</a><br><a href="https://www.pluginvulnerabilities.com/2019/08/08/this-authenticated-persistent-xss-vulnerability-might-be-what-hackers-are-targeting-ppom-for-woocommerce-for/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10886" target="_blank" rel="noopener">CVE-2016-10886</a><br><a href="https://wordpress.org/plugins/wp-editor/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-10376" target="_blank" rel="noopener">CVE-2014-10376</a><br><a href="https://wordpress.org/plugins/i-recommend-this/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10887" target="_blank" rel="noopener">CVE-2016-10887</a><br><a href="https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10888" target="_blank" rel="noopener">CVE-2016-10888</a><br><a href="https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The olimometer plugin before 2.57 for WordPress has SQL injection.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10904" target="_blank" rel="noopener">CVE-2016-10904</a><br><a href="https://wordpress.org/plugins/olimometer/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9303" target="_blank" rel="noopener">CVE-2015-9303</a><br><a href="https://wordpress.org/plugins/simple-share-buttons-adder/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18490" target="_blank" rel="noopener">CVE-2017-18490</a><br><a href="https://wordpress.org/plugins/contact-form-multi/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10884" target="_blank" rel="noopener">CVE-2016-10884</a><br><a href="https://wordpress.org/plugins/simple-membership/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9316" target="_blank" rel="noopener">CVE-2015-9316</a><br><a href="https://wordpress.org/plugins/wp-fastest-cache/#developers" target="_blank" rel="noopener">MISC</a><br><a href="https://www.exploit-db.com/exploits/38678" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18510" target="_blank" rel="noopener">CVE-2017-18510</a><br><a href="https://wordpress.org/plugins/custom-sidebars/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18543" target="_blank" rel="noopener">CVE-2017-18543</a><br><a href="https://wordpress.org/plugins/invite-anyone/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18511" target="_blank" rel="noopener">CVE-2017-18511</a><br><a href="https://wordpress.org/plugins/custom-sidebars/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9306" target="_blank" rel="noopener">CVE-2015-9306</a><br><a href="https://wordpress.org/plugins/wp-ultimate-csv-importer/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPress has multiple XSS issues.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18487" target="_blank" rel="noopener">CVE-2017-18487</a><br><a href="https://wordpress.org/plugins/adsense-plugin/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10883" target="_blank" rel="noopener">CVE-2016-10883</a><br><a href="https://wordpress.org/plugins/simple-add-pages-or-posts/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9322" target="_blank" rel="noopener">CVE-2015-9322</a><br><a href="https://wordpress.org/plugins/erident-custom-login-and-dashboard/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18506" target="_blank" rel="noopener">CVE-2017-18506</a><br><a href="https://wordpress.org/plugins/woocommerce-pdf-invoices-packing-slips/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The google-document-embedder plugin before 2.6.2 for WordPress has CSRF.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10882" target="_blank" rel="noopener">CVE-2016-10882</a><br><a href="https://wordpress.org/plugins/google-document-embedder/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9326" target="_blank" rel="noopener">CVE-2015-9326</a><br><a href="https://wordpress.org/plugins/wp-business-intelligence-lite/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9324" target="_blank" rel="noopener">CVE-2015-9324</a><br><a href="https://wordpress.org/plugins/easy-digital-downloads/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9307" target="_blank" rel="noopener">CVE-2015-9307</a><br><a href="https://wordpress.org/plugins/wp-google-map-plugin/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9323" target="_blank" rel="noopener">CVE-2015-9323</a><br><a href="https://wordpress.org/plugins/404-to-301/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9310" target="_blank" rel="noopener">CVE-2015-9310</a><br><a href="https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The simple-fields plugin before 1.4.11 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9302" target="_blank" rel="noopener">CVE-2015-9302</a><br><a href="https://wordpress.org/plugins/simple-fields/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The visitors-online plugin before 0.4 for WordPress has SQL injection.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9325" target="_blank" rel="noopener">CVE-2015-9325</a><br><a href="https://wordpress.org/plugins/visitors-online/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9308" target="_blank" rel="noopener">CVE-2015-9308</a><br><a href="https://wordpress.org/plugins/wp-google-map-plugin/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The liveforms plugin before 3.2.0 for WordPress has SQL injection.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9301" target="_blank" rel="noopener">CVE-2015-9301</a><br><a href="https://wordpress.org/plugins/liveforms/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9309" target="_blank" rel="noopener">CVE-2015-9309</a><br><a href="https://wordpress.org/plugins/wp-google-map-plugin/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The wp-editor plugin before 1.2.6 for WordPress has CSRF.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10885" target="_blank" rel="noopener">CVE-2016-10885</a><br><a href="https://wordpress.org/plugins/wp-editor/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The contact-form-7-sms-addon plugin before 2.4.0 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18489" target="_blank" rel="noopener">CVE-2017-18489</a><br><a href="https://wordpress.org/plugins/contact-form-7-sms-addon/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18512" target="_blank" rel="noopener">CVE-2017-18512</a><br><a href="https://wordpress.org/plugins/newsletter-by-supsystic/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The google-language-translator plugin before 5.0.06 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10870" target="_blank" rel="noopener">CVE-2016-10870</a><br><a href="https://wordpress.org/plugins/google-language-translator/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18513" target="_blank" rel="noopener">CVE-2017-18513</a><br><a href="https://wordpress.org/plugins/responsive-menu/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14789" target="_blank" rel="noopener">CVE-2019-14789</a><br><a href="https://wordpress.org/plugins/custom-404-pro/#developers" target="_blank" rel="noopener">MISC</a><br><a href="https://www.pluginvulnerabilities.com/2019/06/25/other-vulnerability-data-sources-miss-that-a-reflected-xss-vulnerability-in-custom-404-pro-hasnt-been-fixed/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-13578" target="_blank" rel="noopener">CVE-2019-13578</a><br><a href="https://fortiguard.com/zeroday/FG-VD-19-098" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/impress-org/give/commit/894937d7927eab0c98457656cbd6fb414b3a6fbf" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/impress-org/give/commit/97b9b5fae2d10742ee42fe00092729fa7da3cb32" target="_blank" rel="noopener">MISC</a><br><a href="https://github.com/impress-org/give/commit/d91f4c6dcc92aeb826b060cb2feadd56885f4cea" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in the Products Per Page feature.</td><td style="text-align: center;" align="center">2019-08-12</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20966" target="_blank" rel="noopener">CVE-2018-20966</a><br><a href="https://wordpress.org/plugins/woocommerce-jetpack/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20968" target="_blank" rel="noopener">CVE-2018-20968</a><br><a href="https://wordpress.org/plugins/wp-ultimate-exporter/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14795" target="_blank" rel="noopener">CVE-2019-14795</a><br><a href="https://wordpress.org/plugins/toggle-the-title/#developers" target="_blank" rel="noopener">MISC</a><br><a href="https://www.pluginvulnerabilities.com/2019/05/16/is-this-authenticated-persistent-cross-site-scripting-xss-vulnerability-what-hackers-would-be-interested-in-toggle-the-title-for/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18514" target="_blank" rel="noopener">CVE-2017-18514</a><br><a href="https://wordpress.org/plugins/simple-login-log/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter,</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14790" target="_blank" rel="noopener">CVE-2019-14790</a><br><a href="https://wordpress.org/plugins/limb-gallery/#developers" target="_blank" rel="noopener">MISC</a><br><a href="https://www.pluginvulnerabilities.com/2019/06/26/what-would-hackers-be-interested-in-the-wordpress-plugin-limb-gallery-for/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14800" target="_blank" rel="noopener">CVE-2019-14800</a><br><a href="https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers" target="_blank" rel="noopener">MISC</a><br><a href="https://www.pluginvulnerabilities.com/2019/05/15/information-disclosure-vulnerability-in-fv-player-fv-flowplayer-video-player/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues.</td><td style="text-align: center;" align="center">2019-08-13</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18493" target="_blank" rel="noopener">CVE-2017-18493</a><br><a href="https://wordpress.org/plugins/custom-admin-page/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The companion-auto-update plugin before 3.2.1 for WordPress has CSRF.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20972" target="_blank" rel="noopener">CVE-2018-20972</a><br><a href="https://wordpress.org/plugins/companion-auto-update/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14788" target="_blank" rel="noopener">CVE-2019-14788</a><br><a href="https://wordpress.org/plugins/newsletters-lite/#developers" target="_blank" rel="noopener">MISC</a><br><a href="https://www.pluginvulnerabilities.com/2019/07/02/there-is-also-an-authenticated-remote-code-execution-rce-vulnerability-in-newsletters/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20973" target="_blank" rel="noopener">CVE-2018-20973</a><br><a href="https://wordpress.org/plugins/companion-auto-update/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The js-jobs plugin before 1.0.7 for WordPress has CSRF.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20974" target="_blank" rel="noopener">CVE-2018-20974</a><br><a href="https://wordpress.org/plugins/js-jobs/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14786" target="_blank" rel="noopener">CVE-2019-14786</a><br><a href="https://rankmath.com/changelog/" target="_blank" rel="noopener">MISC</a><br><a href="https://www.pluginvulnerabilities.com/2019/06/20/authenticated-settings-reset-vulnerability-in-rank-math-seo/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14784" target="_blank" rel="noopener">CVE-2019-14784</a><br><a href="https://wordpress.org/plugins/cp-contact-form-with-paypal/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The invite-anyone plugin before 1.3.16 for WordPress has incorrect escaping of untrusted Dashboard and front-end input.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18545" target="_blank" rel="noopener">CVE-2017-18545</a><br><a href="https://wordpress.org/plugins/invite-anyone/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15025" target="_blank" rel="noopener">CVE-2019-15025</a><br><a href="https://wordpress.org/plugins/ninja-forms/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The google-document-embedder plugin before 2.6.2 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10881" target="_blank" rel="noopener">CVE-2016-10881</a><br><a href="https://wordpress.org/plugins/google-document-embedder/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The note-press plugin before 0.1.2 for WordPress has SQL injection.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18548" target="_blank" rel="noopener">CVE-2017-18548</a><br><a href="https://wordpress.org/plugins/note-press/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The google-document-embedder plugin before 2.6.1 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10880" target="_blank" rel="noopener">CVE-2016-10880</a><br><a href="https://wordpress.org/plugins/google-document-embedder/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15113" target="_blank" rel="noopener">CVE-2019-15113</a><br><a href="https://wordpress.org/plugins/companion-sitemap-generator/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18542" target="_blank" rel="noopener">CVE-2017-18542</a><br><a href="https://wordpress.org/plugins/zendesk-help-center/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15114" target="_blank" rel="noopener">CVE-2019-15114</a><br><a href="https://wordpress.org/plugins/formcraft-form-builder/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18546" target="_blank" rel="noopener">CVE-2017-18546</a><br><a href="https://wordpress.org/plugins/jayj-quicktag/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18547" target="_blank" rel="noopener">CVE-2017-18547</a><br><a href="https://wordpress.org/plugins/nelio-ab-testing/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The xo-security plugin before 1.5.3 for WordPress has XSS.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18541" target="_blank" rel="noopener">CVE-2017-18541</a><br><a href="https://wordpress.org/plugins/xo-security/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-14216" target="_blank" rel="noopener">CVE-2019-14216</a><br><a href="https://wpvulndb.com/vulnerabilities/9510" target="_blank" rel="noopener">MISC</a><br><a href="https://zeroauth.ltd/blog/2019/08/09/cve-2019-14216-svg-vector-icon-plugin-wordpress-plugin-vulnerable-to-csrf-and-arbitrary-file-upload-leading-to-remote-code-execution/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15116" target="_blank" rel="noopener">CVE-2019-15116</a><br><a href="https://wordpress.org/plugins/easy-digital-downloads/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15115" target="_blank" rel="noopener">CVE-2019-15115</a><br><a href="https://wordpress.org/plugins/peters-login-redirect/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18544" target="_blank" rel="noopener">CVE-2017-18544</a><br><a href="https://wordpress.org/plugins/invite-anyone/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20967" target="_blank" rel="noopener">CVE-2018-20967</a><br><a href="https://wordpress.org/plugins/wp-ultimate-csv-importer/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7476" target="_blank" rel="noopener">CVE-2013-7476</a><br><a href="https://wordpress.org/plugins/simple-fields/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-20971" target="_blank" rel="noopener">CVE-2018-20971</a><br><a href="https://wordpress.org/plugins/church-admin/#developers" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">wso2 -- api_manager</td><td style="text-align: left;" align="left">An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.</td><td style="text-align: center;" align="center">2019-08-16</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15108" target="_blank" rel="noopener">CVE-2019-15108</a><br><a href="https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0597" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">xtrlock -- xtrlock</td><td style="text-align: left;" align="left">xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger).</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10894" target="_blank" rel="noopener">CVE-2016-10894</a><br><a href="https://bugs.debian.org/830726" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">yandex -- clickhouse</td><td style="text-align: left;" align="left">In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-14672" target="_blank" rel="noopener">CVE-2018-14672</a><br><a href="https://clickhouse.yandex/docs/en/security_changelog/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">yandex -- clickhouse</td><td style="text-align: left;" align="left">Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-14670" target="_blank" rel="noopener">CVE-2018-14670</a><br><a href="https://clickhouse.yandex/docs/en/security_changelog/" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">yandex -- clickhouse</td><td style="text-align: left;" align="left">ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-14669" target="_blank" rel="noopener">CVE-2018-14669</a><br><a href="https://clickhouse.yandex/docs/en/security_changelog/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">yandex -- clickhouse</td><td style="text-align: left;" align="left">In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-14668" target="_blank" rel="noopener">CVE-2018-14668</a><br><a href="https://clickhouse.yandex/docs/en/security_changelog/" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">yandex -- clickhouse</td><td style="text-align: left;" align="left">In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-14671" target="_blank" rel="noopener">CVE-2018-14671</a><br><a href="https://clickhouse.yandex/docs/en/security_changelog/" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">yes24viewer_activex -- yes24viewer_activex</td><td style="text-align: left;" align="left">Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that could allow remote attackers to download and execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for code execution.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-12809" target="_blank" rel="noopener">CVE-2019-12809</a><br><a href="https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35117" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">zabbix -- zabbix</td><td style="text-align: left;" align="left">Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.</td><td style="text-align: center;" align="center">2019-08-17</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15132" target="_blank" rel="noopener">CVE-2019-15132</a><br><a href="https://support.zabbix.com/browse/ZBX-16532" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">zoho_manageengine -- _opmanager</td><td style="text-align: left;" align="left">An issue was discovered in Zoho ManageEngine OpManager through 12.4x. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for the password. For example, if the username is admin, the password is admin@opm.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15106" target="_blank" rel="noopener">CVE-2019-15106</a><br><a href="http://pentest.com.tr/exploits/DEFCON-ManageEngine-OpManager-v12-4-Unauthenticated-Remote-Command-Execution.html" target="_blank" rel="noopener">MISC</a><br><a href="https://www.exploit-db.com/exploits/47229" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">zoho_manageengine -- application_manager</td><td style="text-align: left;" align="left">An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15105" target="_blank" rel="noopener">CVE-2019-15105</a><br><a href="http://pentest.com.tr/exploits/DEFCON-ManageEngine-APM-v14-Privilege-Escalation-Remote-Command-Execution.html" target="_blank" rel="noopener">MISC</a><br><a href="https://www.exploit-db.com/exploits/47228" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">zoho_manageengine -- opmanager</td><td style="text-align: left;" align="left">An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15104" target="_blank" rel="noopener">CVE-2019-15104</a><br><a href="http://pentest.com.tr/exploits/DEFCON-ManageEngine-OpManager-v12-4-Privilege-Escalation-Remote-Command-Execution.html" target="_blank" rel="noopener">MISC</a><br><a href="https://www.exploit-db.com/exploits/47227" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">zoho_manageengine -- servicedesk_plus</td><td style="text-align: left;" align="left">Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.</td><td style="text-align: center;" align="center">2019-08-14</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-15046" target="_blank" rel="noopener">CVE-2019-15046</a><br><a href="https://www.manageengine.com/products/service-desk/readme.html#10509" target="_blank" rel="noopener">MISC</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">zte -- zxhn_f670_product</td><td style="text-align: left;" align="left">All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3418" target="_blank" rel="noopener">CVE-2019-3418</a><br><a href="http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010163" target="_blank" rel="noopener">CONFIRM</a></td></tr><tr><td class="ox-25eb77d27b-vendor-product" style="text-align: left;" scope="row" align="left">zte -- zxhn_f670_product</td><td style="text-align: left;" align="left">All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system.</td><td style="text-align: center;" align="center">2019-08-15</td><td style="text-align: center; width: 229px;" align="center">not yet calculated</td><td style="width: 328px;"><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2019-3417" target="_blank" rel="noopener">CVE-2019-3417</a><br><a href="http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010163" target="_blank" rel="noopener">CONFIRM</a></td></tr></tbody></table><a href="https://www.us-cert.gov#top">Back to top</a><div class="ox-25eb77d27b-field ox-25eb77d27b-field--name-body ox-25eb77d27b-field--type-text-with-summary ox-25eb77d27b-field--label-hidden ox-25eb77d27b-field--item"><p class="ox-25eb77d27b-privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy & Use</a> policy.</p></div></div></div><hr><table style="border-collapse: collapse; width: 100%;" border="0" cellspacing="0" cellpadding="0" class="mce-item-table"><tbody><tr><td style="padding: 0px; color: #757575; font-size: 10px; font-family: Arial;" width="89%" height="60">A copy of this publication is available at <a href="https://www.us-cert.gov">www.us-cert.gov</a>. If you need help or have questions, please send an email to <a href="mailto:info@us-cert.gov">info@us-cert.gov</a>. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT@ncas.us-cert.gov to your address book.</td></tr></tbody></table><table style="border-collapse: collapse; width: 400px;" border="0" cellspacing="0" cellpadding="0" class="mce-item-table"><tbody><tr><td style="padding: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 12px;" valign="bottom" height="24">OTHER RESOURCES:</td></tr><tr><td style="padding: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 12px;" valign="middle" height="24"><a href="http://www.us-cert.gov/contact-us/" target="_blank" rel="noopener">Contact Us</a> | <a href="http://www.us-cert.gov/security-publications" target="_blank" rel="noopener">Security Publications</a> | <a href="http://www.us-cert.gov/ncas" target="_blank" rel="noopener">Alerts and Tips</a> | <a href="http://www.us-cert.gov/related-resources" target="_blank" rel="noopener">Related Resources</a></td></tr></tbody></table><table style="border-collapse: collapse; width: 150px;" border="0" cellspacing="0" cellpadding="0" class="mce-item-table"><tbody><tr><td style="padding: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 12px;" colspan="7" valign="bottom" height="24">STAY CONNECTED:</td></tr><tr><td width="41" style="padding: 0px;"><a href="http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new"><img src="https://service.govdelivery.com/banners/GOVDELIVERY/SOCIAL_MEDIA/envelope.gif" border="0" alt="Sign up for email updates" width="25" height="25" style="width: 25px; height: 25px;"></a></td></tr></tbody></table><p style="color: #666666; font-family: Arial, sans-serif; font-size: 12px;">SUBSCRIBER SERVICES:<br><a href="http://public.govdelivery.com/accounts/USDHSUSCERT/subscribers/new?preferences=true" target="_blank" rel="noopener">Manage Preferences</a>  |  <a href="https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/one_click_unsubscribe?verification=5.b03cc84c90ac58ffb6e970add416fb2d&destination=w3hwn%40arrl.net" target="_blank" rel="noopener">Unsubscribe</a>  |  <a href="https://subscriberhelp.govdelivery.com/">Help</a></p><hr><table style="border-collapse: collapse; width: 100%;" border="0" cellspacing="0" cellpadding="0" class="mce-item-table"><tbody><tr><td style="padding: 0px; color: #757575; font-size: 10px; font-family: Arial;" width="89%">This email was sent to w3hwn@arrl.net using GovDelivery Communications Cloud on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870</td><td align="right" width="11%" style="padding: 0px;"><a href="https://subscriberhelp.granicus.com/" target="_blank" rel="noopener"><img src="https://content.govdelivery.com/images/govd-logo-dark.png" border="0" alt="GovDelivery logo" width="115"></a></td></tr></tbody></table></td></tr></tbody></table></blockquote><p style="font-size: 14pt; font-family: times new roman,times; color: #000000;" class="default-style"><br> </p></body></html>