PHP CVE-2019-11047 Heap Buffer Overflow Vulnerability

Description PHP is prone to a heap-based buffer-overflow vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. PHP 7.2.x versions prior to 7.2.26, 7.3.x...

Apache Tomcat CVE-2019-17563 Session Fixation Vulnerability

Description Apache Tomcat is prone to a session-fixation vulnerability. An attacker can exploit this issue to hijack an arbitrary session and gain unauthorized access to the affected application. Apache Tomcat versions 9.0.0.M1 through 9.0.29 are vulnerable. Technologies Affected Apache Tomcat...

PHP PEAR 'Archive_Tar' Multiple Security Vulnerabilities

Description PEAR ArchiveTar is prone to multiple security vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the application, obtain sensitive information, bypass certain security restrictions and perform unauthorized actions. PEAR ArchiveTar version...

SQLite CVE-2019-19880 Denial of Service Vulnerability

Description SQLite is prone to a denial of service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. SQLite 3.30.1 is vulnerable; other versions may also be affected. Technologies Affected SQLite SQLite 3.30.1 Recommendations Block external access at the netwo...

Broadcom CA Client Automation CVE-2019-19231 Local Privilege Escalation Vulnerability

Description Broadcom CA Client Automation is prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to execute arbitrary command with elevated privileges on the affected system. Broadcom CA Client Automation versions 14.0, 14.1, 14.2, 14.3 are vulnerable...

Apache Log4j CVE-2019-17571 Deserialization Remote Code Execution Vulnerability

Description Apache Log4j is prone to remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Apache Log4j versions through 1.2.17 are...

Sysstat CVE-2019-19725 Memory Corruption Vulnerability

Description Sysstat is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. sysstat versions through 12.2.0 are vulnerable. Technologies...

IBM Spectrum Scale CVE-2019-4558 Local Privilege Escalation Vulnerability

Description IBM Spectrum Scale is prone to a local privilege-escalation vulnerability. An attacker may exploit this issue to gain root privileges. The following IBM products are affected: IBM Spectrum Scale versions 5.0.0.0 through 5.0.3.2 and 4.2.0.0 through 4.2.3.17 are vulnerable. IBM Elastic...

Rack CVE-2019-16782 Information Disclosure Vulnerability

Description Rack is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Rack Project Rack 0.1 Rack Project Rack 0.2 Rack Project Rack 0.3 Rack Project Rack 0.4 Rack Project Rack...

Apache Tomcat CVE-2019-12418 Local Privilege Escalation Vulnerability

Description Apache Tomcat is prone to local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges and gain complete control over the server. Apache Tomcat versions 9.0.0.M1 through 9.0.28 are vulnerable. Technologies Affected Apache Tomcat 9.0.0.M...

Django CVE-2019-19844 Security Bypass Vulnerability

Description Django is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Technologies Affected Djangoproject Django 1.11 Djangoproject Django 1.11.1 Djangoproject...

Drupal Core SA-CORE-2019-010 Multiple Security Vulnerabilities

Description Drupal is prone to multiple security vulnerabilities. An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Drupal versions 8.7.x prior to 8.7.11 and versions 8.8.x prior to 8.8.1 are...

Drupal Core SA-CORE-2019-011 Access Bypass Vulnerability

Description Drupal is prone to an access-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Drupal versions 8.7.x and 8.8.x are vulnerable. Technologies Affected Drupal Drupa...

General Electric S2020/S2020G Fast Switch 61850 CVE-2019-18267 Cross Site Scripting Vulnerability

Description General Electric S2020/S2020G Fast Switch is is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

Multiple TIBCO Spotfire Products CVE-2019-17335 Multiple Unauthorized Access Vulnerabilities

Description Multiple TIBCO Spotfire Products are prone to multiple unauthorized-access vulnerabilities. Attackers can exploit these issues to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. The following products are affected: TIBCO Spotfire Analytics...

IBM API Connect CVE-2019-4609 Information Disclosure Vulnerability

Description IBM API Connect is prone to an information-disclosure vulnerability. Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks. IBM API Connect 2018.4.1.7 is vulnerable; other versions may also affected. Technologies Affected IBM API...

TYPO3 TYPO3-PSA-2019-011 Remote Code Execution Vulnerability

Description TYPO3 is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows an attacker to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Versions prior to TYPO3 8.7.30 and 9.5.12 a...

TYPO3 CVE-2019-19849 Multiple Remote Code Execution Vulnerabilities

Description TYPO3 is prone to multiple remote code-execution vulnerabilities. Successfully exploiting these issues allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Versions prior to TYPO3 8.7.30,...

Multiple Jenkins Plugins Multiple Security Vulnerabilities

Description Jenkins plugins are prone to the following vulnerabilities: 1. Multiple information-disclosure vulnerabilities. 2. Multiple cross-site request forgery vulnerabilities. 3. Multiple HTML-injection vulnerabilities. 4. An XML External Entity injection vulnerability An attacker may...

Linux kernel Multiple Security Vulnerabilities

Description Linux kernel are prone to multiple security vulnerabilities. An attacker can exploit these issues to execute arbitrary code and cause denial-of-service conditions. Linux kernel 5.0.21 is vulnerable; other versions may also be affected. Technologies Affected Linux kernel 5.0.21...

Shadow CVE-2019-19882 Multiple Local Privilege Escalation Vulnerabilities

Description Shadow is prone to multiple local privilege-escalation vulnerabilities. A local attacker can exploit these issues to gain elevated privileges. Shadow 4.8 is vulnerable; other versions may also be affected. Technologies Affected Shadow-Maint Shadow 4.8 Recommendations Permit local acce...

Multiple TIBCO Spotfire Products CVE-2019-17337 Cross Site Scripting Vulnerability

Description Multiple TIBCO Spotfire Products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected sit...

Multiple TIBCO Spotfire Products CVE-2019-17334 Remote Code Execution Vulnerability

Description Multiple TIBCO Spotfire Products are prone to a remote code-execution vulnerability. An attacker may leverage this issue to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. The following products are...

TYPO3 CVE-2019-19850 SQL Injection Vulnerability

Description TYPO3 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the...

Multiple TIBCO Spotfire Products CVE-2019-17336 Multiple Information Disclosure Vulnerabilities

Description Multiple TIBCO Spotfire Products are prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues to obtain sensitive information. That may aid in further attacks. The following products are affected: TIBCO Spotfire Analytics Platform for AWS...

Multiple Citrix Products CVE-2019-19781 Remote Code Execution Vulnerability

Description Multiple Citrix Products are prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application. Technologies Affected Citrix NetScaler Gateway 10.5 Citrix NetScaler Gateway 11.1 Citri...

Microsoft SharePoint Server CVE-2019-1491 Information Disclosure Vulnerability

Description Microsoft SharePoint Server is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2010 SP2...

Google Chrome CVE-2019-13767 Use After Free Vulnerability

Description Google Chrome is prone to a use-after-free vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the browser, or cause denial-of-service conditions. Versions prior to Chrome 79.0.3945.88 are vulnerable. Technologies Affected Google Chrome 0.1.38.1...

TYPO3 Form Framework TYPO3-CORE-SA-2019-021 Cross Site Scripting Vulnerability

Description TYPO3 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker...

Atlassian Application Links CVE-2019-15011 Information Disclosure Vulnerability

Description Atlassian Application Links is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information. That may aid in further attacks. The following versions of Atlassian Application Links are affected: Versions prior to 5.0.12 Versions...

Atlassian Crowd CVE-2017-18107 Cross Site Request Forgery Vulnerability

Description Atlassian Crowd is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests. Exploiting this issue allows a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also...

Atlassian JIRA CVE-2019-15013 Authorization Bypass Vulnerability

Description Atlassian JIRA is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. The following versions of Atlassian JIRA are affected: Versions pri...

PHP CVE-2019-11044 Multiple Unspecified Security Vulnerabilities

Description PHP is prone to multiple unspecified security vulnerabilities. An attacker can exploit these issues to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. PHP 7.2.0 through 7.2.25, 7.3.0 through 7.3.12 and 7.4.0 are...

Apache Superset CVE-2019-12413 Information Disclosure Vulnerability

Description Apache Superset is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Apache Superset version prior to 0.31 are vulnerable. Technologies Affected Apache Superset 0.20 Apache Superset 0.2...

Linux Kernel CVE-2019-19332 Local Denial of Service Vulnerability

Description Linux Kernel is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Technologies Affected Linux kernel 2.0.0 Linux kernel 2.0.1 Linux kernel 2.0.10 Linux kernel 2.0.11 Linux kernel...

Apache Superset CVE-2019-12414 Information Disclosure Vulnerability

Description Apache Superset is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Apache Superset version prior to 0.32 are vulnerable. Technologies Affected Apache Superset 0.20 Apache Superset 0.2...

Apache Xerces-C CVE-2018-1311 Remote Code Execution Vulnerability

Description Apache Xerces-C is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application or cause denial-of-service conditions. Apache Xerces-C versions 3.0.0 through 3.2.2 are vulnerable. Technologies...

Linux Kernel CVE-2019-19807 Denial of Service Vulnerability

Description Linux Kernel is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. Linux kernel versions prior to 5.3.11 are vulnerable. Technologies Affected Linux kernel 2.0.0 Linux kernel 2.0.1 Linux kernel 2.0.10 Linux kernel 2.0.11...

Ansible Tower CVE-2019-19341 Information Disclosure Vulnerability

Description Ansible Tower is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information. That may aid in further attacks. Ansible Tower versions 3.6.1 and 3.5.3 are vulnerable; other versions may also be affected. Technologies Affected...

Ansible Tower Multiple Security Vulnerabilities

Description Ansible Tower is prone to multiple security vulnerabilities. An attacker can exploit these issues to gain unauthorized access or obtain sensitive information. That may aid in further attacks. Ansible Tower versions 3.6.1 and 3.5.3 are vulnerable; other versions may also be affected...

Atlassian FishEye and Crucible CVE-2019-15009 Unauthorized Access Vulnerability

Description Atlassian FishEye and Crucible are prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. Versions prior to FishEye and Crucible 4.8.0 are vulnerable. Technologies...

Dovecot CVE-2019-19722 Denial of Service Vulnerability

Description Dovecot is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Dovecot versions 2.3.9 and 2.3.9.1 are vulnerable. Technologies Affected Dovecot Dovecot 2.3.9 Dovecot Dovecot 2.3.9.1...

WordPress Prior to 5.3.1 Multiple Security Vulnerabilities

Description WordPress is prone to multiple security vulnerabilities. An attacker may leverage these issues to bypass certain security restrictions and perform unauthorized actions or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

IBM MQ and MQ Appliance CVE-2019-4560 Denial of Service Vulnerability

Description IBM MQ is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the process, denying service to legitimate users. The following versions of IBM MQ and MQ Appliance are affected: IBM MQ versions 9.1 CD, 9.1 LTS, 9.0 LTS and 8.0 are vulnerable. IBM MQ...

ZOHO ManageEngine EventLog Analyzer CVE-2019-19774 Security Bypass Vulnerability

Description ZOHO ManageEngine EventLog Analyzer is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in launching further attacks. ManageEngine EventLog Analyzer 10.0 SP1 is vulnerabl...

Omron PLC CJ/CS/NJ Series CVE-2019-18261 Authentication Bypass Vulnerability

Description Omron PLC CJ, CS and NJ Series are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and aid in brute-force attacks; other attacks may also be possible. The following products of Omron Programmable Logic...

Equinox Control Expert CVE-2019-18234 SQL Injection Vulnerability

Description Equinox Control Expert is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying...

Advantech DiagAnywhere CVE-2019-18257 Multiple Stack Buffer Overflow Vulnerabilities

...

Omron PLC CJ/CS Series ICSA-19-346-02 Multiple Security Vulnerabilities

Description Omron PLC CJ and CS Series are prone to multiple security vulnerabilities. An attacker may leverage these issues to bypass the authentication mechanism and gain unauthorized access to the affected application. The following products of Omron Programmable Logic Controllers are affected...

WordPress ListingPro Plugin Cross Site Scripting and Multiple HTML Injection Vulnerabilities

Description The ListingPro plugin for WordPress is prone to a cross-site scripting vulnerability and multiple HTML injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of th...