CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-18657 74 2019-10-31 2019-11-06
5.0
None Remote Low Not required None Partial None
ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function.
2 CVE-2019-18656 79 XSS 2019-10-31 2019-11-01
4.3
None Remote Medium Not required None Partial None
Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements.
3 CVE-2019-18645 59 2019-10-31 2020-08-24
2.1
None Local Low Not required None Partial None
The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to symbolic link attacks, allowing files to be written to privileged directories.
4 CVE-2019-18644 367 2019-10-31 2019-11-01
5.8
None Remote Medium Not required None Partial Partial
The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted.
5 CVE-2019-18635 476 2019-10-30 2019-11-05
5.0
None Remote Low Not required None None Partial
An issue was discovered in Mooltipass Moolticute through v0.42.1 and v0.42.x-testing through v0.42.5-testing. There is a NULL pointer dereference in MPDevice_win.cpp.
6 CVE-2019-18633 295 2019-10-30 2019-11-05
7.5
None Remote Low Not required Partial Partial Partial
European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected.
7 CVE-2019-18632 295 2019-10-30 2019-11-05
7.5
None Remote Low Not required Partial Partial Partial
European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate.
8 CVE-2019-18624 20 Bypass 2019-10-29 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553, 44.1.2254.142659, and 44.1.2254.143214.
9 CVE-2019-18612 200 +Info 2019-10-29 2019-10-31
5.0
None Remote Low Not required Partial None None
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Previously hidden (restricted) AbuseFilter filters were viewable (or their differences were viewable) to unprivileged users, thus disclosing potentially sensitive information.
10 CVE-2019-18611 200 +Info 2019-10-29 2019-10-31
4.0
None Remote Low ??? Partial None None
An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API.
11 CVE-2019-18608 20 2019-10-29 2021-07-21
5.0
None Remote Low Not required None Partial None
Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious customer can manipulate an order (e.g., its payment status or shipping fee) by adding additional attributes to user-input during the PUT /ajax/cart operation for a checkout, because of getValidDocumentForUpdate in api/server/services/orders/orders.js.
12 CVE-2019-18604 20 2019-10-29 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.
13 CVE-2019-18603 200 +Info 2019-10-29 2021-07-21
4.3
None Remote Medium Not required Partial None None
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer.
14 CVE-2019-18602 200 +Info 2019-10-29 2021-07-21
5.0
None Remote Low Not required Partial None None
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer.
15 CVE-2019-18601 502 DoS 2019-10-29 2019-11-06
5.0
None Remote Low Not required None None Partial
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler.
16 CVE-2019-18466 59 2019-10-28 2020-01-15
5.8
None Remote Medium Not required None Partial Partial
An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.
17 CVE-2019-18465 306 2019-10-31 2019-11-04
6.8
None Remote Medium Not required Partial Partial Partial
In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used.
18 CVE-2019-18464 89 Sql 2019-10-31 2019-11-06
7.5
None Remote Low Not required Partial Partial Partial
In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database or may be able to alter the database.
19 CVE-2019-18425 269 +Priv 2019-10-31 2019-11-14
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.
20 CVE-2019-18424 78 +Priv 2019-10-31 2019-11-14
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.
21 CVE-2019-18423 193 DoS 2019-10-31 2020-08-24
8.5
None Remote Medium ??? Complete Complete Complete
An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. p2m->max_mapped_gfn is used by the functions p2m_resolve_translation_fault() and p2m_get_entry() to sanity check guest physical frame. The rest of the code in the two functions will assume that there is a valid root table and check that with BUG_ON(). The function p2m_get_root_pointer() will ignore the unused top bits of a guest physical frame. This means that the function p2m_set_entry() will alias the frame. However, p2m->max_mapped_gfn will be updated using the original frame. It would be possible to set p2m->max_mapped_gfn high enough to cover a frame that would lead p2m_get_root_pointer() to return NULL in p2m_get_entry() and p2m_resolve_translation_fault(). Additionally, the sanity check on p2m->max_mapped_gfn is off-by-one allowing "highest mapped + 1" to be considered valid. However, p2m_get_root_pointer() will return NULL. The problem could be triggered with a specially crafted hypercall XENMEM_add_to_physmap{, _batch} followed by an access to an address (via hypercall or direct access) that passes the sanity check but cause p2m_get_root_pointer() to return NULL. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen version 4.8 and newer are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected.
22 CVE-2019-18422 732 DoS +Priv 2019-10-31 2019-11-17
8.5
None Remote Medium ??? Complete Complete Complete
An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified.
23 CVE-2019-18421 362 +Priv 2019-10-31 2019-11-14
7.1
None Remote High ??? Complete Complete Complete
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen exposes the actual hardware pagetables to the guest. In order to prevent the guest from modifying these page tables directly, Xen keeps track of how pages are used using a type system; pages must be "promoted" before being used as a pagetable, and "demoted" before being used for any other type. Xen also allows for "recursive" promotions: i.e., an operating system promoting a page to an L4 pagetable may end up causing pages to be promoted to L3s, which may in turn cause pages to be promoted to L2s, and so on. These operations may take an arbitrarily large amount of time, and so must be re-startable. Unfortunately, making recursive pagetable promotion and demotion operations restartable is incredibly complicated, and the code contains several races which, if triggered, can cause Xen to drop or retain extra type counts, potentially allowing guests to get write access to in-use pagetables. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All x86 systems with untrusted PV guests are vulnerable. HVM and PVH guests cannot exercise this vulnerability.
24 CVE-2019-18420 134 DoS 2019-10-31 2020-08-24
6.3
None Remote Medium ??? None None Complete
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability.
25 CVE-2019-18419 79 XSS 2019-10-24 2019-10-31
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
26 CVE-2019-18418 384 2019-10-24 2019-10-29
7.5
None Remote Low Not required Partial Partial Partial
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management.
27 CVE-2019-18417 434 Exec Code 2019-10-24 2019-10-28
6.5
None Remote Low ??? Partial Partial Partial
Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files.
28 CVE-2019-18416 79 XSS 2019-10-24 2019-10-28
4.3
None Remote Medium Not required None Partial None
Sourcecodester Restaurant Management System 1.0 allows XSS via the Last Name field of a member.
29 CVE-2019-18415 79 XSS 2019-10-24 2019-10-28
4.3
None Remote Medium Not required None Partial None
Sourcecodester Restaurant Management System 1.0 allows XSS via the "send a message" screen.
30 CVE-2019-18414 352 CSRF 2019-10-24 2019-10-28
6.8
None Remote Medium Not required Partial Partial Partial
Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a crafted HTML page.
31 CVE-2019-18413 79 Sql XSS Bypass 2019-10-24 2021-11-10
7.5
None Remote Low Not required Partial Partial Partial
In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented and thus most developers configure input validation in the vulnerable default manner. With this vulnerability, attackers can launch SQL Injection or XSS attacks by injecting arbitrary malicious input. NOTE: a software maintainer agrees with the "is not documented" finding but suggests that much of the responsibility for the risk lies in a different product.
32 CVE-2019-18409 732 2019-10-24 2019-10-30
4.6
None Local Low Not required Partial Partial Partial
The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem (which has a legacy dependency) 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser.rb file.
33 CVE-2019-18408 416 2019-10-24 2019-11-01
5.0
None Remote Low Not required None None Partial
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
34 CVE-2019-18396 78 Exec Code 2019-10-31 2020-02-10
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mnt_ping.cgi. NOTE: This may overlap CVE-2017–14127.
35 CVE-2019-18394 918 2019-10-24 2020-08-07
7.5
None Remote Low Not required Partial Partial Partial
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.
36 CVE-2019-18393 22 Dir. Trav. 2019-10-24 2020-08-07
5.0
None Remote Low Not required Partial None None
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
37 CVE-2019-18387 89 Exec Code Sql 2019-10-23 2019-10-28
7.5
None Remote Low Not required Partial Partial Partial
Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.
38 CVE-2019-18385 532 2019-10-23 2019-10-30
5.0
None Remote Low Not required Partial None None
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.
39 CVE-2019-18384 2019-10-23 2020-08-24
4.0
None Remote Low ??? Partial None None
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substring.
40 CVE-2019-18383 862 2019-10-23 2020-08-24
5.0
None Remote Low Not required Partial None None
An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramaster_TNAS-00E43A_config_backup.bin without permission.
41 CVE-2019-18382 20 DoS 2019-10-23 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered on AVStar PE204 3.10.70 IP camera devices. A denial of service can occur on open TCP port 23456. After a TELNET connection, no TCP ports are open.
42 CVE-2019-18371 22 Dir. Trav. Bypass 2019-10-23 2019-10-29
5.0
None Remote Low Not required Partial None None
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication.
43 CVE-2019-18370 20 2019-10-23 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh script for testing upload and download speeds reads a URL list from /tmp/speedtest_urls.xml, and there is a command injection vulnerability, as demonstrated by api/xqnetdetect/netspeed.
44 CVE-2019-18369 276 2019-10-31 2019-11-01
5.0
None Remote Low Not required None Partial None
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.
45 CVE-2019-18368 2019-10-31 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible.
46 CVE-2019-18367 276 2019-10-31 2019-11-04
5.0
None Remote Low Not required None Partial None
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
47 CVE-2019-18366 276 2019-10-31 2019-11-04
5.0
None Remote Low Not required Partial None None
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
48 CVE-2019-18365 2019-10-31 2019-11-07
4.3
None Remote Medium Not required Partial None None
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
49 CVE-2019-18364 502 Exec Code 2019-10-31 2019-11-01
7.5
None Remote Low Not required Partial Partial Partial
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
50 CVE-2019-18363 200 +Info 2019-10-31 2021-07-21
5.0
None Remote Low Not required Partial None None
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
Total number of vulnerabilities : 1567   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.