Virus and Security Alerts

Troj/Steale-AT

2019-11-10 00:00:00

Sophos latest virus and spyware detection
Troj/HawkEy-AY

2019-11-10 00:00:00

Sophos latest virus and spyware detection
JS/DwnLdr-YZD

2019-11-10 00:00:00

Sophos latest virus and spyware detection
Troj/PSDL-EC

2019-11-10 00:00:00

Sophos latest virus and spyware detection
Troj/PS-Z

2019-11-10 00:00:00

Sophos latest virus and spyware detection
Troj/Emotet-BUK

2019-11-10 00:00:00

Sophos latest virus and spyware detection
Troj/Miner-WN

2019-11-10 00:00:00

Sophos latest virus and spyware detection
Troj/TeslaAg-GD

2019-11-10 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-ATS

2019-11-09 00:00:00

Sophos latest virus and spyware detection
Troj/PDFUri-HUI

2019-11-09 00:00:00

Sophos latest virus and spyware detection
Troj/Zbot-NVV

2019-11-09 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-GKP

2019-11-09 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-ATT

2019-11-09 00:00:00

Sophos latest virus and spyware detection
Troj/Inject-ETF

2019-11-09 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FSH

2019-11-09 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-GIG

2019-11-09 00:00:00

Sophos latest virus and spyware detection
Troj/PdfDl-HM

2019-11-09 00:00:00

Sophos latest virus and spyware detection
Troj/DocPhish-D

2019-11-09 00:00:00

Sophos latest virus and spyware detection
CVE-2019-16209 (brocade_sannav)

2019-11-08 18:15:12
A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.
National Vulnerability Database
CVE-2019-16210 (brocade_sannav)

2019-11-08 18:15:12
Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.
National Vulnerability Database
CVE-2019-16207 (brocade_sannav)

2019-11-08 18:15:12
Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.
National Vulnerability Database
CVE-2008-7291 (debian_linux, gri)

2019-11-08 00:15:10
gri before 2.12.18 generates temporary files in an insecure way.
National Vulnerability Database
CVE-2013-1811 (debian_linux, mantisbt)

2019-11-07 23:15:10
An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
National Vulnerability Database
CVE-2013-1751 (twiki)

2019-11-07 22:15:10
TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.
National Vulnerability Database
CVE-2007-3915 (mondo)

2019-11-07 22:15:10
Mondo 2.24 has insecure handling of temporary files.
National Vulnerability Database
CVE-2007-5743 (debian_linux, viewvc)

2019-11-07 22:15:10
viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.
National Vulnerability Database
CVE-2019-18821 (logo_designer)

2019-11-07 21:15:11
Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiCustomPathLib!ExiCustomPathLib::CGradientColorsProfile::BuildGradientColorsTable+0x0000000000000053.
National Vulnerability Database
CVE-2019-18820 (logo_designer)

2019-11-07 21:15:11
Eximious Logo Designer 3.82 has Heap Corruption starting at ntdll!RtlpNtMakeTemporaryKey+0x0000000000001a78.
National Vulnerability Database
CVE-2019-18819 (logo_designer)

2019-11-07 21:15:11
Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiVectorRender!StrokeText_Blend+0x00000000000003a7.
National Vulnerability Database
CVE-2018-18674 (gnuboard5)

2019-11-07 21:15:10
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/board_form_update.php bo_content_tail parameter.
National Vulnerability Database
CVE-2010-2449 (gource)

2019-11-07 20:15:10
Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack.
National Vulnerability Database
CVE-2012-0049 (debian_linux, fedora, openttd)

2019-11-07 18:15:11
OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.
National Vulnerability Database
CVE-2019-18816 (popojicms)

2019-11-07 17:15:15
po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows post[1][content]= stored XSS.
National Vulnerability Database
CVE-2019-18815 (popojicms)

2019-11-07 17:15:15
PopojiCMS 2.0.1 allows refer= Open Redirection.
National Vulnerability Database
CVE-2010-2243 (linux_kernel)

2019-11-07 17:15:12
A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.33 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS.
National Vulnerability Database
CVE-2019-18813 (linux_kernel)

2019-11-07 16:15:11
A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures,
National Vulnerability Database
CVE-2019-18810 (linux_kernel)

2019-11-07 16:15:11
A memory leak in the komeda_wb_connector_add() function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering drm_writeb
National Vulnerability Database
CVE-2019-18811 (linux_kernel)

2019-11-07 16:15:11
A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures,
National Vulnerability Database
CVE-2019-18812 (linux_kernel)

2019-11-07 16:15:11
A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-c0a333d842ef.
National Vulnerability Database
CVE-2019-18806 (linux_kernel)

2019-11-07 16:15:11
A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() fail
National Vulnerability Database
CVE-2019-18808 (linux_kernel)

2019-11-07 16:15:11
A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.
National Vulnerability Database
CVE-2019-18807 (linux_kernel)

2019-11-07 16:15:11
Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory consumption) by triggering static_config_buf_prep
National Vulnerability Database
CVE-2019-18809 (linux_kernel)

2019-11-07 16:15:11
A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559.
National Vulnerability Database
CVE-2019-18814 (linux_kernel)

2019-11-07 16:15:11
An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.
National Vulnerability Database
CVE-2019-16878 (portainer)

2019-11-07 16:15:10
Portainer before 1.22.1 has XSS (issue 2 of 2).
National Vulnerability Database
CVE-2019-16877 (portainer)

2019-11-07 16:15:10
Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4).
National Vulnerability Database
CVE-2019-16876 (portainer)

2019-11-07 16:15:10
Portainer before 1.22.1 allows Directory Traversal.
National Vulnerability Database
CVE-2019-16872 (portainer)

2019-11-07 16:15:10
Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4).
National Vulnerability Database
CVE-2019-16874 (portainer)

2019-11-07 15:15:10
Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4).
National Vulnerability Database
CVE-2019-16873 (portainer)

2019-11-07 15:15:10
Portainer before 1.22.1 has XSS (issue 1 of 2).
National Vulnerability Database
CVE-2019-18805 (linux_kernel)

2019-11-07 14:15:11
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11.
National Vulnerability Database
CVE-2019-18804 (djvulibre)

2019-11-07 06:15:10
DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.
National Vulnerability Database
CVE-2019-18411 (manageengine_adselfservice_plus)

2019-11-06 22:15:10
Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone,
National Vulnerability Database
CVE-2014-9013 (wpmarketplace)

2019-11-06 21:15:10
The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution
National Vulnerability Database
CVE-2014-9014 (wpmarketplace)

2019-11-06 21:15:10
Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a ..
National Vulnerability Database
CVE-2019-5099 (leadtools)

2019-11-06 20:15:10
An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution.
National Vulnerability Database
CVE-2019-5100 (leadtools)

2019-11-06 20:15:10
An exploitable integer overflow vulnerability exists in the BMP header parsing functionality of LEADTOOLS 20. A specially crafted BMP image file can cause an integer overflow, potentially resulting in code execution.
National Vulnerability Database
CVE-2019-5084 (leadtools)

2019-11-06 20:15:10
An exploitable heap out-of-bounds write vulnerability exists in the TIF-parsing functionality of LEADTOOLS 20. A specially crafted TIF image can cause an offset beyond the bounds of a heap allocation to be written,
National Vulnerability Database
CVE-2019-5125 (leadtools)

2019-11-06 20:15:10
An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20. A specially crafted J2K image file can cause an out of bounds write of a heap buffer, potentially resulting in code execution.
National Vulnerability Database
CVE-2018-20853 (mailpoet_newsletters)

2019-11-06 20:15:09
An issue was discovered in the MailPoet Newsletters (aka wysija-newsletters) plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks.
National Vulnerability Database
CVE-2014-3180 (chrome_os, linux_kernel)

2019-11-06 20:15:09
** DISPUTED ** In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE:
National Vulnerability Database
CVE-2019-5643 (computing_for_good's_basic_laboratory_information_system)

2019-11-06 19:15:12
Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result,
National Vulnerability Database
CVE-2019-5617 (computing_for_good's_basic_laboratory_information_system)

2019-11-06 19:15:12
Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.4 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result,
National Vulnerability Database
CVE-2019-5644 (computing_for_good's_basic_laboratory_information_system)

2019-11-06 19:15:12
Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result,
National Vulnerability Database
CVE-2009-5049 (debian_linux, jetty)

2019-11-06 19:15:11
WebApp JSP Snoop page XSS in jetty though 6.1.21.
National Vulnerability Database
CVE-2009-5050 (konversation)

2019-11-06 19:15:11
konversation before 1.2.3 allows attackers to cause a denial of service.
National Vulnerability Database
CVE-2009-5048 (jetty)

2019-11-06 19:15:11
Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20.
National Vulnerability Database
CVE-2016-1000037 (enterprise_linux, fedora, pagure)

2019-11-06 19:15:11
Pagure: XSS possible in file attachment endpoint
National Vulnerability Database
CVE-2010-4178 (fedora, mysql-gui-tools)

2019-11-06 19:15:11
MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console
National Vulnerability Database
CVE-2019-6121 (miner)

2019-11-06 18:15:10
An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Authorization allows an adversary to can gain access to a miner's information about such as his recent payments, unclaimed Balance,
National Vulnerability Database
CVE-2019-6120 (miner)

2019-11-06 18:15:10
An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify valid ones.
National Vulnerability Database
CVE-2019-6122 (miner)

2019-11-06 18:15:10
A Username Enumeration via Error Message issue was discovered in NiceHash Miner before 2.0.3.0 because an "EMAIL DOES NOT EXIST" error message occurs whenever a submitted email address is incorrect,
National Vulnerability Database
CVE-2019-2258 (mdm9150_firmware, mdm9607_firmware, mdm9615_firmware, mdm9625_firmware, mdm9635m_firmware, mdm9640_firmware, mdm9650_firmware, mdm9655_firmware, msm8909w_firmware, msm8996au_firmware, q

2019-11-06 17:15:13
Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,
National Vulnerability Database
CVE-2019-2302 (apq8017_firmware, apq8053_firmware, apq8096au_firmware, mdm9206_firmware, mdm9207c_firmware, mdm9607_firmware, mdm9640_firmware, mdm9650_firmware, msm8905_firmware, msm8909_firmware, ms

2019-11-06 17:15:13
While processing vendor command which contains corrupted channel count, an integer overflow occurs and finally will lead to heap overflow. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,
National Vulnerability Database
CVE-2019-2285 (msm8909w_firmware, msm8996au_firmware, qcs605_firmware, qualcomm_215_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_425_firmware, sd_427_firmware, sd_429_firmware, sd_4

2019-11-06 17:15:13
Out of bound write issue is observed while giving information about properties that have been set so far for playing video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,
National Vulnerability Database
CVE-2019-2275 (mdm9150_firmware, mdm9205_firmware, mdm9206_firmware, mdm9607_firmware, mdm9650_firmware, msm8909w_firmware, msm8996au_firmware, qcs404_firmware, qcs605_firmware, qualcomm_215_firmware,

2019-11-06 17:15:13
While deserializing any key blob during key operations, buffer overflow could occur exposing partial key information if any key operations are invoked(Depends on CVE-2018-13907) in Snapdragon Auto, Snapdragon Compute,
National Vulnerability Database
CVE-2019-2325 (mdm9150_firmware, mdm9206_firmware, mdm9607_firmware, mdm9640_firmware, mdm9650_firmware, msm8909w_firmware, msm8996au_firmware, qcs405_firmware, qcs605_firmware, qualcomm_215_firmware,

2019-11-06 17:15:13
Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,
National Vulnerability Database
CVE-2019-2323 (mdm9150_firmware, mdm9206_firmware, mdm9607_firmware, mdm9640_firmware, mdm9650_firmware, msm8909w_firmware, msm8996au_firmware, qcs405_firmware, qcs605_firmware, qualcomm_215_firmware,

2019-11-06 17:15:13
Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,
National Vulnerability Database
CVE-2019-2332 (mdm9150_firmware, mdm9206_firmware, mdm9607_firmware, mdm9615_firmware, mdm9640_firmware, mdm9650_firmware, msm8909w_firmware, msm8996au_firmware, qcs405_firmware, qcs605_firmware, qual

2019-11-06 17:15:13
Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,
National Vulnerability Database
CVE-2019-2331 (mdm9150_firmware, mdm9206_firmware, mdm9607_firmware, mdm9615_firmware, mdm9640_firmware, mdm9650_firmware, msm8909w_firmware, msm8996au_firmware, qcs405_firmware, qcs605_firmware, qual

2019-11-06 17:15:13
Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,
National Vulnerability Database
CVE-2019-2283 (mdm9150_firmware, mdm9206_firmware, mdm9607_firmware, mdm9640_firmware, mdm9650_firmware, msm8909w_firmware, msm8996au_firmware, qcs605_firmware, qualcomm_215_firmware, sd_205_firmware,

2019-11-06 17:15:13
Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,
National Vulnerability Database
CVE-2019-2246 (mdm9205_firmware, mdm9640_firmware, msm8996au_firmware, qca6574_firmware, qcs605_firmware, qualcomm_215_firmware, sd_425_firmware, sd_427_firmware, sd_429_firmware, sd_435_firmware, sd_

2019-11-06 17:15:13
Thread start can cause invalid memory writes to arbitrary memory location since the argument is passed by user to kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,
National Vulnerability Database
CVE-2019-2249 (ipq8074_firmware, mdm9205_firmware, mdm9650_firmware, qca8081_firmware, qcs605_firmware, sd_427_firmware, sd_435_firmware, sd_450_firmware, sd_625_firmware, sd_636_firmware, sd_665_firm

2019-11-06 17:15:13
Kernel can do a memory read from arbitrary address passed by user during execution of a syscall in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,
National Vulnerability Database
CVE-2019-2324 (mdm9150_firmware, mdm9206_firmware, mdm9607_firmware, mdm9615_firmware, mdm9640_firmware, mdm9650_firmware, msm8909w_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_415_

2019-11-06 17:15:13
When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to out of boundary access in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,
National Vulnerability Database
CVE-2019-10524 (mdm9150_firmware, mdm9206_firmware, mdm9607_firmware, mdm9640_firmware, mdm9650_firmware, msm8909w_firmware, msm8996au_firmware, qcs405_firmware, qcs605_firmware, qualcomm_215_firmware

2019-11-06 17:15:12
Lack of check for a negative value returned for get_clk is wrongly interpreted as valid pointer and lead to use after free in clk driver in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,
National Vulnerability Database
CVE-2019-10505 (mdm9150_firmware, mdm9206_firmware, mdm9607_firmware, mdm9640_firmware, mdm9650_firmware, msm8909w_firmware, msm8996au_firmware, qca6174a_firmware, qca6574au_firmware, qca9377_firmware

2019-11-06 17:15:12
Out of bound access while processing a non-standard IE measurement request with length crossing past the size of frame in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,
National Vulnerability Database
CVE-2019-10528 (mdm9206_firmware, mdm9607_firmware, mdm9640_firmware, mdm9650_firmware, msm8909w_firmware, msm8996au_firmware, qcs405_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_42

2019-11-06 17:15:12
Use after free issue in kernel while accessing freed mdlog session info and its attributes after closing the session in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,
National Vulnerability Database
CVE-2019-10565 (apq8053_firmware, mdm9206_firmware, mdm9207c_firmware, mdm9607_firmware, msm8905_firmware, msm8909_firmware, msm8909w_firmware, qcn7605_firmware, qcs405_firmware, qcs605_firmware, sdm8

2019-11-06 17:15:12
Double free issue can happen when sensor power settings is freed by some thread while another thread try to access. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,
National Vulnerability Database
CVE-2019-10515 (mdm9150_firmware, mdm9206_firmware, mdm9607_firmware, mdm9640_firmware, mdm9650_firmware, msm8909w_firmware, msm8996au_firmware, qcs405_firmware, sd_205_firmware, sd_210_firmware, sd_2

2019-11-06 17:15:12
DCI client which might be preemptively freed up might be accessed for transferring packets leading to kernel error in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,
National Vulnerability Database
CVE-2019-10533 (mdm9206_firmware, mdm9607_firmware, msm8909w_firmware, msm8996au_firmware, qca6574au_firmware, qcs405_firmware, qcs605_firmware, qualcomm_215_firmware, sd_205_firmware, sd_210_firmware

2019-11-06 17:15:12
Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &
National Vulnerability Database
CVE-2019-10531 (mdm9607_firmware, msm8909w_firmware, qualcomm_215_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_425_firmware, sd_429_firmware, sd_439_firmware, sd_450_firmware, sd_62

2019-11-06 17:15:12
Incorrect reading of system image resulting in buffer overflow when size of system image is increased in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425,
National Vulnerability Database
CVE-2019-10542 (mdm9150_firmware, mdm9206_firmware, mdm9607_firmware, mdm9615_firmware, mdm9640_firmware, mdm9650_firmware, msm8996au_firmware, qca6174a_firmware, qca6574au_firmware, qca9377_firmware,

2019-11-06 17:15:12
Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t match the contents in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,
National Vulnerability Database
CVE-2019-10512 (ipq4019_firmware, ipq8064_firmware, ipq8074_firmware, mdm9150_firmware, mdm9206_firmware, mdm9607_firmware, mdm9640_firmware, mdm9650_firmware, msm8909w_firmware, msm8996au_firmware, q

2019-11-06 17:15:12
Payload size is not checked before using it as array index in audio in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music,
National Vulnerability Database
CVE-2019-10522 (mdm9206_firmware, mdm9607_firmware, msm8909w_firmware, msm8996au_firmware, qca6574au_firmware, qcs405_firmware, qcs605_firmware, qualcomm_215_firmware, sd_205_firmware, sd_210_firmware

2019-11-06 17:15:12
While playing the clip which is nonstandard buffer overflow can occur while parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &
National Vulnerability Database
CVE-2019-10534 (mdm9206_firmware, mdm9607_firmware, msm8909w_firmware, msm8996au_firmware, qca6574au_firmware, qcs405_firmware, qcs605_firmware, qualcomm_215_firmware, sd_205_firmware, sd_210_firmware

2019-11-06 17:15:12
Null-pointer dereference can occur while accessing the super index entry when it is not been allocated in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &
National Vulnerability Database
CVE-2019-10504 (mdm9206_firmware, mdm9607_firmware, msm8909w_firmware, qualcomm_215_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_425_firmware, sd_427_firmware, sd_429_firmware, sd_4

2019-11-06 17:15:12
Firmware not able to send EXT scan response to host within 1 sec due to resource consumption issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206,
National Vulnerability Database
CVE-2019-10529 (mdm9150_firmware, mdm9206_firmware, mdm9607_firmware, mdm9640_firmware, mdm9650_firmware, msm8909w_firmware, msm8996au_firmware, qcs405_firmware, qcs605_firmware, qualcomm_215_firmware

2019-11-06 17:15:12
Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set_page_dirty() in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,
National Vulnerability Database
CVE-2019-10541 (mdm9206_firmware, mdm9607_firmware, msm8909w_firmware, msm8996au_firmware, qca6574au_firmware, qcs405_firmware, qcs605_firmware, qualcomm_215_firmware, sd_205_firmware, sd_210_firmware

2019-11-06 17:15:12
Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &
National Vulnerability Database
CVE-2011-4632 (typo3)

2019-11-06 17:15:11
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message.
National Vulnerability Database
CVE-2011-4900 (debian_linux, typo3)

2019-11-06 17:15:11
TYPO3 before 4.5.4 allows Information Disclosure in the backend.
National Vulnerability Database
CVE-2019-10488 (mdm9150_firmware, mdm9206_firmware, mdm9607_firmware, mdm9650_firmware, msm8909w_firmware, msm8996au_firmware, qca6574au_firmware, qcs405_firmware, qcs605_firmware, qualcomm_215_firmwa

2019-11-06 17:15:11
Null pointer dereference can occur while parsing invalid chunks while playing the nonstandard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,
National Vulnerability Database
CVE-2011-4903 (typo3)

2019-11-06 17:15:11
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function.
National Vulnerability Database
CVE-2011-4901 (debian_linux, typo3)

2019-11-06 17:15:11
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database.
National Vulnerability Database
CVE-2011-4902 (typo3)

2019-11-06 17:15:11
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver.
National Vulnerability Database
CVE-2019-10496 (msm8909w_firmware, msm8996au_firmware, qcs605_firmware, qualcomm_215_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_425_firmware, sd_427_firmware, sd_429_firmware, sd_

2019-11-06 17:15:11
Lack of checking a variable received from driver and populating in Firmware data structure leads to buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,
National Vulnerability Database
CVE-2019-10491 (ipq4019_firmware, ipq8064_firmware, ipq8074_firmware, mdm9150_firmware, mdm9206_firmware, mdm9607_firmware, mdm9640_firmware, mdm9650_firmware, msm8909w_firmware, msm8996au_firmware, q

2019-11-06 17:15:11
ADSP can be compromised since it`s a general-purpose CPU processing untrusted data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music,
National Vulnerability Database
CVE-2011-4904 (typo3)

2019-11-06 17:15:11
TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services.
National Vulnerability Database
CVE-2019-10502 (msm8909w_firmware, qcs405_firmware, qcs605_firmware, qualcomm_215_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_425_firmware, sd_429_firmware, sd_439_firmware, sd_450

2019-11-06 17:15:11
Possible stack overflow when an index equal to io buffer size is accessed in camera module in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,
National Vulnerability Database
CVE-2019-10495 (msm8909w_firmware, msm8996au_firmware, qcs605_firmware, qualcomm_215_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_425_firmware, sd_427_firmware, sd_429_firmware, sd_

2019-11-06 17:15:11
Arbitrary buffer write issue while processing sequence header during HEVC or AVC encoding. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,
National Vulnerability Database
CVE-2011-4631 (typo3)

2019-11-06 17:15:10
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler.
National Vulnerability Database
CVE-2011-4626 (typo3)

2019-11-06 17:15:10
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function.
National Vulnerability Database
CVE-2011-4628 (typo3)

2019-11-06 17:15:10
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request.
National Vulnerability Database
CVE-2011-4627 (typo3)

2019-11-06 17:15:10
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend.
National Vulnerability Database
CVE-2011-4630 (typo3)

2019-11-06 17:15:10
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard.
National Vulnerability Database
CVE-2011-4629 (typo3)

2019-11-06 17:15:10
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel.
National Vulnerability Database
CVE-2010-2446 (rbot)

2019-11-06 17:15:10
Rbot Reaction plugin allows command execution
National Vulnerability Database
CVE-2015-7276 (c2000t_firmware, c2100t_firmware)

2019-11-06 16:15:10
Technicolor C2000T and C2100T uses hard-coded cryptographic keys.
National Vulnerability Database
CVE-2019-18799 (libsass)

2019-11-06 16:15:10
LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp.
National Vulnerability Database
CVE-2019-18797 (libsass)

2019-11-06 16:15:10
LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.
National Vulnerability Database
CVE-2017-18639 (sitefinity_cms)

2019-11-06 16:15:10
Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter :
National Vulnerability Database
CVE-2019-18798 (libsass)

2019-11-06 16:15:10
LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp.
National Vulnerability Database
CVE-2019-13081 (kace_systems_management_appliance)

2019-11-06 15:15:12
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /common/ticket_associated_tickets.php service desk ticket functionality) that allows an authenticated user to execute arbitra
National Vulnerability Database
CVE-2019-13080 (kace_systems_management_appliance)

2019-11-06 15:15:11
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser.
National Vulnerability Database
CVE-2019-13076 (kace_systems_management_appliance)

2019-11-06 15:15:11
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticket_list.php,
National Vulnerability Database
CVE-2019-13077 (kace_systems_management_appliance)

2019-11-06 15:15:11
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SAM_TYPE parameter) that allows an attacker to create a malicious link in order to attack authenticated users.
National Vulnerability Database
CVE-2019-13078 (kace_systems_management_appliance)

2019-11-06 15:15:11
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/user_profile.php.
National Vulnerability Database
CVE-2019-13079 (kace_systems_management_appliance)

2019-11-06 15:15:11
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/history_log.php.
National Vulnerability Database
CVE-2019-12918 (kace_systems_management_appliance)

2019-11-06 15:15:11
Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is software_library.php and affected parameters are order[0][column] and order[0][dir].
National Vulnerability Database
CVE-2019-12917 (kace_systems_management_appliance)

2019-11-06 15:15:11
A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via the PATH_INFO.
National Vulnerability Database
CVE-2014-8181 (enterprise_linux, enterprise_mrg)

2019-11-06 15:15:10
The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.
National Vulnerability Database
CVE-2016-4401 (clearpass)

2019-11-06 15:15:10
Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials.
National Vulnerability Database
CVE-2019-14847 (fedora, leap, samba)

2019-11-06 10:15:10
A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.
National Vulnerability Database
CVE-2007-0899 (clamav, debian_linux)

2019-11-06 04:15:10
There is a possible heap overflow in libclamav/fsg.c before 0.100.0.
National Vulnerability Database
CVE-2019-18784 (suitecrm)

2019-11-06 03:15:10
SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection.
National Vulnerability Database
CVE-2006-0062 (xlockmore)

2019-11-06 03:15:10
xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a new Gaim window.
National Vulnerability Database
CVE-2019-18786 (linux_kernel)

2019-11-06 03:15:10
In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem.
National Vulnerability Database
CVE-2006-4245 (archivemail, debian_linux)

2019-11-06 03:15:10
archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition.
National Vulnerability Database
CVE-2006-4243 (linux-vserver)

2019-11-06 03:15:10
linux vserver 2.6 before 2.6.17 suffers from privilege escalation in remount code.
National Vulnerability Database
CVE-2019-18674 (joomla!)

2019-11-06 02:15:11
An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure.
National Vulnerability Database
CVE-2019-18650 (joomla!)

2019-11-06 02:15:10
An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability.
National Vulnerability Database
CVE-2006-0061 (xlockmore)

2019-11-06 02:15:10
xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. This allows unauthorized users access to the X session.
National Vulnerability Database
CVE-2019-8132 (magento)

2019-11-06 01:15:25
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
CVE-2019-8157 (magento)

2019-11-06 01:15:25
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
CVE-2019-8145 (magento)

2019-11-06 01:15:25
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
CVE-2019-8156 (magento)

2019-11-06 01:15:25
A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
CVE-2019-8158 (magento)

2019-11-06 01:15:25
An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
CVE-2019-8233 (magento)

2019-11-06 00:15:13
In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments.
National Vulnerability Database
CVE-2019-8230 (magento)

2019-11-06 00:15:13
In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path.
National Vulnerability Database
CVE-2019-8229 (magento)

2019-11-06 00:15:13
In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates.
National Vulnerability Database
CVE-2019-8231 (magento)

2019-11-06 00:15:13
In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.
National Vulnerability Database
CVE-2019-8232 (magento)

2019-11-06 00:15:13
In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1,
National Vulnerability Database
CVE-2019-8146 (magento)

2019-11-06 00:15:12
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code when adding a new customer attribute for stores.
National Vulnerability Database
CVE-2019-8151 (magento)

2019-11-06 00:15:12
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
CVE-2019-8147 (magento)

2019-11-06 00:15:12
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via customer attribute label.
National Vulnerability Database
CVE-2019-8228 (magento)

2019-11-06 00:15:12
in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3,
National Vulnerability Database
CVE-2019-8153 (magento)

2019-11-06 00:15:12
A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
CVE-2019-8159 (magento)

2019-11-06 00:15:12
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
CVE-2019-8150 (magento)

2019-11-06 00:15:12
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate layouts and images can insert a malicious payload into the page layout.
National Vulnerability Database
CVE-2019-8152 (magento)

2019-11-06 00:15:12
A stored cross-site scripting (XSS) vulnerability exists in in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
CVE-2019-8227 (magento)

2019-11-06 00:15:12
In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML.
National Vulnerability Database
CVE-2019-8155 (magento)

2019-11-06 00:15:12
Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions.
National Vulnerability Database
CVE-2019-8148 (magento)

2019-11-06 00:15:12
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when creating a content page via page builder.
National Vulnerability Database
CVE-2019-8138 (magento)

2019-11-06 00:15:11
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
CVE-2019-8140 (magento)

2019-11-06 00:15:11
An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
CVE-2019-8137 (magento)

2019-11-06 00:15:11
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
CVE-2019-8144 (magento)

2019-11-06 00:15:11
A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods.
National Vulnerability Database
CVE-2019-8139 (magento)

2019-11-06 00:15:11
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary Javascript code into the dynamic block when invoking page builder on a product.
National Vulnerability Database
CVE-2019-8136 (magento)

2019-11-06 00:15:11
An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component.
National Vulnerability Database
CVE-2019-8142 (magento)

2019-11-06 00:15:11
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
CVE-2019-8143 (magento)

2019-11-06 00:15:11
A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
CVE-2019-8141 (magento)

2019-11-06 00:15:11
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
National Vulnerability Database
CVE-2019-8133 (magento)

2019-11-06 00:15:10
A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with privileges to generate sitemaps can bypass configuration that restricts directory access.
National Vulnerability Database
CVE-2019-8135 (magento)

2019-11-06 00:15:10
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency injection through Symphony framework allows service identifiers to be derived from user controlled data,
National Vulnerability Database
CVE-2019-8129 (magento)

2019-11-06 00:15:10
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting an embedded expression into a translation.
National Vulnerability Database
CVE-2019-8131 (magento)

2019-11-06 00:15:10
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into code field of an inventory source.
National Vulnerability Database
CVE-2019-8134 (magento)

2019-11-06 00:15:10
A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with marketing privileges can execute arbitrary SQL queries in the database when accessing email template variables.
National Vulnerability Database
CVE-2019-8128 (magento)

2019-11-06 00:15:10
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting malicious Javascript into the name of main website.
National Vulnerability Database
CVE-2019-8130 (magento)

2019-11-06 00:15:10
A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
Troj/Bladab-FG

2019-11-06 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-GKD

2019-11-06 00:00:00

Sophos latest virus and spyware detection
Troj/PDFUri-HUF

2019-11-06 00:00:00

Sophos latest virus and spyware detection
Troj/Swrort-DF

2019-11-06 00:00:00

Sophos latest virus and spyware detection
Java/Agent-BCWX

2019-11-06 00:00:00

Sophos latest virus and spyware detection
Mal/Disteal-D

2019-11-06 00:00:00

Sophos latest virus and spyware detection
Troj/DwnLdr-YZV

2019-11-06 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-GKE

2019-11-06 00:00:00

Sophos latest virus and spyware detection
Troj/DNetInj-NA

2019-11-06 00:00:00

Sophos latest virus and spyware detection
Troj/Zbot-NVG

2019-11-06 00:00:00

Sophos latest virus and spyware detection
CVE-2019-8126 (magento)

2019-11-05 23:15:12
An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout.
National Vulnerability Database
CVE-2019-8124 (magento)

2019-11-05 23:15:12
An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
National Vulnerability Database
CVE-2019-8119 (magento)

2019-11-05 23:15:12
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
National Vulnerability Database
CVE-2019-8122 (magento)

2019-11-05 23:15:12
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
National Vulnerability Database
CVE-2019-8114 (magento)

2019-11-05 23:15:12
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
CVE-2019-8121 (magento)

2019-11-05 23:15:12
An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery,
National Vulnerability Database
CVE-2019-8125 (magento)

2019-11-05 23:15:12
A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution.
National Vulnerability Database
CVE-2019-8123 (magento)

2019-11-05 23:15:12
An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
National Vulnerability Database
CVE-2019-8117 (magento)

2019-11-05 23:15:12
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticates user can inject arbitrary JavaScript code via product view id specification.
National Vulnerability Database
CVE-2019-8116 (magento)

2019-11-05 23:15:12
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
CVE-2019-8120 (magento)

2019-11-05 23:15:12
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
National Vulnerability Database
CVE-2019-8127 (magento)

2019-11-05 23:15:12
A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
CVE-2019-8115 (magento)

2019-11-05 23:15:12
A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
CVE-2019-8118 (magento)

2019-11-05 23:15:12
Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.
National Vulnerability Database
CVE-2019-8111 (magento)

2019-11-05 23:15:11
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
CVE-2019-8112 (magento)

2019-11-05 23:15:11
A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
CVE-2019-8110 (magento)

2019-11-05 23:15:11
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
CVE-2019-8108 (magento)

2019-11-05 23:15:11
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
National Vulnerability Database
CVE-2019-8113 (magento)

2019-11-05 23:15:11
Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration.
National Vulnerability Database
CVE-2019-8107 (magento)

2019-11-05 23:15:11
An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with export data transfer privileges can craft a request to perform arbitrary file deletion.
National Vulnerability Database
CVE-2019-8109 (magento)

2019-11-05 23:15:11
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution.
National Vulnerability Database
CVE-2019-8091 (magento)

2019-11-05 23:15:11
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution.
National Vulnerability Database
CVE-2019-8093 (magento)

2019-11-05 23:15:11
An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files.
National Vulnerability Database
CVE-2019-8092 (magento)

2019-11-05 23:15:11
A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via email template preview.
National Vulnerability Database
CVE-2019-8090 (magento)

2019-11-05 22:15:14
An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature.
National Vulnerability Database
CVE-2016-4983 (dovecot, enterprise_linux, leap, opensuse)

2019-11-05 22:15:10
A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.
National Vulnerability Database
CVE-2018-19167 (cloakcoin)

2019-11-05 21:15:13
CloakCoin through 2.2.2.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks,
National Vulnerability Database
CVE-2019-5088 (able2extract)

2019-11-05 21:15:13
An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. A specially crafted BMP file can cause an out-of-bounds memory write,
National Vulnerability Database
CVE-2019-5089 (able2extract)

2019-11-05 21:15:13
An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 4.0.7 x64. A specially crafted JPEG file can cause an out-of-bounds memory write,
National Vulnerability Database
CVE-2019-6142 (email_security, security_manager)

2019-11-05 21:15:13
It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue.
National Vulnerability Database
CVE-2018-19166 (peercoin)

2019-11-05 21:15:13
peercoin through 0.6.4 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks,
National Vulnerability Database
CVE-2018-19156 (pivx)

2019-11-05 21:15:12
PIVX through 3.1.03 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks,
National Vulnerability Database
CVE-2018-19157 (phore)

2019-11-05 21:15:12
Phore through 1.3.3.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks,
National Vulnerability Database
CVE-2018-19153 (particl)

2019-11-05 21:15:12
particl through 0.17 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.
National Vulnerability Database
CVE-2018-19164 (reddcoin)

2019-11-05 21:15:12
reddcoin through 2.1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks,
National Vulnerability Database
CVE-2018-19155 (navcoin)

2019-11-05 21:15:12
navcoin through 4.3.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.
National Vulnerability Database
CVE-2018-19152 (emercoin)

2019-11-05 21:15:12
emercoin through 0.7 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.
National Vulnerability Database
CVE-2018-19154 (htmlcoin)

2019-11-05 21:15:12
HTMLCOIN through 2.12 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.
National Vulnerability Database
CVE-2018-19165 (neblio)

2019-11-05 21:15:12
neblio through 1.5.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks,
National Vulnerability Database
CVE-2018-19162 (divi)

2019-11-05 21:15:12
Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks,
National Vulnerability Database
CVE-2018-19163 (stratisx)

2019-11-05 21:15:12
stratisX through 2.0.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks,
National Vulnerability Database
CVE-2018-19159 (lux)

2019-11-05 21:15:12
lux through 5.2.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks,
National Vulnerability Database
CVE-2018-19161 (alqo)

2019-11-05 21:15:12
alqo through 4.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks,
National Vulnerability Database
CVE-2018-19160 (diamond)

2019-11-05 21:15:12
Diamond through 3.0.1.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks,
National Vulnerability Database
CVE-2011-1135 (serendipity)

2019-11-05 21:15:10
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.
National Vulnerability Database
CVE-2011-1133 (serendipity)

2019-11-05 21:15:10
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.
National Vulnerability Database
CVE-2011-1134 (serendipity)

2019-11-05 21:15:10
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.
National Vulnerability Database
CVE-2019-1982 (firepower_management_center, firepower_services_software_for_asa, firepower_threat_defense)

2019-11-05 20:15:11
A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated,
National Vulnerability Database
CVE-2019-1877 (enterprise_chat_and_email)

2019-11-05 20:15:11
A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions.
National Vulnerability Database
CVE-2019-1978 (firepower_management_center, firepower_services_software_for_asa, firepower_threat_defense)

2019-11-05 20:15:11
A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated,
National Vulnerability Database
CVE-2019-1981 (firepower_management_center, firepower_services_software_for_asa, firepower_threat_defense)

2019-11-05 20:15:11
A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated,
National Vulnerability Database
CVE-2019-1980 (firepower_management_center, firepower_services_software_for_asa, firepower_threat_defense)

2019-11-05 20:15:11
A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated,
National Vulnerability Database
CVE-2005-2354 (nvu)

2019-11-05 20:15:10
Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues.
National Vulnerability Database
CVE-2010-3673 (typo3)

2019-11-05 20:15:10
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API.
National Vulnerability Database
CVE-2010-3674 (debian_linux, typo3)

2019-11-05 20:15:10
TYPO3 before 4.4.1 allows XSS in the frontend search box.
National Vulnerability Database
CVE-2010-3672 (typo3)

2019-11-05 20:15:10
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension.
National Vulnerability Database
CVE-2010-3670 (typo3)

2019-11-05 20:15:10
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.
National Vulnerability Database
CVE-2010-3671 (typo3)

2019-11-05 20:15:10
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session.
National Vulnerability Database
CVE-2010-2222 (389_directory_server, directory_server)

2019-11-05 20:15:10
The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query.
National Vulnerability Database
CVE-2019-1789 (clamav)

2019-11-05 19:15:11
ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files.
National Vulnerability Database
CVE-2013-5661 (bind, enterprise_linux, knot_resolver, nsd)

2019-11-05 19:15:10
Cache Poisoning issue exists in DNS Response Rate Limiting.
National Vulnerability Database
CVE-2019-12625 (clamav)

2019-11-05 19:15:10
ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.
National Vulnerability Database
CVE-2013-6275 (debian_linux, groupware)

2019-11-05 19:15:10
Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.
National Vulnerability Database
CVE-2019-15966 (telepresence_advanced_media_gateway)

2019-11-05 19:15:10
A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
National Vulnerability Database
CVE-2019-17062 (eshop)

2019-11-05 16:15:10
An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x.
National Vulnerability Database
CVE-2019-17598 (play_framework)

2019-11-05 15:15:12
An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https,
National Vulnerability Database
CVE-2013-6460 (cloudforms_management_engine, debian_linux, enterprise_mrg, nokogiri, openstack, satellite, subscription_asset_manager)

2019-11-05 15:15:11
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
National Vulnerability Database
CVE-2013-6461 (cloudforms_management_engine, debian_linux, enterprise_mrg, nokogiri, openstack, satellite, subscription_asset_manager)

2019-11-05 15:15:11
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
National Vulnerability Database
CVE-2019-17221 (phantomjs)

2019-11-05 14:15:13
PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module,
National Vulnerability Database
CVE-2013-6365 (debian_linux, groupware, opensuse)

2019-11-05 14:15:13
Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions
National Vulnerability Database
CVE-2013-4107 (cryptocat)

2019-11-05 13:15:10
Cryptocat before 2.0.22: cryptocat.js handlePresence() has cross site scripting
National Vulnerability Database
CVE-2013-4110 (cryptocat)

2019-11-05 13:15:10
Cryptocat has an Unspecified Chat Participant User List Disclosure
National Vulnerability Database
CVE-2019-10223 (kube-state-metrics, openshift_container_platform)

2019-11-05 12:15:10
A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default,
National Vulnerability Database
CVE-2019-3685 (open_build_service)

2019-11-05 10:15:12
Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary
National Vulnerability Database
Troj/TeslaAg-EX

2019-11-03 00:00:00

Sophos latest virus and spyware detection
Mal/Behav-016

2019-11-03 00:00:00

Sophos latest virus and spyware detection
Troj/MSIL-NBS

2019-11-03 00:00:00

Sophos latest virus and spyware detection
Troj/TeslaAg-EW

2019-11-03 00:00:00

Sophos latest virus and spyware detection
Linux/Miner-WE

2019-11-03 00:00:00

Sophos latest virus and spyware detection
Troj/MSIL-NBT

2019-11-03 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-GJB

2019-11-03 00:00:00

Sophos latest virus and spyware detection
Troj/Bladab-EV

2019-11-03 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FRK

2019-11-02 00:00:00

Sophos latest virus and spyware detection
Troj/PDFUri-HUB

2019-11-02 00:00:00

Sophos latest virus and spyware detection
HPmal/Meter-E

2019-11-02 00:00:00

Sophos latest virus and spyware detection
Troj/Zbot-NUW

2019-11-02 00:00:00

Sophos latest virus and spyware detection
Troj/Gozi-SZ

2019-11-02 00:00:00

Sophos latest virus and spyware detection
Troj/MSIL-NBQ

2019-11-02 00:00:00

Sophos latest virus and spyware detection
Troj/TeslaAg-EV

2019-11-02 00:00:00

Sophos latest virus and spyware detection
Troj/MSIL-NBR

2019-11-02 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FRV

2019-11-02 00:00:00

Sophos latest virus and spyware detection
Troj/PDFUri-HUA

2019-11-02 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-JCQ

2019-11-02 00:00:00

Sophos latest virus and spyware detection
Troj/Bladab-EU

2019-11-02 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-WDF

2019-11-02 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-GJA

2019-11-02 00:00:00

Sophos latest virus and spyware detection
Troj/TeslaAg-DZ

2019-10-29 00:00:00

Sophos latest virus and spyware detection
Troj/TeslaAg-DY

2019-10-29 00:00:00

Sophos latest virus and spyware detection
Troj/TeslaAg-DS

2019-10-29 00:00:00

Sophos latest virus and spyware detection
Troj/VB-KNS

2019-10-29 00:00:00

Sophos latest virus and spyware detection
VBS/Drop-BNN

2019-10-29 00:00:00

Sophos latest virus and spyware detection
Troj/TeslaAg-DX

2019-10-29 00:00:00

Sophos latest virus and spyware detection
Troj/Trickbo-UK

2019-10-29 00:00:00

Sophos latest virus and spyware detection
Troj/TeslaAg-DU

2019-10-29 00:00:00

Sophos latest virus and spyware detection
Troj/TeslaAg-DW

2019-10-29 00:00:00

Sophos latest virus and spyware detection
Troj/TeslaAg-DV

2019-10-29 00:00:00

Sophos latest virus and spyware detection
Troj/Mdrop-IXF

2019-10-27 00:00:00

Sophos latest virus and spyware detection
Troj/MSIL-NAN

2019-10-27 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-GHM

2019-10-27 00:00:00

Sophos latest virus and spyware detection
Troj/MSIL-NAP

2019-10-27 00:00:00

Sophos latest virus and spyware detection
JS/DwnLdr-YXN

2019-10-27 00:00:00

Sophos latest virus and spyware detection
Troj/Zbot-NTJ

2019-10-27 00:00:00

Sophos latest virus and spyware detection
Troj/MSIL-NAO

2019-10-27 00:00:00

Sophos latest virus and spyware detection
Troj/DwnLdr-YYO

2019-10-27 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-GHN

2019-10-27 00:00:00

Sophos latest virus and spyware detection
Troj/Spy-AXJ

2019-10-26 00:00:00

Sophos latest virus and spyware detection
Troj/HTMLDrp-DR

2019-10-26 00:00:00

Sophos latest virus and spyware detection
Troj/TeslaAg-DM

2019-10-26 00:00:00

Sophos latest virus and spyware detection
Troj/Trickbo-UJ

2019-10-26 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-WDS

2019-10-26 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-WDR

2019-10-26 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-WDQ

2019-10-26 00:00:00

Sophos latest virus and spyware detection
Troj/TeslaAg-DL

2019-10-26 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FRP

2019-10-26 00:00:00

Sophos latest virus and spyware detection
Troj/Tesla-E

2019-10-26 00:00:00

Sophos latest virus and spyware detection
Troj/Agent-BCLG

2019-10-22 00:00:00

Sophos latest virus and spyware detection
VBS/DwnLdr-YYH

2019-10-22 00:00:00

Sophos latest virus and spyware detection
VBS/DwnLdr-YYI

2019-10-22 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-APR

2019-10-22 00:00:00

Sophos latest virus and spyware detection
Troj/VBSDl-AZ

2019-10-22 00:00:00

Sophos latest virus and spyware detection
JS/Drop-BNA

2019-10-22 00:00:00

Sophos latest virus and spyware detection
Java/Drop-BNB

2019-10-22 00:00:00

Sophos latest virus and spyware detection
Troj/Emotet-BPG

2019-10-22 00:00:00

Sophos latest virus and spyware detection
Troj/Emotet-BPH

2019-10-22 00:00:00

Sophos latest virus and spyware detection
Troj/TeslaAg-CI

2019-10-22 00:00:00

Sophos latest virus and spyware detection
JS/Agent-BCHI

2019-10-20 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FRG

2019-10-20 00:00:00

Sophos latest virus and spyware detection
Troj/DNetInj-LR

2019-10-20 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-GGL

2019-10-20 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDrp-JA

2019-10-20 00:00:00

Sophos latest virus and spyware detection
Troj/Zbot-NSN

2019-10-20 00:00:00

Sophos latest virus and spyware detection
Troj/NanoCo-YR

2019-10-20 00:00:00

Sophos latest virus and spyware detection
Troj/Tesla-B

2019-10-20 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FRF

2019-10-20 00:00:00

Sophos latest virus and spyware detection
Troj/TeslaAg-BJ

2019-10-20 00:00:00

Sophos latest virus and spyware detection
Troj/XMLDwn-AU

2019-10-20 00:00:00

Sophos latest virus and spyware detection
Troj/Zbot-NSO

2019-10-20 00:00:00

Sophos latest virus and spyware detection
VBS/Drop-BMQ

2019-10-19 00:00:00

Sophos latest virus and spyware detection
JS/DwnLdr-YXL

2019-10-19 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-AOZ

2019-10-19 00:00:00

Sophos latest virus and spyware detection
Troj/TeslaAg-BH

2019-10-19 00:00:00

Sophos latest virus and spyware detection
Troj/Inject-EQW

2019-10-19 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-GGK

2019-10-19 00:00:00

Sophos latest virus and spyware detection
Troj/TeslaAg-BI

2019-10-19 00:00:00

Sophos latest virus and spyware detection
Java/Dwnldr-YXK

2019-10-19 00:00:00

Sophos latest virus and spyware detection
Troj/Recam-EG

2019-10-19 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-APA

2019-10-19 00:00:00

Sophos latest virus and spyware detection
VBS/Dwnldr-YXF

2019-10-18 00:00:00

Sophos latest virus and spyware detection
Troj/TeslaAg-BF

2019-10-18 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDL-AOU

2019-10-18 00:00:00

Sophos latest virus and spyware detection
VBS/DwnLdr-YXE

2019-10-18 00:00:00

Sophos latest virus and spyware detection
Troj/TeslaAg-BE

2019-10-18 00:00:00

Sophos latest virus and spyware detection
VBS/DwnLdr-YXD

2019-10-18 00:00:00

Sophos latest virus and spyware detection
Troj/Remcos-MX

2019-10-18 00:00:00

Sophos latest virus and spyware detection
VBS/Drop-BML

2019-10-18 00:00:00

Sophos latest virus and spyware detection
VBS/Drop-BMK

2019-10-18 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-GGE

2019-10-18 00:00:00

Sophos latest virus and spyware detection
Troj/PDFDwn-VF

2019-10-16 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-GFD

2019-10-16 00:00:00

Sophos latest virus and spyware detection
JS/Drop-BMI

2019-10-16 00:00:00

Sophos latest virus and spyware detection
JS/DwnLdr-YWT

2019-10-16 00:00:00

Sophos latest virus and spyware detection
VBS/DwnLdr-YWS

2019-10-16 00:00:00

Sophos latest virus and spyware detection
Troj/PDFDwn-VG

2019-10-16 00:00:00

Sophos latest virus and spyware detection
Troj/PDFUri-HTD

2019-10-16 00:00:00

Sophos latest virus and spyware detection
CXmail/OleDl-BL

2019-10-16 00:00:00

Sophos latest virus and spyware detection
Troj/HTML-CW

2019-10-16 00:00:00

Sophos latest virus and spyware detection
Troj/Emotet-BMC

2019-10-16 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-GCN

2019-10-14 00:00:00

Sophos latest virus and spyware detection
Troj/PDFDwn-UV

2019-10-14 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-GEH

2019-10-14 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-ANU

2019-10-14 00:00:00

Sophos latest virus and spyware detection
Troj/Trickbo-UD

2019-10-14 00:00:00

Sophos latest virus and spyware detection
Troj/Steale-L

2019-10-14 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-ANS

2019-10-14 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-GEG

2019-10-14 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-ANT

2019-10-14 00:00:00

Sophos latest virus and spyware detection
Troj/TeslaAg-AE

2019-10-14 00:00:00

Sophos latest virus and spyware detection
Troj/Steale-K

2019-10-14 00:00:00

Sophos latest virus and spyware detection
Troj/DNetInj-KF

2019-10-13 00:00:00

Sophos latest virus and spyware detection
Troj/Tesla-F

2019-10-13 00:00:00

Sophos latest virus and spyware detection
Troj/Keylog-YG

2019-10-13 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-ANN

2019-10-13 00:00:00

Sophos latest virus and spyware detection
Troj/Zbot-NRW

2019-10-13 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-VSJ

2019-10-13 00:00:00

Sophos latest virus and spyware detection
JS/Drop-BLW

2019-10-13 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-IPQ

2019-10-13 00:00:00

Sophos latest virus and spyware detection
Troj/Wanna-AL

2019-10-13 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-ANO

2019-10-13 00:00:00

Sophos latest virus and spyware detection
Troj/DNetInj-KE

2019-10-13 00:00:00

Sophos latest virus and spyware detection