Virus and Security Alerts

CVE-2019-13972 (layerbb)

2019-07-19 07:15:11
LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997.
National Vulnerability Database
CVE-2019-13973 (layerbb)

2019-07-19 07:15:11
LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used.
National Vulnerability Database
CVE-2019-13974 (layerbb)

2019-07-19 07:15:11
LayerBB 1.1.3 allows conversations.php/cmd/new CSRF.
National Vulnerability Database
Troj/Bladabi-UB

2019-07-19 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-ABJ

2019-07-19 00:00:00

Sophos latest virus and spyware detection
Troj/Vb-KJD

2019-07-19 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-FOS

2019-07-19 00:00:00

Sophos latest virus and spyware detection
Troj/Netwire-NI

2019-07-19 00:00:00

Sophos latest virus and spyware detection
Troj/Vb-KJE

2019-07-19 00:00:00

Sophos latest virus and spyware detection
Troj/Sodino-W

2019-07-19 00:00:00

Sophos latest virus and spyware detection
Troj/Zbot-NKK

2019-07-19 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-FOT

2019-07-19 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FJQ

2019-07-19 00:00:00

Sophos latest virus and spyware detection
CVE-2019-13951 (gdnsd)

2019-07-18 17:15:12
The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.2.0 has a stack-based buffer overflow via a long and malformed IPv4 address in zone data.
National Vulnerability Database
CVE-2019-13952 (gdnsd)

2019-07-18 17:15:12
The set_ipv6() function in zscan_rfc1035.rl in gdnsd 3.2.0 has a stack-based buffer overflow via a long and malformed IPv6 address in zone data.
National Vulnerability Database
CVE-2019-13948 (syguestbook_a5)

2019-07-18 16:15:12
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element.
National Vulnerability Database
CVE-2019-13949 (syguestbook_a5)

2019-07-18 16:15:12
SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change.
National Vulnerability Database
CVE-2019-13950 (syguestbook_a5)

2019-07-18 16:15:12
index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment.
National Vulnerability Database
CVE-2019-13575 (everest_forms)

2019-07-18 15:15:11
A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9.
National Vulnerability Database
CVE-2019-1010095 (domainmod)

2019-07-18 13:15:11
domainmod(https://domainmod.org/) domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is:
National Vulnerability Database
CVE-2019-1010054 (dolibarr)

2019-07-18 13:15:11
Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change,
National Vulnerability Database
CVE-2019-1010094 (domainmod)

2019-07-18 13:15:11
domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change admin password. The component is:
National Vulnerability Database
CVE-2019-1010096 (domainmod)

2019-07-18 13:15:11
domainmod(https://domainmod.org/) domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is:
National Vulnerability Database
CVE-2016-10763 (camptix_event_ticketing)

2019-07-18 12:15:11
The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body.
National Vulnerability Database
CVE-2016-10762 (camptix_event_ticketing)

2019-07-18 12:15:11
The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used.
National Vulnerability Database
CVE-2019-13644 (firefly_iii)

2019-07-18 03:15:10
Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tag_number$ tag summary page.
National Vulnerability Database
CVE-2019-13646 (firefly_iii)

2019-07-18 03:15:10
Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query.
National Vulnerability Database
CVE-2019-13645 (firefly_iii)

2019-07-18 03:15:10
Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachment editing.
National Vulnerability Database
CVE-2019-13647 (firefly_iii)

2019-07-18 03:15:10
Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attachment viewing.
National Vulnerability Database
Troj/Fareit-IGK

2019-07-18 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-WP

2019-07-18 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-URT

2019-07-18 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-ABI

2019-07-18 00:00:00

Sophos latest virus and spyware detection
Troj/Mdrop-ITV

2019-07-18 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-FON

2019-07-18 00:00:00

Sophos latest virus and spyware detection
Troj/Formboo-PQ

2019-07-18 00:00:00

Sophos latest virus and spyware detection
Troj/APosT-G

2019-07-18 00:00:00

Sophos latest virus and spyware detection
Troj/APosT-I

2019-07-18 00:00:00

Sophos latest virus and spyware detection
Troj/APosT-H

2019-07-18 00:00:00

Sophos latest virus and spyware detection
CVE-2019-13619 (wireshark)

2019-07-17 20:15:11
In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.
National Vulnerability Database
CVE-2019-13447 (xpare)

2019-07-17 20:15:11
An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could access the backend database via SQL injection.
National Vulnerability Database
CVE-2019-13448 (xpare)

2019-07-17 20:15:11
An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could exploit the vulnerable function in order to prepare an XSS payload to send to the product's clients.
National Vulnerability Database
CVE-2019-13493 (experience_platform)

2019-07-17 20:15:11
In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript.
National Vulnerability Database
CVE-2019-13584 (robotics_virtual_robot_controller)

2019-07-17 19:15:11
The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 allows Directory Traversal via a forged HTTP request.
National Vulnerability Database
CVE-2019-13585 (robotics_virtual_robot_controller)

2019-07-17 19:15:11
The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via a forged HTTP request.
National Vulnerability Database
CVE-2019-12475 (microstrategy_web)

2019-07-17 17:15:13
In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation.
National Vulnerability Database
CVE-2019-13346 (myt)

2019-07-17 17:15:13
In MyT 1.5.1, the User[username] parameter has XSS.
National Vulnerability Database
CVE-2019-13403 (cwx)

2019-07-17 17:15:13
Temenos CWX version 8.9 has an Broken Access Control vulnerability in the module /CWX/Employee/EmployeeEdit2.aspx, leading to the viewing of user information.
National Vulnerability Database
CVE-2019-13626 (libsdl)

2019-07-17 16:15:12
SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.
National Vulnerability Database
CVE-2019-13453 (zipios)

2019-07-17 15:15:10
Zipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infinite loop, causing a denial of service. This is related to zipheadio.h:readUint32() and zipfile.cpp:Zipfile::Zipfile().
National Vulnerability Database
CVE-2019-4211 (qradar_security_information_and_event_manager)

2019-07-17 14:15:12
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting.
National Vulnerability Database
CVE-2019-4430 (maximo_asset_management)

2019-07-17 14:15:12
IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot"
National Vulnerability Database
CVE-2019-4194 (jazz_for_service_management)

2019-07-17 14:15:11
IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing function level access control that could allow a user to delete authorized resources. IBM X-Force ID: 159033.
National Vulnerability Database
CVE-2018-2022 (qradar_security_information_and_event_manager)

2019-07-17 14:15:11
IBM QRadar SIEM 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 155346.
National Vulnerability Database
CVE-2018-2021 (qradar_security_information_and_event_manager)

2019-07-17 14:15:11
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting.
National Vulnerability Database
CVE-2018-1921 (campaign)

2019-07-17 14:15:11
IBM Campaign 9.1.0, 9.1.2, 10.1, and 11.0 is vulnerable to cross-site scripting.
National Vulnerability Database
CVE-2019-1010083 (flask)

2019-07-17 14:15:11
The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1.
National Vulnerability Database
CVE-2019-4054 (qradar_security_information_and_event_manager)

2019-07-17 14:15:11
IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain sensitive information when exporting content that could aid an attacker in further attacks against the system. IBM X-Force ID: 156563.
National Vulnerability Database
CVE-2019-6160 (home_media_network_hard_drive_firmware, ix12-300r_firmware, px12-350r_firmware, storcenter_ix2-200_firmware, storcenter_ix4-200d_firmware, storcenter_ix4-200rl_firmware)

2019-07-16 19:15:13
A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.
National Vulnerability Database
CVE-2019-9700 (password_manager)

2019-07-16 19:15:13
Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic.
National Vulnerability Database
CVE-2019-12991 (netscaler_sd-wan, sd-wan)

2019-07-16 18:15:13
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
National Vulnerability Database
CVE-2019-13359 (centos_web_panel)

2019-07-16 18:15:13
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
National Vulnerability Database
CVE-2019-12990 (netscaler_sd-wan, sd-wan)

2019-07-16 18:15:13
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.
National Vulnerability Database
CVE-2019-12992 (netscaler_sd-wan, sd-wan)

2019-07-16 18:15:13
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6).
National Vulnerability Database
CVE-2019-12989 (netscaler_sd-wan, sd-wan)

2019-07-16 18:15:12
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.
National Vulnerability Database
CVE-2019-12986 (netscaler_sd-wan, sd-wan)

2019-07-16 18:15:12
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).
National Vulnerability Database
CVE-2019-12834 (learning_locker)

2019-07-16 18:15:12
In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATH_INFO to the dashboards/ URI.
National Vulnerability Database
CVE-2019-12985 (netscaler_sd-wan, sd-wan)

2019-07-16 18:15:12
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).
National Vulnerability Database
CVE-2019-12987 (netscaler_sd-wan, sd-wan)

2019-07-16 18:15:12
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).
National Vulnerability Database
CVE-2019-12988 (netscaler_sd-wan, sd-wan)

2019-07-16 18:15:12
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6).
National Vulnerability Database
CVE-2019-10190 (knot_resolver)

2019-07-16 18:15:12
A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer.
National Vulnerability Database
CVE-2018-13442 (network_performance_monitor)

2019-07-16 18:15:11
SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter.
National Vulnerability Database
CVE-2019-13617 (njs)

2019-07-16 17:15:12
njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling,
National Vulnerability Database
CVE-2019-13605 (centos_web_panel)

2019-07-16 17:15:12
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username.
National Vulnerability Database
CVE-2019-13616 (libsdl)

2019-07-16 17:15:12
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
National Vulnerability Database
CVE-2019-13383 (centos_web_panel)

2019-07-16 17:15:12
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.
National Vulnerability Database
CVE-2019-13618 (gpac)

2019-07-16 17:15:12
In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c.
National Vulnerability Database
CVE-2019-13615 (vlc_media_player)

2019-07-16 17:15:12
VideoLAN VLC media player 3.0.7.1 has a heap-based buffer over-read in mkv::demux_sys_t::FreeUnused() in modules/demux/mkv/demux.cpp when called from mkv::Open in modules/demux/mkv/mkv.cpp.
National Vulnerability Database
CVE-2019-13360 (centos_web_panel)

2019-07-16 17:15:12
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.
National Vulnerability Database
CVE-2019-1576 (pan-os)

2019-07-16 14:15:12
Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user?s permissions.
National Vulnerability Database
CVE-2019-1010018 (zammad)

2019-07-16 13:15:10
Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket.
National Vulnerability Database
CVE-2019-0234 (roller)

2019-07-15 22:15:12
A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS).
National Vulnerability Database
CVE-2019-6827 (interactive_graphical_scada_system)

2019-07-15 21:15:10
A CWE-787: Out-of-bounds Write vulnerability exists in Interactive Graphical SCADA System (IGSS), Version 14 and prior, which could cause a software crash when data in the mdb database is manipulated.
National Vulnerability Database
CVE-2019-6824 (proclima)

2019-07-15 21:15:10
A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated,
National Vulnerability Database
CVE-2019-6823 (proclima)

2019-07-15 21:15:10
A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated,
National Vulnerability Database
CVE-2019-6822 (zelio_soft_2)

2019-07-15 21:15:10
A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 and earlier, which could cause remote code execution when opening a specially crafted Zelio Soft 2 project file.
National Vulnerability Database
CVE-2019-6825 (proclima)

2019-07-15 21:15:10
A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation,
National Vulnerability Database
CVE-2019-1136 (exchange_server)

2019-07-15 19:15:21
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
National Vulnerability Database
CVE-2019-1130 (windows_10, windows_8.1, windows_rt_8.1, windows_server_2012, windows_server_2016, windows_server_2019)

2019-07-15 19:15:21
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129.
National Vulnerability Database
CVE-2019-1121 (windows_10, windows_server_2016, windows_server_2019)

2019-07-15 19:15:20
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119,
National Vulnerability Database
CVE-2019-1119 (windows_10, windows_server_2019)

2019-07-15 19:15:20
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1120,
National Vulnerability Database
CVE-2019-1118 (windows_10, windows_server_2016, windows_server_2019)

2019-07-15 19:15:20
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1119, CVE-2019-1120,
National Vulnerability Database
CVE-2019-1116 (windows_7, windows_server_2008)

2019-07-15 19:15:20
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095,
National Vulnerability Database
CVE-2019-1120 (windows_10, windows_server_2016, windows_server_2019)

2019-07-15 19:15:20
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119,
National Vulnerability Database
CVE-2019-1123 (windows_10, windows_server_2016, windows_server_2019)

2019-07-15 19:15:20
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119,
National Vulnerability Database
CVE-2019-1117 (windows_10, windows_server_2016, windows_server_2019)

2019-07-15 19:15:20
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1118, CVE-2019-1119, CVE-2019-1120,
National Vulnerability Database
CVE-2019-1124 (windows_10, windows_server_2016, windows_server_2019)

2019-07-15 19:15:20
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119,
National Vulnerability Database
CVE-2019-1122 (windows_10, windows_server_2016, windows_server_2019)

2019-07-15 19:15:20
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119,
National Vulnerability Database
CVE-2019-1127 (windows_10, windows_server_2016, windows_server_2019)

2019-07-15 19:15:20
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119,
National Vulnerability Database
CVE-2019-1129 (windows_10, windows_server_2016, windows_server_2019)

2019-07-15 19:15:20
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1130.
National Vulnerability Database
CVE-2019-1128 (windows_10, windows_server_2016, windows_server_2019)

2019-07-15 19:15:20
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119,
National Vulnerability Database
CVE-2019-1113 (.net_framework, visual_studio_2017)

2019-07-15 19:15:20
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user,
National Vulnerability Database
CVE-2019-1108 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-07-15 19:15:19
An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Client Information Disclosure Vulnerability'.
National Vulnerability Database
CVE-2019-1106 (chakracore, edge)

2019-07-15 19:15:19
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062,
National Vulnerability Database
CVE-2019-1104 (edge, internet_explorer)

2019-07-15 19:15:19
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.
National Vulnerability Database
CVE-2019-1110 (excel, office, office_365_proplus)

2019-07-15 19:15:19
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1111.
National Vulnerability Database
CVE-2019-1100 (windows_7, windows_server_2008)

2019-07-15 19:15:19
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095,
National Vulnerability Database
CVE-2019-1099 (windows_7, windows_server_2008)

2019-07-15 19:15:19
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095,
National Vulnerability Database
CVE-2019-1101 (windows_7, windows_server_2008)

2019-07-15 19:15:19
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095,
National Vulnerability Database
CVE-2019-1112 (office, office_365_proplus)

2019-07-15 19:15:19
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
National Vulnerability Database
CVE-2019-1103 (chakracore, edge)

2019-07-15 19:15:19
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062,
National Vulnerability Database
CVE-2019-1107 (chakracore, edge)

2019-07-15 19:15:19
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062,
National Vulnerability Database
CVE-2019-1111 (excel, office, office_365_proplus)

2019-07-15 19:15:19
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1110.
National Vulnerability Database
CVE-2019-1087 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2012, windows_server_2016, windows_server_2019)

2019-07-15 19:15:18
An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1086, CVE-2019-1088.
National Vulnerability Database
CVE-2019-1096 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-07-15 19:15:18
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.
National Vulnerability Database
CVE-2019-1088 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-07-15 19:15:18
An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1086, CVE-2019-1087.
National Vulnerability Database
CVE-2019-1092 (chakracore, edge)

2019-07-15 19:15:18
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062,
National Vulnerability Database
CVE-2019-1090 (windows_10, windows_server_2016, windows_server_2019)

2019-07-15 19:15:18
An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka 'Windows dnsrlvr.dll Elevation of Privilege Vulnerability'.
National Vulnerability Database
CVE-2019-1086 (windows_10, windows_8.1, windows_rt_8.1, windows_server_2012, windows_server_2016, windows_server_2019)

2019-07-15 19:15:18
An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1087, CVE-2019-1088.
National Vulnerability Database
CVE-2019-1094 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-07-15 19:15:18
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1095, CVE-2019-1098,
National Vulnerability Database
CVE-2019-1093 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-07-15 19:15:18
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1097.
National Vulnerability Database
CVE-2019-1095 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-07-15 19:15:18
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1098,
National Vulnerability Database
CVE-2019-1091 (windows_10, windows_server_2016, windows_server_2019)

2019-07-15 19:15:18
An information disclosure vulnerability exists when Unistore.dll fails to properly handle objects in memory, aka 'Microsoft unistore.dll Information Disclosure Vulnerability'.
National Vulnerability Database
CVE-2019-1098 (windows_7, windows_server_2008)

2019-07-15 19:15:18
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095,
National Vulnerability Database
CVE-2019-1097 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-07-15 19:15:18
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1093.
National Vulnerability Database
CVE-2019-1079 (visual_studio)

2019-07-15 19:15:17
An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'.
National Vulnerability Database
CVE-2019-1076 (azure_devops_server, team_foundation_server)

2019-07-15 19:15:17
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
National Vulnerability Database
CVE-2019-1073 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-07-15 19:15:17
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071.
National Vulnerability Database
CVE-2019-1083 (.net_framework)

2019-07-15 19:15:17
A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'.
National Vulnerability Database
CVE-2019-1075 (asp.net_core)

2019-07-15 19:15:17
A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'.
National Vulnerability Database
CVE-2019-1085 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-07-15 19:15:17
An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory, aka 'Windows WLAN Service Elevation of Privilege Vulnerability'.
National Vulnerability Database
CVE-2019-1071 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-07-15 19:15:17
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1073.
National Vulnerability Database
CVE-2019-1074 (windows_10, windows_server_2016, windows_server_2019)

2019-07-15 19:15:17
An elevation of privilege vulnerability exists in Microsoft Windows where certain folders, with local service privilege, are vulnerable to symbolic link attack.
National Vulnerability Database
CVE-2019-1082 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016)

2019-07-15 19:15:17
An elevation of privilege vulnerability exists in Microsoft Windows where a certain dll, with Local Service privilege, is vulnerable to race planting a customized dll.
National Vulnerability Database
CVE-2019-1077 (visual_studio_2017, visual_studio_2019)

2019-07-15 19:15:17
An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions, aka 'Visual Studio Elevation of Privilege Vulnerability'.
National Vulnerability Database
CVE-2019-1059 (internet_explorer)

2019-07-15 19:15:16
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001,
National Vulnerability Database
CVE-2019-1056 (internet_explorer)

2019-07-15 19:15:16
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001,
National Vulnerability Database
CVE-2019-1004 (internet_explorer)

2019-07-15 19:15:16
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001,
National Vulnerability Database
CVE-2019-0999 (windows_10, windows_server_2016)

2019-07-15 19:15:16
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.
National Vulnerability Database
CVE-2019-1062 (chakracore, edge)

2019-07-15 19:15:16
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1092,
National Vulnerability Database
CVE-2019-1006 (.net_framework, identitymodel, sharepoint_enterprise_server, sharepoint_foundation, sharepoint_server, windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_s

2019-07-15 19:15:16
An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys,
National Vulnerability Database
CVE-2019-1068 (sql_server)

2019-07-15 19:15:16
A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'.
National Vulnerability Database
CVE-2019-1037 (windows_10, windows_server_2016, windows_server_2019)

2019-07-15 19:15:16
An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.
National Vulnerability Database
CVE-2019-1001 (chakracore, edge, internet_explorer)

2019-07-15 19:15:16
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1004, CVE-2019-1056,
National Vulnerability Database
CVE-2019-1067 (windows_10, windows_server_2016, windows_server_2019)

2019-07-15 19:15:16
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.
National Vulnerability Database
CVE-2019-1063 (internet_explorer)

2019-07-15 19:15:16
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.
National Vulnerability Database
CVE-2019-0785 (windows_server_2012, windows_server_2016, windows_server_2019)

2019-07-15 19:15:15
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.
National Vulnerability Database
CVE-2019-0811 (windows_server_2012, windows_server_2016, windows_server_2019)

2019-07-15 19:15:15
A denial of service vulnerability exists in Windows DNS Server when it fails to properly handle DNS queries, aka 'Windows DNS Server Denial of Service Vulnerability'.
National Vulnerability Database
CVE-2019-0962 (azure_automation)

2019-07-15 19:15:15
An elevation of privilege vulnerability exists in Azure Automation "RunAs account" runbooks for users with contributor role, aka 'Azure Automation Elevation of Privilege Vulnerability'.
National Vulnerability Database
CVE-2019-0880 (windows_10, windows_8.1, windows_rt_8.1, windows_server_2012, windows_server_2016, windows_server_2019)

2019-07-15 19:15:15
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.
National Vulnerability Database
CVE-2019-0966 (windows_10, windows_server_2016, windows_server_2019)

2019-07-15 19:15:15
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'.
National Vulnerability Database
CVE-2019-0887 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

2019-07-15 19:15:15
A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
National Vulnerability Database
CVE-2019-5447 (http-file-server)

2019-07-15 18:15:12
A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders.
National Vulnerability Database
CVE-2019-1010307 (glpi)

2019-07-15 18:15:12
GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php.
National Vulnerability Database
CVE-2019-1010294 (op-tee)

2019-07-15 18:15:11
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later.
National Vulnerability Database
CVE-2019-1010301 (jhead)

2019-07-15 18:15:11
jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.
National Vulnerability Database
CVE-2019-1010297 (op-tee)

2019-07-15 18:15:11
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later.
National Vulnerability Database
CVE-2019-1010296 (op-tee)

2019-07-15 18:15:11
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.
National Vulnerability Database
CVE-2019-1010302 (jhead)

2019-07-15 18:15:11
jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file.
National Vulnerability Database
CVE-2019-1010299 (rust)

2019-07-15 18:15:11
The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is:
National Vulnerability Database
CVE-2019-1010295 (op-tee)

2019-07-15 18:15:11
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later.
National Vulnerability Database
CVE-2019-1010298 (op-tee)

2019-07-15 18:15:11
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.
National Vulnerability Database
CVE-2019-1010293 (op-tee)

2019-07-15 18:15:11
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later.
National Vulnerability Database
CVE-2019-1010044 (graphpass)

2019-07-15 16:15:11
borg-reducer c6d5240 is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Output parameter within the executable.
National Vulnerability Database
CVE-2019-1010039 (ulaunchelf)

2019-07-15 14:15:11
uLaunchELF < commit 170827a is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Loader program (loader.c) overly trusts the arguments provided via command line.
National Vulnerability Database
CVE-2019-1010034 (weblibrarian)

2019-07-15 13:15:11
Deepwoods Software WebLibrarian 3.5.2 and earlier is affected by: SQL Injection. The impact is: Exposing the entire database. The component is: Function "AllBarCodes"
National Vulnerability Database
CVE-2019-1010022 (glibc)

2019-07-15 04:15:13
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is:
National Vulnerability Database
CVE-2019-1010025 (glibc)

2019-07-15 04:15:13
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc.
National Vulnerability Database
CVE-2019-1010028 (school_college_portal_with_erp_script)

2019-07-15 04:15:13
phpscriptsmall.com School College Portal with ERP Script 2.6.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attack administrators and teachers, students and more. The component is:
National Vulnerability Database
CVE-2019-1010023 (glibc)

2019-07-15 04:15:13
GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is:
National Vulnerability Database
CVE-2019-1010024 (glibc)

2019-07-15 04:15:13
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.
National Vulnerability Database
CVE-2019-1010016 (dolibarr)

2019-07-15 03:15:10
Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker.
National Vulnerability Database
CVE-2019-1010017 (libnmap)

2019-07-15 03:15:10
libnmap < v0.6.3 is affected by: XML Injection. The impact is: Denial of service (DoS) by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload.
National Vulnerability Database
CVE-2019-1010004 (sound_exchange)

2019-07-15 02:15:10
SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE:
National Vulnerability Database
CVE-2019-1010008 (emoncms)

2019-07-15 02:15:10
OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting (XSS). The impact is: Theoretically low, but might potentially enable persistent XSS (user could embed mal. code). The component is:
National Vulnerability Database
CVE-2019-1010005 (hexoeditor)

2019-07-15 02:15:10
HexoEditor v1.1.8-beta is affected by: XSS to code execution.
National Vulnerability Database
CVE-2019-1010006 (evince)

2019-07-15 02:15:10
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victin must open a crafted PDF file.
National Vulnerability Database
Troj/FRBook-D

2019-07-15 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-AAW

2019-07-15 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-FNR

2019-07-15 00:00:00

Sophos latest virus and spyware detection
CVE-2019-13602 (vlc_media_player)

2019-07-14 21:15:11
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified ot
National Vulnerability Database
CVE-2019-13598 (vera_edge_firmware)

2019-07-14 18:15:10
LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is skipped.
National Vulnerability Database
CVE-2019-13594 (saleor)

2019-07-14 17:15:11
In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server.
National Vulnerability Database
Troj/VB-KIX

2019-07-14 00:00:00

Sophos latest virus and spyware detection
Troj/Inject-EJK

2019-07-14 00:00:00

Sophos latest virus and spyware detection
Troj/Agent-BCBP

2019-07-14 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-UPS

2019-07-14 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-IES

2019-07-14 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-WG

2019-07-14 00:00:00

Sophos latest virus and spyware detection
Troj/MSILIn-AJ

2019-07-14 00:00:00

Sophos latest virus and spyware detection
CVE-2018-20852 (python)

2019-07-13 21:15:10
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server.
National Vulnerability Database
Troj/TrickBo-SC

2019-07-13 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-FNQ

2019-07-13 00:00:00

Sophos latest virus and spyware detection
Java/Drop-BFC

2019-07-13 00:00:00

Sophos latest virus and spyware detection
Troj/XMLDrp-D

2019-07-13 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-IEQ

2019-07-13 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-IER

2019-07-13 00:00:00

Sophos latest virus and spyware detection
Troj/VB-KIW

2019-07-13 00:00:00

Sophos latest virus and spyware detection
Troj/Trickbo-SD

2019-07-13 00:00:00

Sophos latest virus and spyware detection
Troj/XMLDrp-E

2019-07-13 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-WF

2019-07-13 00:00:00

Sophos latest virus and spyware detection
Troj/PDFUri-HND

2019-07-12 00:00:00

Sophos latest virus and spyware detection
Troj/PDFDrp-X

2019-07-12 00:00:00

Sophos latest virus and spyware detection
Troj/PDFUri-HNE

2019-07-12 00:00:00

Sophos latest virus and spyware detection
Troj/Zbot-NKE

2019-07-12 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-FNN

2019-07-12 00:00:00

Sophos latest virus and spyware detection
Troj/PDFDwn-UD

2019-07-12 00:00:00

Sophos latest virus and spyware detection
Troj/Tofsee-CY

2019-07-12 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-UPP

2019-07-12 00:00:00

Sophos latest virus and spyware detection
Troj/HTMLDwn-LV

2019-07-12 00:00:00

Sophos latest virus and spyware detection
Troj/NanoCr-DP

2019-07-12 00:00:00

Sophos latest virus and spyware detection
Troj/AutoG-CG

2019-07-11 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-FNC

2019-07-11 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDL-AAQ

2019-07-11 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-IEF

2019-07-11 00:00:00

Sophos latest virus and spyware detection
Troj/AutoG-CE

2019-07-11 00:00:00

Sophos latest virus and spyware detection
Troj/DocPh-GQ

2019-07-11 00:00:00

Sophos latest virus and spyware detection
Troj/Delf-HDU

2019-07-11 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-IEG

2019-07-11 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-FND

2019-07-11 00:00:00

Sophos latest virus and spyware detection
Troj/AutoG-CF

2019-07-11 00:00:00

Sophos latest virus and spyware detection
JS/Agent-BCAP

2019-07-10 00:00:00

Sophos latest virus and spyware detection
Troj/Agent-BCAO

2019-07-10 00:00:00

Sophos latest virus and spyware detection
Troj/TrikBot-DR

2019-07-10 00:00:00

Sophos latest virus and spyware detection
Troj/PDFUri-HMX

2019-07-10 00:00:00

Sophos latest virus and spyware detection
Troj/DocDrp-JO

2019-07-10 00:00:00

Sophos latest virus and spyware detection
Troj/PDFUri-HMY

2019-07-10 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-FMZ

2019-07-10 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FNR

2019-07-10 00:00:00

Sophos latest virus and spyware detection
Troj/Miner-TX

2019-07-10 00:00:00

Sophos latest virus and spyware detection
VBS/Drop-BEW

2019-07-10 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-VS

2019-07-09 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-AAG

2019-07-09 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-ICY

2019-07-09 00:00:00

Sophos latest virus and spyware detection
VBS/Drop-BEO

2019-07-09 00:00:00

Sophos latest virus and spyware detection
Troj/Bladabi-TK

2019-07-09 00:00:00

Sophos latest virus and spyware detection
VBS/Drop-BEN

2019-07-09 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-VT

2019-07-09 00:00:00

Sophos latest virus and spyware detection
Troj/Dharma-K

2019-07-09 00:00:00

Sophos latest virus and spyware detection
Troj/HTADl-GM

2019-07-09 00:00:00

Sophos latest virus and spyware detection
Troj/EncPk-BR

2019-07-09 00:00:00

Sophos latest virus and spyware detection
Troj/NanoCo-QZ

2019-07-08 00:00:00

Sophos latest virus and spyware detection
Troj/PSDl-DE

2019-07-08 00:00:00

Sophos latest virus and spyware detection
Troj/Samas-N

2019-07-08 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-ICI

2019-07-08 00:00:00

Sophos latest virus and spyware detection
VBS/Drop-BEL

2019-07-08 00:00:00

Sophos latest virus and spyware detection
Troj/RtfExp-FC

2019-07-08 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-AAA

2019-07-08 00:00:00

Sophos latest virus and spyware detection
Troj/PSDl-DD

2019-07-08 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FNJ

2019-07-08 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FNK

2019-07-08 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDL-AAB

2019-07-08 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-ZZ

2019-07-08 00:00:00

Sophos latest virus and spyware detection
Troj/NanoCr-DF

2019-07-08 00:00:00

Sophos latest virus and spyware detection
Troj/DocDrp-JL

2019-07-07 00:00:00

Sophos latest virus and spyware detection
Troj/Inject-EIQ

2019-07-07 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-FMP

2019-07-07 00:00:00

Sophos latest virus and spyware detection
Troj/NanoCr-DD

2019-07-07 00:00:00

Sophos latest virus and spyware detection
Troj/VB-KIB

2019-07-07 00:00:00

Sophos latest virus and spyware detection
Troj/Bladabi-TF

2019-07-07 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-UNY

2019-07-07 00:00:00

Sophos latest virus and spyware detection
Mal/DotNet-L

2019-07-07 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-ICH

2019-07-07 00:00:00

Sophos latest virus and spyware detection
Troj/Trickbo-RY

2019-07-07 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-ICJ

2019-07-07 00:00:00

Sophos latest virus and spyware detection
Troj/Agent-BBZP

2019-07-07 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-UNX

2019-07-07 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-ICG

2019-07-06 00:00:00

Sophos latest virus and spyware detection
Troj/Bladabi-TE

2019-07-06 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-VN

2019-07-06 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-FMO

2019-07-06 00:00:00

Sophos latest virus and spyware detection
Troj/Godrop-K

2019-07-06 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-ICF

2019-07-06 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-VO

2019-07-06 00:00:00

Sophos latest virus and spyware detection
Troj/Agent-BBZN

2019-07-06 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-UNU

2019-07-06 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-UNW

2019-07-06 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FNH

2019-07-06 00:00:00

Sophos latest virus and spyware detection
Troj/NanoCr-DC

2019-07-06 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FNI

2019-07-06 00:00:00

Sophos latest virus and spyware detection
Troj/LokiBot-DM

2019-07-06 00:00:00

Sophos latest virus and spyware detection
Troj/VBInj-UG

2019-07-04 00:00:00

Sophos latest virus and spyware detection
Troj/VB-KIA

2019-07-04 00:00:00

Sophos latest virus and spyware detection
VBS/Drop-BDR

2019-07-04 00:00:00

Sophos latest virus and spyware detection
W32/Stration-AZ

2019-07-04 00:00:00

Sophos latest virus and spyware detection
Troj/DocPh-GM

2019-07-04 00:00:00

Sophos latest virus and spyware detection
Troj/Zbot-NJZ

2019-07-04 00:00:00

Sophos latest virus and spyware detection
Troj/Agent-BBZG

2019-07-04 00:00:00

Sophos latest virus and spyware detection
Troj/VBInj-UF

2019-07-04 00:00:00

Sophos latest virus and spyware detection
Troj/Meter-M

2019-07-04 00:00:00

Sophos latest virus and spyware detection
Troj/VBInj-UH

2019-07-04 00:00:00

Sophos latest virus and spyware detection
Troj/AspXSpy-F

2019-07-02 00:00:00

Sophos latest virus and spyware detection
Troj/VB-KHY

2019-07-02 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-UW

2019-07-02 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-VF

2019-07-02 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-UV

2019-07-02 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-ZS

2019-07-02 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-UMM

2019-07-02 00:00:00

Sophos latest virus and spyware detection
Troj/HTMLDrp-CY

2019-07-02 00:00:00

Sophos latest virus and spyware detection
Troj/HTMLDrp-CZ

2019-07-02 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-IBD

2019-07-02 00:00:00

Sophos latest virus and spyware detection
Troj/HawkEye-UL

2019-07-02 00:00:00

Sophos latest virus and spyware detection
Troj/Agent-BBYM

2019-07-02 00:00:00

Sophos latest virus and spyware detection
Troj/WebShel-E

2019-07-02 00:00:00

Sophos latest virus and spyware detection
Troj/PSDL-DC

2019-07-02 00:00:00

Sophos latest virus and spyware detection
Troj/KeyLog-WZ

2019-07-02 00:00:00

Sophos latest virus and spyware detection
Troj/MSIL-MLD

2019-07-02 00:00:00

Sophos latest virus and spyware detection
Troj/Gorsh-A

2019-07-02 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-IAX

2019-07-02 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-IBF

2019-07-02 00:00:00

Sophos latest virus and spyware detection
Troj/NanoCo-QV

2019-07-02 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FMV

2019-07-01 00:00:00

Sophos latest virus and spyware detection
Troj/VB-KHX

2019-07-01 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-UK

2019-07-01 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-UG

2019-07-01 00:00:00

Sophos latest virus and spyware detection
Troj/VBInjec-QI

2019-07-01 00:00:00

Sophos latest virus and spyware detection
Troj/Kryptik-JQ

2019-07-01 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-UJ

2019-07-01 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FMW

2019-07-01 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-UI

2019-07-01 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FMU

2019-07-01 00:00:00

Sophos latest virus and spyware detection
Troj/Mdrop-ISQ

2019-06-30 00:00:00

Sophos latest virus and spyware detection
Troj/RarMal-FG

2019-06-30 00:00:00

Sophos latest virus and spyware detection
Troj/Nanoco-QR

2019-06-30 00:00:00

Sophos latest virus and spyware detection
Troj/Mdrop-ISR

2019-06-30 00:00:00

Sophos latest virus and spyware detection
Troj/ClipBan-F

2019-06-30 00:00:00

Sophos latest virus and spyware detection
VBS/Downldr-AIF

2019-06-30 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-IAK

2019-06-30 00:00:00

Sophos latest virus and spyware detection
Troj/ClipBan-C

2019-06-30 00:00:00

Sophos latest virus and spyware detection
Troj/ClipBan-I

2019-06-30 00:00:00

Sophos latest virus and spyware detection
Troj/ClipBan-H

2019-06-30 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-ZF

2019-06-29 00:00:00

Sophos latest virus and spyware detection
Troj/Meter-J

2019-06-29 00:00:00

Sophos latest virus and spyware detection
Troj/Inject-EIE

2019-06-29 00:00:00

Sophos latest virus and spyware detection
Troj/Keylog-WX

2019-06-29 00:00:00

Sophos latest virus and spyware detection
VBS/Drop-BDF

2019-06-29 00:00:00

Sophos latest virus and spyware detection
Troj/Keylog-WY

2019-06-29 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-FLT

2019-06-29 00:00:00

Sophos latest virus and spyware detection
VBS/Drop-BDG

2019-06-29 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FMN

2019-06-29 00:00:00

Sophos latest virus and spyware detection
Troj/Ransom-FMM

2019-06-29 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-ZB

2019-06-26 00:00:00

Sophos latest virus and spyware detection
Troj/Agent-BBWO

2019-06-26 00:00:00

Sophos latest virus and spyware detection
Troj/VBInjec-QH

2019-06-26 00:00:00

Sophos latest virus and spyware detection
Troj/PDFUri-HLV

2019-06-26 00:00:00

Sophos latest virus and spyware detection
Troj/Fareit-HZT

2019-06-26 00:00:00

Sophos latest virus and spyware detection
VBS/DwnLdr-YHB

2019-06-26 00:00:00

Sophos latest virus and spyware detection
Troj/Agent-BBWL

2019-06-26 00:00:00

Sophos latest virus and spyware detection
Troj/AutoIt-COH

2019-06-26 00:00:00

Sophos latest virus and spyware detection
CXmail/ODl-BB13

2019-06-26 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-TZ

2019-06-26 00:00:00

Sophos latest virus and spyware detection
JS/DwnLdr-YGN

2019-06-24 00:00:00

Sophos latest virus and spyware detection
VBS/DwnLdr-YGQ

2019-06-24 00:00:00

Sophos latest virus and spyware detection
VBS/DwnLdr-YGO

2019-06-24 00:00:00

Sophos latest virus and spyware detection
Troj/Agent-BBWB

2019-06-24 00:00:00

Sophos latest virus and spyware detection
VBS/DwnLdr-YGP

2019-06-24 00:00:00

Sophos latest virus and spyware detection
VBS/DwnLdr-YGS

2019-06-24 00:00:00

Sophos latest virus and spyware detection
CXmail/OleDl-BF

2019-06-24 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-UKD

2019-06-24 00:00:00

Sophos latest virus and spyware detection
CXmail/OlDl-X28

2019-06-24 00:00:00

Sophos latest virus and spyware detection
Troj/DocPh-GD

2019-06-24 00:00:00

Sophos latest virus and spyware detection
Troj/MSIL-MKK

2019-06-23 00:00:00

Sophos latest virus and spyware detection
Troj/MSIL-MKL

2019-06-23 00:00:00

Sophos latest virus and spyware detection
Troj/Autoit-COE

2019-06-23 00:00:00

Sophos latest virus and spyware detection
Troj/Stealer-TM

2019-06-23 00:00:00

Sophos latest virus and spyware detection
Troj/HTADl-GI

2019-06-23 00:00:00

Sophos latest virus and spyware detection
Troj/Trickbo-RT

2019-06-23 00:00:00

Sophos latest virus and spyware detection
Troj/PDFUri-HLT

2019-06-23 00:00:00

Sophos latest virus and spyware detection
Troj/Godrop-J

2019-06-23 00:00:00

Sophos latest virus and spyware detection
Troj/DocDl-UJS

2019-06-23 00:00:00

Sophos latest virus and spyware detection
VBS/Agent-BBVU

2019-06-22 00:00:00

Sophos latest virus and spyware detection
Troj/VB-KHJ

2019-06-22 00:00:00

Sophos latest virus and spyware detection
Troj/Keylog-WS

2019-06-22 00:00:00

Sophos latest virus and spyware detection
Troj/Zaquar-B

2019-06-22 00:00:00

Sophos latest virus and spyware detection
VBS/Drop-BCP

2019-06-22 00:00:00

Sophos latest virus and spyware detection
Troj/Phish-FKL

2019-06-22 00:00:00

Sophos latest virus and spyware detection
Troj/MsilIn-AC

2019-06-22 00:00:00

Sophos latest virus and spyware detection
Troj/DownLd-BQ

2019-06-22 00:00:00

Sophos latest virus and spyware detection
Troj/MSIL-MKI

2019-06-22 00:00:00

Sophos latest virus and spyware detection
Troj/MSIL-MKH

2019-06-22 00:00:00

Sophos latest virus and spyware detection
Troj/Mdrop-ISI

2019-06-22 00:00:00

Sophos latest virus and spyware detection
Troj/MSIL-MKJ

2019-06-22 00:00:00

Sophos latest virus and spyware detection
Troj/Sodino-P

2019-06-22 00:00:00

Sophos latest virus and spyware detection
Troj/RTFDl-YQ

2019-06-22 00:00:00

Sophos latest virus and spyware detection