CVE-2019-8945

Zimbra Collaboration 8.7.x – 8.8.11P2 contains persistent XSS.

Source: CVE-2019-8945

CVE-2019-8947

Zimbra Collaboration 8.7.x – 8.8.11P2 contains non-persistent XSS.

Source: CVE-2019-8947

CVE-2019-12427

Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console.

Source: CVE-2019-12427

CVE-2015-2249

Zimbra Collaboration before 8.6.0 patch5 has XSS.

Source: CVE-2015-2249

CVE-2014-8563

Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS.

Source: CVE-2014-8563

CVE-2014-5500

Synacor Zimbra Collaboration before 8.0.8 has XSS.

Source: CVE-2014-5500

CVE-2019-11318

Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS.

Source: CVE-2019-11318

CVE-2018-19441

An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secret_key values used for local and cloud authentication/authorization. If an attacker knows the serial number and is able to estimate the time of first provisioning of a robot, he is able to brute force the generated secret_key of the robot. This is because the entropy of the secret_key exclusively relies on these two values, due to not seeding the random generator and using several constant inputs for secret_key computation. Serial numbers are printed on the packaging and equal the MAC address of the robot.

Source: CVE-2018-19441

CVE-2019-11288

In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions prior to 4.0.10, and Pivotal tc Runtimes, 7.x versions prior to 7.0.99.B, 8.x versions prior to 8.5.47.A, and 9.x versions prior to 9.0.27.A, when a tc Runtime instance is configured with the JMX Socket Listener, a local attacker without access to the tc Runtime process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the tc Runtime instance.

Source: CVE-2019-11288

CVE-2019-19823

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.

Source: CVE-2019-19823