Lista CVE - 2019 / Gennaio
Visualizzazione 501 - 600 di 1212 CVE per Gennaio 2019 (Pagina 6 di 13)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2018-1969 | 2019-01-14 | IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750. |
| CVE-2018-16886 | 2019-01-14 | etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd... |
| CVE-2019-6278 | 2019-01-14 | XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option. |
| CVE-2018-16888 | 2019-01-14 | It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User... |
| CVE-2019-6283 | 2019-01-14 | In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp. |
| CVE-2019-6284 | 2019-01-14 | In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp. |
| CVE-2019-6286 | 2019-01-14 | In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693. |
| CVE-2019-6285 | 2019-01-14 | The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. |
| CVE-2018-20712 | 2019-01-15 | A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service,... |
| CVE-2019-6267 | 2019-01-15 | The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPress has XSS via a crafted GET request that is mishandled during log viewing at the templates/admin/redirect-log.php URI. |
| CVE-2019-6290 | 2019-01-15 | An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr... |
| CVE-2019-6291 | 2019-01-15 | An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls... |
| CVE-2019-6292 | 2019-01-15 | An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap,... |
| CVE-2019-6293 | 2019-01-15 | An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in... |
| CVE-2019-6289 | 2019-01-15 | uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension,... |
| CVE-2019-6294 | 2019-01-15 | An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI. |
| CVE-2019-6295 | 2019-01-15 | Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter. |
| CVE-2019-6296 | 2019-01-15 | Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id parameter. |
| CVE-2019-3811 | 2019-01-15 | A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string /... |
| CVE-2017-18356 | 2019-01-15 | In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager... |
| CVE-2017-18357 | 2019-01-15 | Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object. |
| CVE-2017-18358 | 2019-01-15 | LimeSurvey before 2.72.4 has Stored XSS by using the Continue Later (aka Resume later) feature to enter an email address, which is mishandled in the admin panel. |
| CVE-2018-20713 | 2019-01-15 | Shopware before 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404. |
| CVE-2018-20714 | 2019-01-15 | The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks... |
| CVE-2018-20715 | 2019-01-15 | The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php. |
| CVE-2018-20716 | 2019-01-15 | CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. |
| CVE-2018-20717 | 2019-01-15 | In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a... |
| CVE-2018-20718 | 2019-01-15 | In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs... |
| CVE-2018-20719 | 2019-01-15 | In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter. |
| CVE-2017-6925 | 2019-01-15 | In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities.... |
| CVE-2018-16846 | 2019-01-15 | It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. |
| CVE-2018-1772 | 2019-01-15 | IBM SPSS Analytic Server 3.1.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2017-6924 | 2019-01-15 | REST API can bypass comment approval - Access Bypass - Moderately Critical |
| CVE-2018-15440 | 2019-01-15 | Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities |
| CVE-2018-15463 | 2019-01-15 | Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities |
| CVE-2018-14662 | 2019-01-15 | It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. |
| CVE-2019-0005 | 2019-01-15 | On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform packet matching on any IPv6 extension headers. This issue may allow IPv6 packets that should have been... |
| CVE-2019-0001 | 2019-01-15 | Junos OS: MX Series: uncontrolled recursion and crash in Broadband Edge subscriber management daemon (bbe-smgd). |
| CVE-2019-0002 | 2019-01-15 | Junos OS: EX2300 and EX3400 series: Certain stateless firewall filter rules might not take effect |
| CVE-2019-0003 | 2019-01-15 | Junos OS: A flowspec BGP update with a specific term-order causes routing protocol daemon (rpd) process to crash with a core. |
| CVE-2019-0004 | 2019-01-15 | Juniper ATP: API and device keys are logged in a world-readable permissions file |
| CVE-2019-0006 | 2019-01-15 | Junos OS: EX, QFX and MX series: Packet Forwarding Engine manager (FXPC) process crashes due to a crafted HTTP packet in a Virtual Chassis configuration |
| CVE-2019-0007 | 2019-01-15 | Junos OS: vMX series: Predictable IP ID sequence numbers vulnerability |
| CVE-2019-0009 | 2019-01-15 | Junos OS: EX2300 and EX3400: High disk I/O operations may disrupt the communication between RE and PFE |
| CVE-2019-0010 | 2019-01-15 | Junos OS: SRX Series: Crafted HTTP traffic may cause UTM to consume all mbufs, leading to Denial of Service |
| CVE-2019-0011 | 2019-01-15 | Junos OS: Kernel crash after processing specific incoming packet to the out of band management interface (CVE-2019-0011) |
| CVE-2019-0012 | 2019-01-15 | Junos OS: rpd crash on VPLS PE upon receipt of specific BGP message |
| CVE-2019-0013 | 2019-01-15 | Junos OS: RPD crash upon receipt of malformed PIM packet |
| CVE-2019-0014 | 2019-01-15 | Junos OS: QFX and PTX Series: FPC process crashes after J-Flow processes a malformed packet |
| CVE-2019-0015 | 2019-01-15 | Junos OS: SRX Series: Deleted dynamic VPN users are allowed to establish VPN connections until reboot |
| CVE-2019-0016 | 2019-01-15 | Junos Space: Authenticated user able to delete devices without delete device privileges |
| CVE-2019-0017 | 2019-01-15 | Junos Space: Unrestricted file upload vulnerability |
| CVE-2019-0018 | 2019-01-15 | Juniper ATP: Persistent Cross-Site Scripting (XSS) vulnerability in file upload menu |
| CVE-2019-0020 | 2019-01-15 | Juniper ATP: Hard coded credentials used in Web Collector |
| CVE-2019-0021 | 2019-01-15 | Juniper ATP: secret CLI inputs are logged to /var/log/syslog in clear text |
| CVE-2019-0022 | 2019-01-15 | Juniper ATP: Two hard coded credentials sharing the same password give an attacker the ability to take control of any installation of the software. |
| CVE-2019-0023 | 2019-01-15 | Juniper ATP: Persistent Cross-Site Scripting vulnerability in the Golden VM menu |
| CVE-2019-0024 | 2019-01-15 | Juniper ATP: Persistent Cross-Site Scripting vulnerability in the Email Collectors menu |
| CVE-2019-0025 | 2019-01-15 | Juniper ATP: Persistent Cross-Site Scripting vulnerability in RADIUS configuration menu |
| CVE-2019-0026 | 2019-01-15 | Juniper ATP: Persistent Cross-Site Scripting vulnerability in Zone configuration |
| CVE-2019-0027 | 2019-01-15 | Juniper ATP: Persistent Cross-Site Scripting vulnerability in Snort Rules configuration |
| CVE-2019-0029 | 2019-01-15 | Juniper ATP: Splunk credentials are in logged in clear text |
| CVE-2019-0030 | 2019-01-15 | Juniper ATP: Password hashing uses DES and a hardcoded salt |
| CVE-2018-6345 | 2019-01-15 | The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be... |
| CVE-2019-3554 | 2019-01-15 | Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections. This affects versions of Wangle... |
| CVE-2019-3557 | 2019-01-15 | The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as stream_get_line, to trigger an out-of-bounds read... |
| CVE-2017-6921 | 2019-01-15 | File REST resource does not properly validate |
| CVE-2018-7603 | 2019-01-15 | Search Autocomplete |
| CVE-2018-20720 | 2019-01-16 | ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1.3 before 1.3.0.A6 allow remote attackers to cause a denial of service (reboot) via a reboot command in an... |
| CVE-2019-6439 | 2019-01-16 | examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow. |
| CVE-2016-10737 | 2019-01-16 | Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter. |
| CVE-2016-10738 | 2019-01-16 | Zenbership v107 has CSRF via admin/cp-functions/event-add.php. |
| CVE-2019-6440 | 2019-01-16 | Zemana AntiMalware before 3.0.658 Beta mishandles update logic. |
| CVE-2019-6442 | 2019-01-16 | An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c,... |
| CVE-2019-6443 | 2019-01-16 | An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd. |
| CVE-2019-6444 | 2019-01-16 | An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd. |
| CVE-2019-6445 | 2019-01-16 | An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem. |
| CVE-2019-6446 | 2019-01-16 | An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated... |
| CVE-2019-6261 | 2019-01-16 | An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability. |
| CVE-2019-6262 | 2019-01-16 | An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS. |
| CVE-2019-6263 | 2019-01-16 | An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS. |
| CVE-2019-6264 | 2019-01-16 | An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability. |
| CVE-2018-20721 | 2019-01-16 | URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a... |
| CVE-2019-6447 | 2019-01-16 | The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi... |
| CVE-2015-9276 | 2019-01-16 | SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the... |
| CVE-2015-9277 | 2019-01-16 | MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled. |
| CVE-2015-9278 | 2019-01-16 | MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request. |
| CVE-2015-9279 | 2019-01-16 | MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message. |
| CVE-2015-9280 | 2019-01-16 | MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter. |
| CVE-2018-20723 | 2019-01-16 | A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color. |
| CVE-2018-20724 | 2019-01-16 | A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors. |
| CVE-2018-20725 | 2019-01-16 | A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label. |
| CVE-2018-20726 | 2019-01-16 | A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices. |
| CVE-2019-6455 | 2019-01-16 | An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy() in the file rec-mset.c. |
| CVE-2019-6456 | 2019-01-16 | An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size() in the file rec-fex.c of librec.a. |
| CVE-2019-6457 | 2019-01-16 | An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_aggregate_reg_new in rec-aggregate.c in librec.a. |
| CVE-2019-6458 | 2019-01-16 | An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a. |
| CVE-2019-6459 | 2019-01-16 | An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_extract_type in rec-utils.c in librec.a. |
| CVE-2019-6460 | 2019-01-16 | An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_field_set_name() in the file rec-field.c in librec.a. |
| CVE-2019-6461 | 2019-01-16 | An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c. |