Lista CVE - 2019 / Ottobre
Visualizzazione 1 - 100 di 1566 CVE per Ottobre 2019 (Pagina 1 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-16508 | 2019-10-01 | The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application.... |
| CVE-2019-15940 | 2019-10-01 | Victure PC530 devices allow unauthenticated TELNET access as root. |
| CVE-2019-17056 | 2019-10-01 | llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176. |
| CVE-2019-17055 | 2019-10-01 | base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. |
| CVE-2019-17054 | 2019-10-01 | atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c. |
| CVE-2019-17053 | 2019-10-01 | ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. |
| CVE-2019-17052 | 2019-10-01 | ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka... |
| CVE-2019-15039 | 2019-10-01 | An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1. |
| CVE-2019-14954 | 2019-10-01 | JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection. |
| CVE-2019-14952 | 2019-10-01 | JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles. |
| CVE-2019-10431 | 2019-10-01 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed... |
| CVE-2019-10432 | 2019-10-01 | Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the project and build display names in the HTML report frame, resulting in a cross-site scripting vulnerability exploitable by users... |
| CVE-2019-10433 | 2019-10-01 | Jenkins Dingding[钉钉] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master... |
| CVE-2019-10434 | 2019-10-01 | Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. |
| CVE-2019-10435 | 2019-10-01 | Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. |
| CVE-2019-11275 | 2019-10-01 | CSV Injection in usage report downloaded from Pivotal Application Manager |
| CVE-2019-10202 | 2019-10-01 | A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by... |
| CVE-2019-4246 | 2019-10-01 | IBM Daeja ViewONE Virtual 5.0 through 5.0.6 could expose internal parameters to ViewONE clients that could be used in further attacks against the system. IBM X-Force ID: 159521. |
| CVE-2019-4494 | 2019-10-01 | IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the... |
| CVE-2019-4495 | 2019-10-01 | IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the... |
| CVE-2019-4497 | 2019-10-01 | IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the... |
| CVE-2019-17063 | 2019-10-01 | In Snowtide PDFxStream before 3.7.1 (for Java), a crafted PDF file can trigger an extremely long running computation because of page-tree mishandling. |
| CVE-2019-17064 | 2019-10-01 | Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. |
| CVE-2019-14957 | 2019-10-01 | The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository. |
| CVE-2019-15038 | 2019-10-01 | An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1. |
| CVE-2019-14953 | 2019-10-01 | JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser. |
| CVE-2019-14955 | 2019-10-01 | In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented. |
| CVE-2019-14960 | 2019-10-01 | JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file. |
| CVE-2019-16942 | 2019-10-01 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint... |
| CVE-2019-16943 | 2019-10-01 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint... |
| CVE-2019-15042 | 2019-10-01 | An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1. |
| CVE-2019-14961 | 2019-10-01 | JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS. |
| CVE-2019-17068 | 2019-10-01 | PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. |
| CVE-2019-17067 | 2019-10-01 | PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection. |
| CVE-2019-7618 | 2019-10-01 | A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary... |
| CVE-2019-17074 | 2019-10-01 | An issue was discovered in XunRuiCMS 4.3.1. There is a stored XSS in the module_category area. |
| CVE-2019-17073 | 2019-10-01 | emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal. |
| CVE-2019-15035 | 2019-10-01 | An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1. |
| CVE-2019-15041 | 2019-10-01 | JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere. |
| CVE-2019-0231 | 2019-10-01 | Apache MINA SSLFilter security Issue |
| CVE-2019-8288 | 2019-10-01 | Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized. |
| CVE-2019-8289 | 2019-10-01 | Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable |
| CVE-2019-8290 | 2019-10-01 | Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an... |
| CVE-2019-8291 | 2019-10-01 | Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path traversal. |
| CVE-2019-8292 | 2019-10-01 | Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion. |
| CVE-2019-17075 | 2019-10-01 | An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could... |
| CVE-2019-13335 | 2019-10-02 | SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF. |
| CVE-2019-14454 | 2019-10-02 | SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation. |
| CVE-2019-17080 | 2019-10-02 | mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by an attacker, because an unpickle occurs. This is resolved in 8.0.0 and... |
| CVE-2019-17091 | 2019-10-02 | faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled. |
| CVE-2019-4520 | 2019-10-02 | IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178. |
| CVE-2019-4538 | 2019-10-02 | IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a... |
| CVE-2019-4539 | 2019-10-02 | IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it... |
| CVE-2019-4542 | 2019-10-02 | IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2019-4549 | 2019-10-02 | IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951. |
| CVE-2019-13025 | 2019-10-02 | Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST (HTTP) request containing shell commands, which will be executed... |
| CVE-2019-16116 | 2019-10-02 | EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash. |
| CVE-2019-13343 | 2019-10-02 | Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Effectively, a remote anonymous user can download any file on servers running... |
| CVE-2019-5031 | 2019-10-02 | An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn't... |
| CVE-2019-13658 | 2019-10-02 | CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. |
| CVE-2019-8462 | 2019-10-02 | In a rare scenario, Check Point R80.30 Security Gateway before JHF Take 50 managed by Check Point R80.30 Management crashes with a unique configuration of enhanced logging. |
| CVE-2019-16407 | 2019-10-02 | JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability. |
| CVE-2019-12630 | 2019-10-02 | Cisco Security Manager Java Deserialization Vulnerability |
| CVE-2019-12631 | 2019-10-02 | Cisco Identity Services Engine Cross-Site Scripting Vulnerability |
| CVE-2019-10212 | 2019-10-02 | A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the... |
| CVE-2019-16171 | 2019-10-02 | In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page. |
| CVE-2019-15040 | 2019-10-02 | JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page. |
| CVE-2019-15037 | 2019-10-02 | An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1. |
| CVE-2019-15036 | 2019-10-02 | An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1. |
| CVE-2019-14959 | 2019-10-02 | JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection. |
| CVE-2019-14958 | 2019-10-02 | JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of... |
| CVE-2019-14956 | 2019-10-02 | JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names. |
| CVE-2019-13957 | 2019-10-02 | In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter. |
| CVE-2019-12737 | 2019-10-02 | UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials. |
| CVE-2019-12736 | 2019-10-02 | JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection. |
| CVE-2019-12157 | 2019-10-02 | In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands. |
| CVE-2019-12156 | 2019-10-02 | Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2... |
| CVE-2019-12673 | 2019-10-02 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability |
| CVE-2019-12674 | 2019-10-02 | Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities |
| CVE-2019-12675 | 2019-10-02 | Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities |
| CVE-2019-12676 | 2019-10-02 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF LSA Processing Denial of Service Vulnerability |
| CVE-2019-12677 | 2019-10-02 | Cisco Adaptive Security Appliance Software SSL VPN Denial of Service Vulnerability |
| CVE-2019-12678 | 2019-10-02 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SIP Inspection Denial of Service Vulnerability |
| CVE-2019-12679 | 2019-10-02 | Cisco Firepower Management Center SQL Injection Vulnerabilities |
| CVE-2019-12680 | 2019-10-02 | Cisco Firepower Management Center SQL Injection Vulnerabilities |
| CVE-2019-12681 | 2019-10-02 | Cisco Firepower Management Center SQL Injection Vulnerabilities |
| CVE-2019-12682 | 2019-10-02 | Cisco Firepower Management Center SQL Injection Vulnerabilities |
| CVE-2019-12683 | 2019-10-02 | Cisco Firepower Management Center SQL Injection Vulnerabilities |
| CVE-2019-12684 | 2019-10-02 | Cisco Firepower Management Center SQL Injection Vulnerabilities |
| CVE-2019-12685 | 2019-10-02 | Cisco Firepower Management Center SQL Injection Vulnerabilities |
| CVE-2019-12686 | 2019-10-02 | Cisco Firepower Management Center SQL Injection Vulnerabilities |
| CVE-2019-12687 | 2019-10-02 | Cisco Firepower Management Center Remote Code Execution Vulnerability |
| CVE-2019-12688 | 2019-10-02 | Cisco Firepower Management Center Remote Code Execution Vulnerability |
| CVE-2019-12689 | 2019-10-02 | Cisco Firepower Management Center Remote Code Execution Vulnerability |
| CVE-2019-12690 | 2019-10-02 | Cisco Firepower Management Center Command Injection Vulnerability |
| CVE-2019-12691 | 2019-10-02 | Cisco Firepower Management Center Directory Traversal Vulnerability |
| CVE-2019-12693 | 2019-10-02 | Cisco Adaptive Security Appliance Software Secure Copy Denial of Service Vulnerability |
| CVE-2019-12694 | 2019-10-02 | Cisco Firepower Threat Defense Software Command Injection Vulnerability |
| CVE-2019-12695 | 2019-10-02 | Cisco Adaptive Security Appliance and Firepower Threat Defense Software WebVPN Cross-Site Scripting Vulnerability |
| CVE-2019-12696 | 2019-10-02 | Cisco Firepower System Software Detection Engine RTF and RAR Malware and File Policy Bypass Vulnerabilities |