Lista CVE - 2019 / Ottobre
Visualizzazione 1201 - 1300 di 1566 CVE per Ottobre 2019 (Pagina 13 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2015-9523 | 2019-10-23 | The Easy Digital Downloads (EDD) Recommended Products extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and... |
| CVE-2015-9522 | 2019-10-23 | The Easy Digital Downloads (EDD) QR Code extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and... |
| CVE-2015-9521 | 2019-10-23 | The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and... |
| CVE-2015-9520 | 2019-10-23 | The Easy Digital Downloads (EDD) Per Product Emails extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9,... |
| CVE-2015-9519 | 2019-10-23 | The Easy Digital Downloads (EDD) PDF Stamper extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and... |
| CVE-2015-9518 | 2019-10-23 | The Easy Digital Downloads (EDD) PDF Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and... |
| CVE-2015-9517 | 2019-10-23 | The Easy Digital Downloads (EDD) Manual Purchases extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and... |
| CVE-2015-9516 | 2019-10-23 | The Easy Digital Downloads (EDD) Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x... |
| CVE-2015-9502 | 2019-10-23 | The Auberge theme before 1.4.5 for WordPress has XSS via the genericons/example.html anchor identifier. |
| CVE-2015-9515 | 2019-10-23 | The Easy Digital Downloads (EDD) htaccess Editor extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and... |
| CVE-2015-9514 | 2019-10-23 | The Easy Digital Downloads (EDD) Free Downloads extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and... |
| CVE-2015-9513 | 2019-10-23 | The Easy Digital Downloads (EDD) Favorites extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x... |
| CVE-2015-9512 | 2019-10-23 | The Easy Digital Downloads (EDD) CSV Manager extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and... |
| CVE-2015-9511 | 2019-10-23 | The Easy Digital Downloads (EDD) Conditional Success Redirects extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9,... |
| CVE-2015-9503 | 2019-10-23 | The Modern theme before 1.4.2 for WordPress has XSS via the genericons/example.html anchor identifier. |
| CVE-2015-9510 | 2019-10-23 | The Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and... |
| CVE-2015-9509 | 2019-10-23 | The Easy Digital Downloads (EDD) Content Restriction extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and... |
| CVE-2015-9508 | 2019-10-23 | The Easy Digital Downloads (EDD) Commissions extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x... |
| CVE-2015-9507 | 2019-10-23 | The Easy Digital Downloads (EDD) Attach Accounts to Orders extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before... |
| CVE-2015-9504 | 2019-10-23 | The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter. |
| CVE-2015-9506 | 2019-10-23 | The Easy Digital Downloads (EDD) Amazon S3 extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and... |
| CVE-2015-9505 | 2019-10-23 | The Easy Digital Downloads (EDD) core component 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7 for WordPress has XSS... |
| CVE-2019-17606 | 2019-10-23 | The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post. |
| CVE-2019-16977 | 2019-10-23 | In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. |
| CVE-2019-18348 | 2019-10-23 | An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as... |
| CVE-2013-7333 | 2019-10-23 | A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the... |
| CVE-2019-17093 | 2019-10-23 | An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light... |
| CVE-2014-2304 | 2019-10-23 | A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the... |
| CVE-2019-18350 | 2019-10-23 | In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET parameter affects the authorization component, leading to execution of JavaScript code in the login after-action script. |
| CVE-2002-2439 | 2019-10-23 | Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. |
| CVE-2019-9596 | 2019-10-23 | Darktrace Enterprise Immune System before 3.1 allows CSRF via the /whitelisteddomains endpoint. |
| CVE-2019-9597 | 2019-10-23 | Darktrace Enterprise Immune System before 3.1 allows CSRF via the /config endpoint. |
| CVE-2019-18355 | 2019-10-23 | An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7. |
| CVE-2019-18356 | 2019-10-23 | An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2). |
| CVE-2019-18357 | 2019-10-23 | An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2). |
| CVE-2019-3982 | 2019-10-23 | Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit... |
| CVE-2019-6144 | 2019-10-23 | This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection. |
| CVE-2019-18359 | 2019-10-23 | A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service. |
| CVE-2019-12415 | 2019-10-23 | In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the... |
| CVE-2019-18370 | 2019-10-23 | An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress,... |
| CVE-2019-18371 | 2019-10-23 | An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by... |
| CVE-2019-8237 | 2019-10-23 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an insufficiently robust encryption vulnerability.... |
| CVE-2019-8238 | 2019-10-23 | Adobe Acrobat and Reader versions 2019.010.20100 and earlier; 2019.010.20099 and earlier versions; 2017.011.30140 and earlier version; 2017.011.30138 and earlier version; 2015.006.30495 and earlier versions; 2015.006.30493 and earlier versions have a... |
| CVE-2019-8236 | 2019-10-23 | Creative Cloud Desktop Application version 4.6.1 and earlier versions have Security Bypass vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user. |
| CVE-2019-18385 | 2019-10-23 | An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring. |
| CVE-2019-18384 | 2019-10-23 | An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substring. |
| CVE-2019-18383 | 2019-10-23 | An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramaster_TNAS-00E43A_config_backup.bin without permission. |
| CVE-2019-18382 | 2019-10-23 | An issue was discovered on AVStar PE204 3.10.70 IP camera devices. A denial of service can occur on open TCP port 23456. After a TELNET connection, no TCP ports are... |
| CVE-2019-18212 | 2019-10-23 | XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote... |
| CVE-2019-18213 | 2019-10-23 | XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted... |
| CVE-2019-18387 | 2019-10-23 | Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit... |
| CVE-2019-18413 | 2019-10-24 | In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that... |
| CVE-2019-18393 | 2019-10-24 | PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability. |
| CVE-2019-18394 | 2019-10-24 | A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests. |
| CVE-2019-4397 | 2019-10-24 | IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties... |
| CVE-2019-4398 | 2019-10-24 | IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. IBM X-Force ID:... |
| CVE-2019-4459 | 2019-10-24 | IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in... |
| CVE-2019-4486 | 2019-10-24 | IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2019-17581 | 2019-10-24 | tonyy dormsystem through 1.3 allows DOM XSS. |
| CVE-2019-18408 | 2019-10-24 | archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. |
| CVE-2019-6692 | 2019-10-24 | A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL. |
| CVE-2019-18199 | 2019-10-24 | An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are... |
| CVE-2019-15703 | 2019-10-24 | An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker... |
| CVE-2019-18409 | 2019-10-24 | The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem (which has a legacy dependency) 4.5.0 through 4.7.0... |
| CVE-2019-18200 | 2019-10-24 | An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, they are prone to keystroke injection attacks. |
| CVE-2019-18201 | 2019-10-24 | An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, an attacker is able to eavesdrop on... |
| CVE-2019-12017 | 2019-10-24 | A remote code execution vulnerability exists in MapR CLDB code, specifically in the JSON framework that is used in the CLDB code that handles login and ticket issuance. An attacker... |
| CVE-2019-13649 | 2019-10-24 | TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow externalPort OS Command Injection (issue 1 of 5). |
| CVE-2019-13650 | 2019-10-24 | TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow internalPort OS Command Injection (issue 2 of 5). |
| CVE-2019-13651 | 2019-10-24 | TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow portMappingProtocol OS Command Injection (issue 3 of 5). |
| CVE-2019-13652 | 2019-10-24 | TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection (issue 4 of 5). |
| CVE-2019-13653 | 2019-10-24 | TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow triggerPort OS Command Injection (issue 5 of 5). |
| CVE-2019-5013 | 2019-10-24 | An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the start/stopLaunchDProcess command. The command takes a user-supplied string argument and executes launchctl under... |
| CVE-2019-5012 | 2019-10-24 | An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under... |
| CVE-2019-11021 | 2019-10-24 | admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. NOTE: "While inadvertently allowing a PHP file to be uploaded via Media Manager was an... |
| CVE-2019-9699 | 2019-10-24 | Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. |
| CVE-2019-18196 | 2019-10-24 | A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 (fixed in 11.0.214397), 12.0.181268 (fixed in 12.0.214399), 13.2.36215 (fixed in 13.2.36216), and 14.6.4835 (fixed in... |
| CVE-2019-15929 | 2019-10-24 | In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them. |
| CVE-2019-12094 | 2019-10-24 | Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI. |
| CVE-2019-8078 | 2019-10-24 | Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. |
| CVE-2019-12095 | 2019-10-24 | Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server.... |
| CVE-2019-18414 | 2019-10-24 | Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the... |
| CVE-2019-8079 | 2019-10-24 | Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. |
| CVE-2019-8080 | 2019-10-24 | Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site scripting vulnerability. Successful exploitation could lead to privilege escalation. |
| CVE-2019-18416 | 2019-10-24 | Sourcecodester Restaurant Management System 1.0 allows XSS via the Last Name field of a member. |
| CVE-2019-18417 | 2019-10-24 | Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied... |
| CVE-2019-18415 | 2019-10-24 | Sourcecodester Restaurant Management System 1.0 allows XSS via the "send a message" screen. |
| CVE-2019-18419 | 2019-10-24 | A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. |
| CVE-2019-18418 | 2019-10-24 | clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management. |
| CVE-2019-17596 | 2019-10-24 | Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic... |
| CVE-2016-2360 | 2019-10-25 | Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations. |
| CVE-2016-2358 | 2019-10-25 | Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts. |
| CVE-2016-2359 | 2019-10-25 | Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource. |
| CVE-2016-2356 | 2019-10-25 | Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password. |
| CVE-2016-2357 | 2019-10-25 | Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory. |
| CVE-2016-5202 | 2019-10-25 | browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the... |
| CVE-2015-0270 | 2019-10-25 | Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. |
| CVE-2019-8081 | 2019-10-25 | Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authentication bypass vulnerability. Successful exploitation could lead to sensitive information disclosure. |
| CVE-2019-8082 | 2019-10-25 | Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. |
| CVE-2019-8083 | 2019-10-25 | Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. |