Lista CVE - 2019 / Ottobre
Visualizzazione 401 - 500 di 1566 CVE per Ottobre 2019 (Pagina 5 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-17384 | 2019-10-09 | The animate-it plugin before 2.3.4 for WordPress has XSS. |
| CVE-2019-17385 | 2019-10-09 | The animate-it plugin before 2.3.5 for WordPress has XSS. |
| CVE-2019-17124 | 2019-10-09 | Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. |
| CVE-2019-17389 | 2019-10-09 | In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles errors occurring during a read operation on a UDP socket. The receive loop ends. This allows an attacker (via a large packet)... |
| CVE-2019-17399 | 2019-10-09 | The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment. |
| CVE-2019-5506 | 2019-10-09 | Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks. |
| CVE-2019-17401 | 2019-10-09 | libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described... |
| CVE-2019-17092 | 2019-10-09 | An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error... |
| CVE-2019-5507 | 2019-10-09 | SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. |
| CVE-2019-9535 | 2019-10-09 | iTerm2, up to and including version 3.3.5, with tmux integration is vulnerable to remote command execution |
| CVE-2019-15715 | 2019-10-09 | MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. |
| CVE-2019-3765 | 2019-10-09 | Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission... |
| CVE-2019-0047 | 2019-10-09 | Junos OS: Persistent XSS vulnerability in J-Web |
| CVE-2019-0050 | 2019-10-09 | Junos OS: SRX1500: Denial of service due to crash of srxpfe process under heavy traffic conditions. |
| CVE-2019-0051 | 2019-10-09 | SRX5000 Series: Denial of Service vulnerability in SSL-Proxy feature. |
| CVE-2019-0054 | 2019-10-09 | Junos OS: SRX Series: An attacker may be able to perform Man-in-the-Middle (MitM) attacks during app-id signature updates. |
| CVE-2019-0055 | 2019-10-09 | Junos OS: SRX Series: An attacker may cause flowd to crash by sending certain valid SIP traffic to a device with SIP ALG enabled. |
| CVE-2019-0056 | 2019-10-09 | Junos OS: MX Series: An MPC10 Denial of Service (DoS) due to OSPF states transitioning to Down, causes traffic to stop forwarding through the device. |
| CVE-2019-0057 | 2019-10-09 | NFX Series: An attacker may be able to take control of the JDM application and subsequently the entire system. |
| CVE-2019-0058 | 2019-10-09 | Junos OS: SRX Series: A weakness in the Veriexec subsystem may allow privilege escalation. |
| CVE-2019-0059 | 2019-10-09 | Junos OS: The routing protocol process (rpd) may crash and generate core files upon receipt of specific valid BGP states from a peered host. |
| CVE-2019-0060 | 2019-10-09 | Junos OS: SRX Series: flowd process crash due to processing of specific transit IP packets |
| CVE-2019-0061 | 2019-10-09 | Junos OS: Insecure management daemon (MGD) configuration may allow local privilege escalation |
| CVE-2019-0062 | 2019-10-09 | Junos OS: Session fixation vulnerability in J-Web |
| CVE-2019-0063 | 2019-10-09 | Junos OS: MX Series: jdhcpd crash when receiving a specific crafted DHCP response message |
| CVE-2019-0064 | 2019-10-09 | Junos OS: SRX5000 Series: flowd process crash due to receipt of specific TCP packet |
| CVE-2019-0065 | 2019-10-09 | Junos OS: MX Series: Denial of Service vulnerability in MS-PIC component on MS-MIC or MS-MPC |
| CVE-2019-0066 | 2019-10-09 | Junos OS: A malformed IPv4 packet received by Junos in an NG-mVPN scenario may cause the routing protocol daemon (rpd) process to core |
| CVE-2019-0067 | 2019-10-09 | Junos OS: Kernel crash (vmcore) upon receipt of a specific link-local IPv6 packet on devices configured with Multi-Chassis Link Aggregation Group (MC-LAG) |
| CVE-2019-0068 | 2019-10-09 | Junos OS: SRX Series: Denial of Service vulnerability in flowd due to multicast packets |
| CVE-2019-0069 | 2019-10-09 | Junos OS: vSRX, SRX1500, SRX4K, ACX5K, EX4600, QFX5100, QFX5110, QFX5200, QFX10K and NFX Series: console management port device authentication credentials are logged in clear text |
| CVE-2019-0070 | 2019-10-09 | Junos OS: NFX Series: An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions. |
| CVE-2019-0071 | 2019-10-09 | Junos OS: EX2300, EX3400 Series: Veriexec signature checking not enforced in specific versions of Junos OS |
| CVE-2019-0072 | 2019-10-09 | SBR Carrier: A vulnerability in the identity and access management certificate generation procedure allows a local attacker to gain access to confidential information. |
| CVE-2019-0073 | 2019-10-09 | Junos OS: PKI key pairs are exported with insecure file permissions |
| CVE-2019-0074 | 2019-10-09 | Junos OS: NFX150 Series, QFX10K Series, EX9200 Series, MX Series, PTX Series: Path traversal vulnerability in NFX150 and NG-RE leads to information disclosure. |
| CVE-2019-0075 | 2019-10-09 | Junos OS: SRX Series: Denial of Service vulnerability in srxpfe related to PIM |
| CVE-2019-17112 | 2019-10-09 | An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user ("Operator" access level) to access the configuration file of the mail... |
| CVE-2019-15014 | 2019-10-09 | A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI. |
| CVE-2019-15015 | 2019-10-09 | In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access... |
| CVE-2019-15016 | 2019-10-09 | An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from... |
| CVE-2019-15017 | 2019-10-09 | The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate... |
| CVE-2019-15018 | 2019-10-09 | A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant. |
| CVE-2019-15019 | 2019-10-09 | A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector. |
| CVE-2019-15020 | 2019-10-09 | A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could... |
| CVE-2019-15021 | 2019-10-09 | A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network. |
| CVE-2019-15022 | 2019-10-09 | A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing. |
| CVE-2019-15023 | 2019-10-09 | A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration. |
| CVE-2019-1584 | 2019-10-09 | A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or... |
| CVE-2019-5053 | 2019-10-09 | An exploitable use-after-free vulnerability exists in the Length parsing function of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a use-after-free condition. An attacker can craft... |
| CVE-2019-5047 | 2019-10-09 | An exploitable Use After Free vulnerability exists in the CharProcs parsing functionality of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a Use After Free. An... |
| CVE-2019-5045 | 2019-10-09 | A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can... |
| CVE-2019-5046 | 2019-10-09 | A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can... |
| CVE-2019-5048 | 2019-10-09 | A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to... |
| CVE-2019-5050 | 2019-10-09 | A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to... |
| CVE-2019-5700 | 2019-10-09 | NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead... |
| CVE-2019-5699 | 2019-10-09 | NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation... |
| CVE-2019-17366 | 2019-10-09 | Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control. |
| CVE-2019-17365 | 2019-10-09 | Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable. |
| CVE-2019-17109 | 2019-10-09 | Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation. |
| CVE-2019-17414 | 2019-10-09 | tinylcy Vino through 2017-12-15 allows remote attackers to cause a denial of service ("vn_get_string error: Resource temporarily unavailable" error and daemon crash) via a long URL. |
| CVE-2019-17415 | 2019-10-09 | A Structured Exception Handler (SEH) based buffer overflow in File Sharing Wizard 1.5.0 26-8-2008 allows remote unauthenticated attackers to execute arbitrary code via the HTTP DELETE method, a similar issue... |
| CVE-2019-17417 | 2019-10-09 | PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs. |
| CVE-2019-17419 | 2019-10-09 | An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter. |
| CVE-2019-17418 | 2019-10-09 | An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997. |
| CVE-2019-17420 | 2019-10-09 | In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a... |
| CVE-2019-10936 | 2019-10-10 | Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition. |
| CVE-2019-17426 | 2019-10-10 | Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding "_bsontype":"a" can sometimes interfere... |
| CVE-2019-17427 | 2019-10-10 | In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors. |
| CVE-2019-17430 | 2019-10-10 | EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter. |
| CVE-2019-17429 | 2019-10-10 | Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id parameter. |
| CVE-2019-17070 | 2019-10-10 | The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin before 1.0.7 for WordPress allows XSS with Internet Explorer. |
| CVE-2019-17071 | 2019-10-10 | The client-dash (aka Client Dash) plugin 2.1.4 for WordPress allows XSS. |
| CVE-2019-17072 | 2019-10-10 | The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php. |
| CVE-2019-17432 | 2019-10-10 | An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter. |
| CVE-2019-17431 | 2019-10-10 | An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability. |
| CVE-2019-17433 | 2019-10-10 | z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen. |
| CVE-2019-17434 | 2019-10-10 | LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen. |
| CVE-2019-0608 | 2019-10-10 | A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357. |
| CVE-2019-1060 | 2019-10-10 | A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. |
| CVE-2019-1070 | 2019-10-10 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. |
| CVE-2019-1166 | 2019-10-10 | A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'. |
| CVE-2019-1230 | 2019-10-10 | An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system,... |
| CVE-2019-1238 | 2019-10-10 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1239. |
| CVE-2019-1239 | 2019-10-10 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1238. |
| CVE-2019-1307 | 2019-10-10 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE... |
| CVE-2019-1308 | 2019-10-10 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE... |
| CVE-2019-1311 | 2019-10-10 | A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory, aka 'Windows Imaging API Remote Code Execution Vulnerability'. |
| CVE-2019-1313 | 2019-10-10 | An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique... |
| CVE-2019-1314 | 2019-10-10 | A security feature bypass vulnerability exists in Windows 10 Mobile when Cortana allows a user to access files and folders through the locked screen, aka 'Windows 10 Mobile Security Feature... |
| CVE-2019-1316 | 2019-10-10 | An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka 'Microsoft Windows Setup Elevation of Privilege Vulnerability'. |
| CVE-2019-1317 | 2019-10-10 | A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'. |
| CVE-2019-1315 | 2019-10-10 | An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from... |
| CVE-2019-1318 | 2019-10-10 | A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions, aka 'Microsoft Windows Transport Layer Security Spoofing Vulnerability'. |
| CVE-2019-1319 | 2019-10-10 | An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. |
| CVE-2019-1320 | 2019-10-10 | An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1322, CVE-2019-1340. |
| CVE-2019-1321 | 2019-10-10 | An elevation of privilege vulnerability exists when Windows CloudStore improperly handles file Discretionary Access Control List (DACL), aka 'Microsoft Windows CloudStore Elevation of Privilege Vulnerability'. |
| CVE-2019-1323 | 2019-10-10 | An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE... |
| CVE-2019-1325 | 2019-10-10 | An elevation of privilege vulnerability exists in the Windows redirected drive buffering system (rdbss.sys) when the operating system improperly handles specific local calls within Windows 7 for 32-bit systems, aka... |
| CVE-2019-1326 | 2019-10-10 | A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop... |