Lista CVE - 2019 / Ottobre
Visualizzazione 1501 - 1566 di 1566 CVE per Ottobre 2019 (Pagina 16 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-18361 | 2019-10-31 | JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution. |
| CVE-2019-18362 | 2019-10-31 | JetBrains MPS before 2019.2.2 exposed listening ports to the network. |
| CVE-2019-18363 | 2019-10-31 | In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances. |
| CVE-2018-21030 | 2019-10-31 | Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in... |
| CVE-2019-18364 | 2019-10-31 | In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution. |
| CVE-2019-18365 | 2019-10-31 | In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. |
| CVE-2019-18366 | 2019-10-31 | In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission. |
| CVE-2019-18367 | 2019-10-31 | In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions. |
| CVE-2019-3419 | 2019-10-31 | A security vulnerability exists in a management port in the version of ZTE's ZXMP M721V3.10P01B10_M2NCP. An attacker could exploit this vulnerability to build a link to the device and send... |
| CVE-2010-2490 | 2019-10-31 | Mumble: murmur-server has DoS due to malformed client query |
| CVE-2019-18368 | 2019-10-31 | In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. |
| CVE-2019-18369 | 2019-10-31 | In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible. |
| CVE-2019-3421 | 2019-10-31 | The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a Command Injection vulnerability. Unauthorized users can exploit this vulnerability to control the user terminal system. |
| CVE-2009-5043 | 2019-10-31 | burn allows file names to escape via mishandled quotation marks |
| CVE-2009-5041 | 2019-10-31 | overkill has buffer overflow via long player names that can corrupt data on the server machine |
| CVE-2009-5042 | 2019-10-31 | python-docutils allows insecure usage of temporary files |
| CVE-2019-12612 | 2019-10-31 | An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to... |
| CVE-2019-16251 | 2019-10-31 | plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. |
| CVE-2019-18465 | 2019-10-31 | In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability... |
| CVE-2019-18464 | 2019-10-31 | In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that could... |
| CVE-2019-18656 | 2019-10-31 | Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements. |
| CVE-2019-14356 | 2019-10-31 | On Coldcard MK1 and MK2 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated... |
| CVE-2013-1910 | 2019-10-31 | yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the... |
| CVE-2019-18657 | 2019-10-31 | ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function. |
| CVE-2013-1930 | 2019-10-31 | MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. |
| CVE-2013-1931 | 2019-10-31 | A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. |
| CVE-2013-1932 | 2019-10-31 | A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name. |
| CVE-2013-1934 | 2019-10-31 | A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex... |
| CVE-2019-18396 | 2019-10-31 | An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20... |
| CVE-2013-1945 | 2019-10-31 | ruby193 uses an insecure LD_LIBRARY_PATH setting. |
| CVE-2019-15710 | 2019-10-31 | An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted... |
| CVE-2019-5150 | 2019-10-31 | An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the "VideoTags" plugin is enabled, a specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial... |
| CVE-2013-1951 | 2019-10-31 | A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. |
| CVE-2019-5151 | 2019-10-31 | An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database... |
| CVE-2013-2012 | 2019-10-31 | autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory. |
| CVE-2019-5095 | 2019-10-31 | An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via... |
| CVE-2019-5049 | 2019-10-31 | An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a... |
| CVE-2013-2024 | 2019-10-31 | OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0. |
| CVE-2019-5043 | 2019-10-31 | An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a... |
| CVE-2019-5010 | 2019-10-31 | An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a... |
| CVE-2019-5030 | 2019-10-31 | A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220). While parsing a document text info container, the... |
| CVE-2019-5023 | 2019-10-31 | An exploitable vulnerability exists in the grsecurity PaX patch for the function read_kmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version grsecurity-3.1-4.9.8-201702060653 to grsecurity-3.1-4.9.24-201704252333, grsecurity unofficial from... |
| CVE-2018-4064 | 2019-10-31 | An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration... |
| CVE-2018-4031 | 2019-10-31 | An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The... |
| CVE-2018-3983 | 2019-10-31 | An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized... |
| CVE-2018-4002 | 2019-10-31 | An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers,... |
| CVE-2013-2075 | 2019-10-31 | Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a... |
| CVE-2012-6122 | 2019-10-31 | Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. |
| CVE-2012-6123 | 2019-10-31 | Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack." |
| CVE-2012-6124 | 2019-10-31 | A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security... |
| CVE-2012-6125 | 2019-10-31 | Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions. |
| CVE-2019-13551 | 2019-10-31 | Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can... |
| CVE-2019-13508 | 2019-10-31 | FreeTDS through 1.1.11 has a Buffer Overflow. |
| CVE-2010-2548 | 2019-10-31 | IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files. |
| CVE-2010-2783 | 2019-10-31 | IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services. |
| CVE-2019-13547 | 2019-10-31 | Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication. |
| CVE-2019-16295 | 2019-10-31 | Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename... |
| CVE-2019-18227 | 2019-10-31 | Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data. |
| CVE-2019-18229 | 2019-10-31 | Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information. |
| CVE-2019-18228 | 2019-10-31 | Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affected products where a specially crafted HTTP packet request could result in a denial of service. |
| CVE-2019-18230 | 2019-10-31 | Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP. |
| CVE-2019-18226 | 2019-10-31 | Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a... |
| CVE-2019-16675 | 2019-10-31 | An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead... |
| CVE-2019-16906 | 2019-10-31 | An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without... |
| CVE-2019-16907 | 2019-10-31 | An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. It is possible to obtain a list of all valid Jira usernames without authentication/authorization via... |
| CVE-2019-16908 | 2019-11-01 | An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via... |
| CVE-2019-16909 | 2019-11-01 | An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as... |
| CVE-2019-18636 | 2019-11-01 | A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum (aka ASP.NET forum) 8.3.8 allows remote attackers to inject arbitrary web script or HTML via the gravatar URL parameter. |
| CVE-2013-2600 | 2019-11-01 | MiniUPnPd has information disclosure use of snprintf() |
| CVE-2013-2738 | 2019-11-01 | minidlna has SQL Injection that may allow retrieval of arbitrary files |
| CVE-2013-2739 | 2019-11-01 | MiniDLNA has heap-based buffer overflow |
| CVE-2013-3718 | 2019-11-01 | evince is missing a check on number of pages which can lead to a segmentation fault |
| CVE-2013-4751 | 2019-11-01 | php-symfony2-Validator has loss of information during serialization |
| CVE-2005-3056 | 2019-11-01 | TWiki allows arbitrary shell command execution via the Include function |
| CVE-2011-3923 | 2019-11-01 | Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. |
| CVE-2012-2979 | 2019-11-01 | FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server. |
| CVE-2019-15588 | 2019-11-01 | There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied... |
| CVE-2019-6657 | 2019-11-01 | On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP... |
| CVE-2019-6658 | 2019-11-01 | On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack. |
| CVE-2019-12752 | 2019-11-01 | The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use... |
| CVE-2013-1666 | 2019-11-01 | Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. |
| CVE-2013-2227 | 2019-11-01 | GLPI 0.83.7 has Local File Inclusion in common.tabs.php. |
| CVE-2010-3660 | 2019-11-01 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend. |
| CVE-2013-4367 | 2019-11-01 | ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of... |
| CVE-2010-3661 | 2019-11-01 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend. |
| CVE-2005-2350 | 2019-11-01 | Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remote attackers to inject arbitrary web script or HTML code in the web user interface. |
| CVE-2013-0165 | 2019-11-01 | cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp. |
| CVE-2019-18653 | 2019-11-01 | A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript... |
| CVE-2013-0178 | 2019-11-01 | Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm. |
| CVE-2013-0180 | 2019-11-01 | Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds. |
| CVE-2019-18654 | 2019-11-01 | A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an... |
| CVE-2013-2255 | 2019-11-01 | HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. |
| CVE-2013-0186 | 2019-11-01 | Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2005-2351 | 2019-11-01 | Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. |
| CVE-2013-4168 | 2019-11-01 | Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields. |
| CVE-2005-2352 | 2019-11-01 | I race condition in Temp files was found in gs-gpl before 8.56 addons scripts. |
| CVE-2019-6470 | 2019-11-01 | dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries |
| CVE-2019-18659 | 2019-11-02 | The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block... |
| CVE-2019-18661 | 2019-11-02 | Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. An attack does not achieve administrative control of a device; however,... |
| CVE-2019-18662 | 2019-11-02 | An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to... |