Lista CVE - 2019 / Ottobre
Visualizzazione 101 - 200 di 1566 CVE per Ottobre 2019 (Pagina 2 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-12697 | 2019-10-02 | Cisco Firepower System Software Detection Engine RTF and RAR Malware and File Policy Bypass Vulnerabilities |
| CVE-2019-12698 | 2019-10-02 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN CPU Denial of Service Vulnerability |
| CVE-2019-12699 | 2019-10-02 | Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities |
| CVE-2019-12700 | 2019-10-02 | Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability |
| CVE-2019-12701 | 2019-10-02 | Cisco Firepower Management Center Software File and Malware Policy Bypass Vulnerability |
| CVE-2019-12706 | 2019-10-02 | Cisco Email Security Appliance Filter Bypass Vulnerability |
| CVE-2019-12707 | 2019-10-02 | Multiple Cisco Unified Communications Products Cross-Site Scripting Vulnerability |
| CVE-2019-12710 | 2019-10-02 | Cisco Unified Communications Manager SQL Injection Vulnerability |
| CVE-2019-12711 | 2019-10-02 | Cisco Unified Communications Manager XML External Expansion Vulnerability |
| CVE-2019-12712 | 2019-10-02 | Cisco Prime Infrastructure Cross-Site Scripting Vulnerability |
| CVE-2019-12713 | 2019-10-02 | Cisco Prime Infrastructure Cross-Site Scripting Vulnerability |
| CVE-2019-12714 | 2019-10-02 | Cisco IC3000 Industrial Compute Gateway Denial of Service Vulnerability |
| CVE-2019-12715 | 2019-10-02 | Cisco Unified Communications Manager Cross-Site Scripting Vulnerability |
| CVE-2019-12716 | 2019-10-02 | Cisco Unified Communications Manager Cross-Site Scripting Vulnerability |
| CVE-2019-15256 | 2019-10-02 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv1 Denial of Service Vulnerability |
| CVE-2019-15259 | 2019-10-02 | Cisco Unified Contact Center Express HTTP Response Splitting Vulnerability |
| CVE-2019-15272 | 2019-10-02 | Cisco Unified Communications Manager Security Bypass Vulnerability |
| CVE-2019-1915 | 2019-10-02 | Multiple Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability |
| CVE-2019-11929 | 2019-10-02 | Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions... |
| CVE-2019-11651 | 2019-10-02 | Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2.... |
| CVE-2019-15809 | 2019-10-03 | Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local... |
| CVE-2019-13628 | 2019-10-03 | wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely... |
| CVE-2019-13629 | 2019-10-03 | MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands... |
| CVE-2019-3834 | 2019-10-03 | It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits... |
| CVE-2019-4422 | 2019-10-03 | IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could allow an authenticated user to change the accessmgr password. IBM X-Force ID: 162768. |
| CVE-2019-4441 | 2019-10-03 | IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force... |
| CVE-2018-10103 | 2019-10-03 | tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). |
| CVE-2018-10105 | 2019-10-03 | tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). |
| CVE-2018-14461 | 2019-10-03 | The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). |
| CVE-2018-14462 | 2019-10-03 | The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). |
| CVE-2018-14463 | 2019-10-03 | The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167. |
| CVE-2018-14464 | 2019-10-03 | The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). |
| CVE-2018-14465 | 2019-10-03 | The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). |
| CVE-2018-14466 | 2019-10-03 | The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). |
| CVE-2018-14467 | 2019-10-03 | The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). |
| CVE-2018-14468 | 2019-10-03 | The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). |
| CVE-2018-14469 | 2019-10-03 | The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print(). |
| CVE-2018-14470 | 2019-10-03 | The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2(). |
| CVE-2018-14879 | 2019-10-03 | The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). |
| CVE-2018-14880 | 2019-10-03 | The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). |
| CVE-2018-14881 | 2019-10-03 | The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). |
| CVE-2018-14882 | 2019-10-03 | The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. |
| CVE-2018-16227 | 2019-10-03 | The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. |
| CVE-2018-16228 | 2019-10-03 | The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix(). |
| CVE-2018-16229 | 2019-10-03 | The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). |
| CVE-2018-16230 | 2019-10-03 | The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). |
| CVE-2018-16300 | 2019-10-03 | The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. |
| CVE-2018-16301 | 2019-10-03 | The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem... |
| CVE-2018-16451 | 2019-10-03 | The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. |
| CVE-2018-16452 | 2019-10-03 | The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. |
| CVE-2019-15166 | 2019-10-03 | lmp_print in tcpdump lacks certain boundary checks |
| CVE-2019-15161 | 2019-10-03 | rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a... |
| CVE-2019-15162 | 2019-10-03 | rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames. |
| CVE-2019-15163 | 2019-10-03 | rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails. |
| CVE-2019-16931 | 2019-10-03 | A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via... |
| CVE-2019-15164 | 2019-10-03 | rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source. |
| CVE-2019-15165 | 2019-10-03 | sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. |
| CVE-2019-16866 | 2019-10-03 | Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control... |
| CVE-2019-16328 | 2019-10-03 | In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings. |
| CVE-2019-15766 | 2019-10-03 | The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary... |
| CVE-2019-16198 | 2019-10-03 | KSLabs KSWEB 3.93 allows ../ directory traversal, as demonstrated by the hostFile parameter. |
| CVE-2019-11932 | 2019-10-03 | A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android... |
| CVE-2019-13323 | 2019-10-03 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2019-13324 | 2019-10-03 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2019-13325 | 2019-10-03 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2019-13332 | 2019-10-03 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-13326 | 2019-10-03 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-13327 | 2019-10-03 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-13328 | 2019-10-03 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-13329 | 2019-10-03 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-13330 | 2019-10-03 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-13331 | 2019-10-03 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-17113 | 2019-10-03 | In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer... |
| CVE-2019-16891 | 2019-10-04 | Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload. |
| CVE-2019-17121 | 2019-10-04 | REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values. |
| CVE-2019-17130 | 2019-10-04 | vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories. |
| CVE-2019-17131 | 2019-10-04 | vBulletin before 5.5.4 allows clickjacking. |
| CVE-2019-17132 | 2019-10-04 | vBulletin through 5.5.4 mishandles custom avatars. |
| CVE-2019-17133 | 2019-10-04 | In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. |
| CVE-2018-11768 | 2019-10-04 | In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from... |
| CVE-2019-4227 | 2019-10-04 | IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to... |
| CVE-2019-4514 | 2019-10-04 | IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force... |
| CVE-2019-4564 | 2019-10-04 | IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering... |
| CVE-2019-17175 | 2019-10-04 | joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path traversal. |
| CVE-2019-17178 | 2019-10-04 | HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to... |
| CVE-2019-17177 | 2019-10-04 | libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return... |
| CVE-2019-13316 | 2019-10-04 | This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-13315 | 2019-10-04 | This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-13317 | 2019-10-04 | This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-13318 | 2019-10-04 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-13319 | 2019-10-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-13320 | 2019-10-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-6774 | 2019-10-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-6775 | 2019-10-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-6776 | 2019-10-04 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-6015 | 2019-10-04 | FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firmware versions 1.1.7 and earlier contain an issue where they may behave as open resolvers. If this vulnerability is exploited, FON routers may be... |
| CVE-2019-17179 | 2019-10-04 | 4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1 |
| CVE-2019-11655 | 2019-10-04 | Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type. |
| CVE-2019-11656 | 2019-10-04 | Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. This vulnerability could allow Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). |
| CVE-2019-17180 | 2019-10-04 | Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to... |