Lista CVE - 2019 / Ottobre
Visualizzazione 201 - 300 di 1566 CVE per Ottobre 2019 (Pagina 3 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-17183 | 2019-10-04 | Foxit Reader before 9.7 allows an Access Violation and crash if insufficient memory exists. |
| CVE-2019-16865 | 2019-10-04 | An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long... |
| CVE-2019-17188 | 2019-10-04 | An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. An attacker can bypass a front-end restriction and upload PHP code to the webserver, by providing image... |
| CVE-2019-17184 | 2019-10-04 | Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C8070 printers with software before 101.00x.089.22600 allow an attacker to gain privileges. |
| CVE-2019-17192 | 2019-10-05 | The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier... |
| CVE-2019-17191 | 2019-10-05 | The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of... |
| CVE-2019-17197 | 2019-10-05 | OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc. |
| CVE-2019-17199 | 2019-10-05 | www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring. |
| CVE-2019-17205 | 2019-10-05 | TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload... |
| CVE-2019-17204 | 2019-10-05 | TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item. |
| CVE-2019-17203 | 2019-10-05 | TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder. |
| CVE-2019-17206 | 2019-10-05 | Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts. |
| CVE-2019-17214 | 2019-10-06 | The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI. |
| CVE-2019-17213 | 2019-10-06 | The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header. |
| CVE-2019-17219 | 2019-10-06 | An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able... |
| CVE-2019-17218 | 2019-10-06 | An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker... |
| CVE-2019-17217 | 2019-10-06 | An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no CSRF protection established on the web service. |
| CVE-2019-17216 | 2019-10-06 | An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort. |
| CVE-2019-17215 | 2019-10-06 | An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection (e.g., lockout) established. An attacker might be able to... |
| CVE-2019-17225 | 2019-10-06 | Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue. |
| CVE-2019-17226 | 2019-10-06 | CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field. |
| CVE-2019-17240 | 2019-10-06 | bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers. |
| CVE-2019-17263 | 2019-10-06 | In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6... |
| CVE-2019-17264 | 2019-10-06 | In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this... |
| CVE-2019-17266 | 2019-10-06 | libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy. |
| CVE-2019-17267 | 2019-10-06 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. |
| CVE-2019-17269 | 2019-10-06 | Intellian Remote Access 3.18 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the Ping Test field. |
| CVE-2019-16263 | 2019-10-07 | The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there... |
| CVE-2018-18379 | 2019-10-07 | The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS. |
| CVE-2019-15746 | 2019-10-07 | SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of... |
| CVE-2019-15747 | 2019-10-07 | SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side. |
| CVE-2019-15748 | 2019-10-07 | SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import... |
| CVE-2019-15749 | 2019-10-07 | SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an... |
| CVE-2019-15750 | 2019-10-07 | A Cross-Site Scripting (XSS) vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| CVE-2019-15751 | 2019-10-07 | An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated... |
| CVE-2019-3688 | 2019-10-07 | squid: /usr/sbin/pinger packaged with wrong permission |
| CVE-2019-12811 | 2019-10-07 | ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to execute arbitrary command via the ShellOpen method. This can be leveraged for code execution |
| CVE-2019-12812 | 2019-10-07 | MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbitrary command via specifically crafted configuration file. This can be leveraged for code execution. |
| CVE-2015-9450 | 2019-10-07 | The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_cc pmfb_tid parameter. |
| CVE-2015-9451 | 2019-10-07 | The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter. |
| CVE-2015-9452 | 2019-10-07 | The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter. |
| CVE-2015-9453 | 2019-10-07 | The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist. |
| CVE-2015-9454 | 2019-10-07 | The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter. |
| CVE-2015-9455 | 2019-10-07 | The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action. |
| CVE-2015-9456 | 2019-10-07 | The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file theme_1, theme_1_file, or theme_1_file_contents parameter. |
| CVE-2019-17319 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user. |
| CVE-2019-17318 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user. |
| CVE-2019-17317 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user. |
| CVE-2019-17316 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user. |
| CVE-2019-17315 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user. |
| CVE-2019-17314 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user. |
| CVE-2019-17313 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user. |
| CVE-2019-17312 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user. |
| CVE-2019-17311 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user. |
| CVE-2019-17310 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Campaigns module by an Admin user. |
| CVE-2019-17309 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the EmailMan module by an Admin user. |
| CVE-2019-17308 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user. |
| CVE-2019-17307 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user. |
| CVE-2019-17306 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Configurator module by an Admin user. |
| CVE-2019-17305 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user. |
| CVE-2019-17304 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by an Admin user. |
| CVE-2019-17303 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user. |
| CVE-2019-17302 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user. |
| CVE-2019-17301 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user. |
| CVE-2019-17300 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user. |
| CVE-2019-17299 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by an Admin user. |
| CVE-2019-17298 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user. |
| CVE-2019-17297 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Quotes module by a Regular user. |
| CVE-2019-17296 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user. |
| CVE-2019-17295 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user. |
| CVE-2019-17294 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function by a Regular user. |
| CVE-2019-17293 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user. |
| CVE-2019-17292 | 2019-10-07 | SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user. |
| CVE-2019-17041 | 2019-10-07 | An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this... |
| CVE-2019-17042 | 2019-10-07 | An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this... |
| CVE-2019-15894 | 2019-10-07 | An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. An attacker who uses fault injection to physically disrupt... |
| CVE-2019-3745 | 2019-10-07 | The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only... |
| CVE-2019-17239 | 2019-10-07 | includes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin through 1.5.0 for WordPress has multiple unauthenticated stored XSS issues. |
| CVE-2019-16913 | 2019-10-07 | PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the directory and its subfolders.... |
| CVE-2019-13120 | 2019-10-07 | Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resulting in untargetable leakage of arbitrary memory contents on a device to an attacker. If an attacker has... |
| CVE-2019-17233 | 2019-10-07 | Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. |
| CVE-2019-17232 | 2019-10-07 | Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import. |
| CVE-2019-17351 | 2019-10-08 | An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of... |
| CVE-2019-17350 | 2019-10-08 | An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation. |
| CVE-2019-17349 | 2019-10-08 | An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation. |
| CVE-2019-17348 | 2019-10-08 | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and... |
| CVE-2019-17347 | 2019-10-08 | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised... |
| CVE-2019-17346 | 2019-10-08 | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context... |
| CVE-2019-17345 | 2019-10-08 | An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug... |
| CVE-2019-17344 | 2019-10-08 | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability... |
| CVE-2019-17343 | 2019-10-08 | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM... |
| CVE-2019-17342 | 2019-10-08 | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose... |
| CVE-2019-17341 | 2019-10-08 | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during... |
| CVE-2019-17340 | 2019-10-08 | An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled. |
| CVE-2019-17259 | 2019-10-08 | KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_new+0x000000000014d6ee. |
| CVE-2019-17260 | 2019-10-08 | MPC-HC through 1.7.13 allows a Read Access Violation on a Block Data Move starting at mpc_hc!memcpy+0x000000000000004e. |
| CVE-2019-17261 | 2019-10-08 | XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51. |
| CVE-2019-17262 | 2019-10-08 | XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0. |
| CVE-2019-17241 | 2019-10-08 | IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d563. |
| CVE-2019-17242 | 2019-10-08 | IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000966f. |