Lista CVE - 2019 / Novembre
Visualizzazione 101 - 200 di 1679 CVE per Novembre 2019 (Pagina 2 di 17)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-12625 | 2019-11-05 | ClamAV Zip Bomb Vulnerability |
| CVE-2019-1789 | 2019-11-05 | ClamAV Denial of Service Vulnerability |
| CVE-2013-6275 | 2019-11-05 | Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. |
| CVE-2019-18780 | 2019-11-05 | An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are... |
| CVE-2019-15966 | 2019-11-05 | A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.... |
| CVE-2010-3670 | 2019-11-05 | TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function. |
| CVE-2019-1734 | 2019-11-05 | Cisco FXOS and NX-OS Software Sensitive File Read Information Disclosure Vulnerability |
| CVE-2010-3671 | 2019-11-05 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session. |
| CVE-2005-2354 | 2019-11-05 | Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues. |
| CVE-2010-3672 | 2019-11-05 | TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension. |
| CVE-2019-1877 | 2019-11-05 | Cisco Enterprise Chat and Email Attachment Download Vulnerability |
| CVE-2010-2222 | 2019-11-05 | The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query. |
| CVE-2019-10084 | 2019-11-05 | In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed... |
| CVE-2010-3673 | 2019-11-05 | TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API. |
| CVE-2010-3674 | 2019-11-05 | TYPO3 before 4.4.1 allows XSS in the frontend search box. |
| CVE-2019-1978 | 2019-11-05 | Cisco Firepower Threat Defense Software Stream Reassembly Bypass Vulnerability |
| CVE-2019-1980 | 2019-11-05 | Cisco Firepower Threat Defense Software Nonstandard Protocol Detection Bypass Vulnerability |
| CVE-2019-1981 | 2019-11-05 | Cisco Firepower Threat Defense Software NULL Character Obfuscation Detection Bypass Vulnerability |
| CVE-2019-1982 | 2019-11-05 | Cisco Firepower Threat Defense Software HTTP Filtering Bypass Vulnerability |
| CVE-2011-1133 | 2019-11-05 | Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php. |
| CVE-2018-19152 | 2019-11-05 | emercoin through 0.7 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and... |
| CVE-2018-19153 | 2019-11-05 | particl through 0.17 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and... |
| CVE-2018-19154 | 2019-11-05 | HTMLCOIN through 2.12 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and... |
| CVE-2018-19155 | 2019-11-05 | navcoin through 4.3.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and... |
| CVE-2011-1134 | 2019-11-05 | Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager. |
| CVE-2018-19156 | 2019-11-05 | PIVX through 3.1.03 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker... |
| CVE-2018-19157 | 2019-11-05 | Phore through 1.3.3.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker... |
| CVE-2018-19159 | 2019-11-05 | lux through 5.2.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker... |
| CVE-2018-19160 | 2019-11-05 | Diamond through 3.0.1.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker... |
| CVE-2018-19161 | 2019-11-05 | alqo through 4.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker... |
| CVE-2011-1135 | 2019-11-05 | Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php. |
| CVE-2018-19162 | 2019-11-05 | Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker... |
| CVE-2018-19163 | 2019-11-05 | stratisX through 2.0.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker... |
| CVE-2018-19164 | 2019-11-05 | reddcoin through 2.1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker... |
| CVE-2018-19165 | 2019-11-05 | neblio through 1.5.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker... |
| CVE-2018-19166 | 2019-11-05 | peercoin through 0.6.4 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker... |
| CVE-2018-19167 | 2019-11-05 | CloakCoin through 2.2.2.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker... |
| CVE-2019-16284 | 2019-11-05 | A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege.... |
| CVE-2019-5088 | 2019-11-05 | An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. A specially crafted BMP file can cause an out-of-bounds memory write, allowing a potential attacker to execute arbitrary... |
| CVE-2019-5089 | 2019-11-05 | An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 4.0.7 x64. A specially crafted JPEG file can cause an out-of-bounds memory write, allowing an attacker to execute arbitrary code... |
| CVE-2019-6142 | 2019-11-05 | It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate... |
| CVE-2019-5068 | 2019-11-05 | An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger... |
| CVE-2013-5123 | 2019-11-05 | The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. |
| CVE-2016-4983 | 2019-11-05 | A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. |
| CVE-2019-8090 | 2019-11-05 | An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout... |
| CVE-2011-1460 | 2019-11-05 | WebKit in Google Chrome before Blink M11 contains a bad cast to RenderBlock when anonymous blocks are renderblocks. |
| CVE-2019-8092 | 2019-11-05 | A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via email... |
| CVE-2019-8093 | 2019-11-05 | An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products... |
| CVE-2019-8091 | 2019-11-05 | A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger... |
| CVE-2019-8107 | 2019-11-05 | An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with export data transfer privileges can craft a... |
| CVE-2019-8108 | 2019-11-05 | Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate session validation setting for a... |
| CVE-2019-8109 | 2019-11-05 | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can... |
| CVE-2011-1459 | 2019-11-05 | The WebKit::WebPluginContainerImpl::handleEvent function in Google Chrome before Blink M11 allows an attacker to cause a denial of service (crash) via the htmlpluginelement.cpp plugin. |
| CVE-2019-8110 | 2019-11-05 | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage email templates hierarchy to manipulate the... |
| CVE-2019-8111 | 2019-11-05 | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates... |
| CVE-2019-8112 | 2019-11-05 | A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request... |
| CVE-2019-8113 | 2019-11-05 | Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration. |
| CVE-2019-8114 | 2019-11-05 | A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with... |
| CVE-2019-8115 | 2019-11-05 | A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when... |
| CVE-2019-8116 | 2019-11-05 | Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can leverage a guest session id value... |
| CVE-2019-8117 | 2019-11-05 | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticates user can inject arbitrary JavaScript code via product... |
| CVE-2019-8118 | 2019-11-05 | Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts. |
| CVE-2019-8119 | 2019-11-05 | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges... |
| CVE-2019-8120 | 2019-11-05 | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript... |
| CVE-2019-8121 | 2019-11-05 | An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries... |
| CVE-2019-8122 | 2019-11-05 | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products... |
| CVE-2019-8123 | 2019-11-05 | An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.... |
| CVE-2019-8124 | 2019-11-05 | An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Failure to track admin actions related to... |
| CVE-2019-8125 | 2019-11-05 | A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead... |
| CVE-2019-8126 | 2019-11-05 | An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an... |
| CVE-2019-8127 | 2019-11-05 | A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to an account with Newsletter Template editing... |
| CVE-2019-8128 | 2019-11-05 | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting malicious Javascript... |
| CVE-2019-8129 | 2019-11-05 | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting an embedded... |
| CVE-2019-8130 | 2019-11-05 | A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with store manipulation privileges can execute arbitrary SQL queries by... |
| CVE-2019-8131 | 2019-11-05 | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into code... |
| CVE-2019-8133 | 2019-11-05 | A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with privileges to generate sitemaps can bypass configuration that restricts... |
| CVE-2019-8134 | 2019-11-05 | A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with marketing privileges can execute arbitrary SQL queries in the... |
| CVE-2019-8135 | 2019-11-05 | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency injection through Symphony framework allows service identifiers to be derived... |
| CVE-2019-8136 | 2019-11-05 | An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in... |
| CVE-2019-8137 | 2019-11-05 | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate CMS section of the... |
| CVE-2019-8138 | 2019-11-05 | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing... |
| CVE-2019-8139 | 2019-11-05 | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary Javascript code into the dynamic block when invoking page... |
| CVE-2019-8140 | 2019-11-05 | An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the... |
| CVE-2019-8141 | 2019-11-05 | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with administrative privileges (system level... |
| CVE-2019-8142 | 2019-11-05 | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via title... |
| CVE-2019-8143 | 2019-11-05 | A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to email templates can send malicious SQL... |
| CVE-2019-8144 | 2019-11-05 | A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods. |
| CVE-2019-8146 | 2019-11-05 | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code when adding... |
| CVE-2019-8147 | 2019-11-05 | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via customer... |
| CVE-2019-8148 | 2019-11-05 | A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when creating a content page via... |
| CVE-2019-8149 | 2019-11-05 | Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can append arbitrary session id that will... |
| CVE-2019-8150 | 2019-11-05 | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate layouts and images can... |
| CVE-2019-8151 | 2019-11-05 | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can... |
| CVE-2019-8152 | 2019-11-05 | A stored cross-site scripting (XSS) vulnerability exists in in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated... |
| CVE-2019-8153 | 2019-11-05 | A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Successful exploitation of this vulnerability would result in... |
| CVE-2019-8154 | 2019-11-05 | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to modify product catalogs can trigger... |
| CVE-2019-8155 | 2019-11-05 | Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to... |
| CVE-2019-8233 | 2019-11-05 | In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML... |
| CVE-2019-8232 | 2019-11-05 | In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the... |
| CVE-2019-8231 | 2019-11-05 | In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification. |