Lista CVE - 2019 / Gennaio
Visualizzazione 901 - 1000 di 1212 CVE per Gennaio 2019 (Pagina 10 di 13)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2018-11993 | 2019-01-18 | Improper check while accessing the local memory stack on MQTT connection request can lead to buffer overflow in snapdragon wear in versions MDM9206, MDM9607 |
| CVE-2018-11998 | 2019-01-18 | While processing a packet decode request in MQTT, Race condition can occur leading to an out-of-bounds access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD... |
| CVE-2018-11999 | 2019-01-18 | Improper input validation in trustzone can lead to denial of service in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD... |
| CVE-2018-3595 | 2019-01-18 | Anti-rollback can be bypassed in replay scenario during app loading due to improper error handling of RPMB writes in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607,... |
| CVE-2018-5867 | 2019-01-18 | Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD... |
| CVE-2018-5868 | 2019-01-18 | Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile and snapdragon mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD... |
| CVE-2018-5869 | 2019-01-18 | Improper input validation in the QTEE keymaster app can lead to invalid memory access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD... |
| CVE-2018-5879 | 2019-01-18 | Improper length check while processing an MQTT message can lead to heap overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD... |
| CVE-2018-5880 | 2019-01-18 | Improper data length check while processing an event report indication can lead to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205,... |
| CVE-2018-5881 | 2019-01-18 | Improper validation of buffer length checks in the lwm2m device management protocol can leads to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD... |
| CVE-2018-5915 | 2019-01-18 | Exception in Modem IP stack while processing IPv6 packet in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425,... |
| CVE-2018-15784 | 2019-01-18 | DSA-2019-001: Dell Networking OS10 Improper Certificate Validation Vulnerability |
| CVE-2019-3772 | 2019-01-18 | Spring Integration XML External Entity Injection (XXE) |
| CVE-2019-3773 | 2019-01-18 | Spring Web Services XML External Entity Injection (XXE) |
| CVE-2019-3774 | 2019-01-18 | Spring Batch XML External Entity Injection (XXE) |
| CVE-2019-6496 | 2019-01-19 | The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool... |
| CVE-2019-6497 | 2019-01-19 | Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter. |
| CVE-2018-18908 | 2019-01-19 | The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle... |
| CVE-2019-6498 | 2019-01-21 | GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in dbus/gattlib.c because strncpy is misused. |
| CVE-2019-6499 | 2019-01-21 | Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the... |
| CVE-2019-6500 | 2019-01-21 | In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated... |
| CVE-2016-10739 | 2019-01-21 | In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters,... |
| CVE-2019-6502 | 2019-01-22 | sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. |
| CVE-2019-1003000 | 2019-01-22 | A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the... |
| CVE-2019-1003001 | 2019-01-22 | A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint... |
| CVE-2019-1003002 | 2019-01-22 | A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that... |
| CVE-2019-1003003 | 2019-01-22 | An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never... |
| CVE-2019-1003004 | 2019-01-22 | An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though... |
| CVE-2018-13374 | 2019-01-22 | A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in... |
| CVE-2019-6503 | 2019-01-22 | There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method... |
| CVE-2018-14666 | 2019-01-22 | An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent... |
| CVE-2017-6922 | 2019-01-22 | Files uploaded by anonymous users into a private file system can be accessed by other anonymous users |
| CVE-2018-19634 | 2019-01-22 | CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information. |
| CVE-2018-19635 | 2019-01-22 | CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface. |
| CVE-2019-6338 | 2019-01-22 | third-party PEAR Archive_Tar library updates |
| CVE-2019-6339 | 2019-01-22 | PHAR stream wrapper Arbitrary PHP code execution |
| CVE-2019-6507 | 2019-01-22 | An issue was discovered in creditease-sec insight through 2018-09-11. login_user_delete in srcpm/app/admin/views.py allows CSRF. |
| CVE-2019-6508 | 2019-01-22 | An issue was discovered in creditease-sec insight through 2018-09-11. role_perm_delete in srcpm/app/admin/views.py allows CSRF. |
| CVE-2019-6509 | 2019-01-22 | An issue was discovered in creditease-sec insight through 2018-09-11. depart_delete in srcpm/app/admin/views.py allows CSRF. |
| CVE-2019-6510 | 2019-01-22 | An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app/admin/views.py allows CSRF. |
| CVE-2017-6923 | 2019-01-22 | Access bypass in Drupal 8 views |
| CVE-2018-6443 | 2019-01-22 | A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented... |
| CVE-2018-6444 | 2019-01-22 | A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands. |
| CVE-2018-6445 | 2019-01-22 | A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the... |
| CVE-2019-6260 | 2019-01-22 | The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address... |
| CVE-2018-19011 | 2019-01-22 | CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application. |
| CVE-2018-19013 | 2019-01-22 | An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. |
| CVE-2018-19017 | 2019-01-22 | Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prior). When processing project files, the application fails to check if it is referencing freed memory. An... |
| CVE-2018-19019 | 2019-01-22 | A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under... |
| CVE-2019-6706 | 2019-01-23 | Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which... |
| CVE-2019-6691 | 2019-01-23 | phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[] parameter, related to the "--backup database" option. |
| CVE-2019-3584 | 2019-01-23 | Exploitation of Authentication vulnerability |
| CVE-2019-3587 | 2019-01-23 | DLL Search Order Hijacking vulnerability |
| CVE-2018-1751 | 2019-01-23 | IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 148512. |
| CVE-2018-2026 | 2019-01-23 | IBM Financial Transaction Manager 3.2.1 for Digital Payments could allow an authenticated user to obtain a directory listing of internal product files. IBM X-Force ID: 155552. |
| CVE-2018-15614 | 2019-01-23 | IP Office one-X Portal XSS |
| CVE-2017-15720 | 2019-01-23 | In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object. |
| CVE-2017-17835 | 2019-01-23 | In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow. |
| CVE-2017-17836 | 2019-01-23 | In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow,... |
| CVE-2018-20245 | 2019-01-23 | The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking. |
| CVE-2019-6707 | 2019-01-23 | PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter. |
| CVE-2019-6708 | 2019-01-23 | PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter. |
| CVE-2019-6713 | 2019-01-23 | app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a file_put_contents... |
| CVE-2019-6719 | 2019-01-23 | An issue has been found in libIEC61850 v1.3.1. There is a use-after-free in the getState function in mms/iso_server/iso_server.c, as demonstrated by examples/server_example_goose/server_example_goose.c and examples/server_example_61400_25/server_example_61400_25.c. |
| CVE-2018-0187 | 2019-01-23 | Cisco Identity Services Engine Privileged Account Sensitive Information Disclosure Vulnerability |
| CVE-2018-1000997 | 2019-01-23 | A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java, jelly/src/main/java/org/kohsuke/stapler/jelly/JellyFacet.java, jruby/src/main/java/org/kohsuke/stapler/jelly/jruby/JRubyFacet.java, jsp/src/main/java/org/kohsuke/stapler/jsp/JSPFacet.java that allows attackers to... |
| CVE-2018-15455 | 2019-01-23 | Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability |
| CVE-2018-15459 | 2019-01-23 | Cisco Identity Services Engine Privilege Escalation Vulnerability |
| CVE-2019-1636 | 2019-01-23 | Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability |
| CVE-2019-1637 | 2019-01-23 | Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities |
| CVE-2019-1638 | 2019-01-23 | Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities |
| CVE-2019-1639 | 2019-01-23 | Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities |
| CVE-2019-1640 | 2019-01-23 | Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities |
| CVE-2019-1641 | 2019-01-23 | Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities |
| CVE-2019-1642 | 2019-01-23 | Cisco Firepower Management Center Cross-Site Scripting Vulnerability |
| CVE-2019-1643 | 2019-01-23 | Cisco Prime Infrastructure Cross-Site Scripting Vulnerability |
| CVE-2019-1644 | 2019-01-23 | Cisco IoT Field Network Director Resource Exhaustion Denial of Service Vulnerability |
| CVE-2018-17625 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-17626 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-17627 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-17628 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-17629 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-17630 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-17631 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-17632 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-17633 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-17634 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-17635 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-17636 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-17637 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-17638 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-17639 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-17640 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-17641 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-17642 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-17643 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-17644 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-17645 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-17646 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2018-17647 | 2019-01-24 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit... |