Lista CVE - 2019 / Febbraio
Visualizzazione 301 - 400 di 838 CVE per Febbraio 2019 (Pagina 4 di 9)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-5736 | 2019-02-11 | runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability... |
| CVE-2018-20772 | 2019-02-11 | Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI. |
| CVE-2018-20773 | 2019-02-11 | Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines. |
| CVE-2018-20774 | 2019-02-11 | Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field. |
| CVE-2018-20775 | 2019-02-11 | admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI. |
| CVE-2018-20776 | 2019-02-11 | Frog CMS 0.9.5 provides a directory listing for a /public request. |
| CVE-2018-20777 | 2019-02-11 | Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field. |
| CVE-2018-20778 | 2019-02-11 | admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element. |
| CVE-2018-20779 | 2019-02-11 | Traq 3.7.1 allows SQL Injection via a tickets?search= URI. |
| CVE-2018-20780 | 2019-02-11 | Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1). |
| CVE-2019-7718 | 2019-02-11 | An issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsql&tables=<?php and admin/databack/bakup_tables.php?2=file_put_contents URIs... |
| CVE-2019-7719 | 2019-02-11 | Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request. |
| CVE-2019-7720 | 2019-02-11 | taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request. |
| CVE-2019-7721 | 2019-02-11 | lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters. |
| CVE-2018-20587 | 2019-02-11 | Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4... |
| CVE-2019-6975 | 2019-02-11 | Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function. |
| CVE-2019-7722 | 2019-02-11 | PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks... |
| CVE-2018-11847 | 2019-02-11 | Malicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt the QSEE kernel and compromise... |
| CVE-2018-11855 | 2019-02-11 | If an end user makes use of SCP11 sample OCE code without modification it could lead to a buffer overflow when transmitting a CAPDU in Snapdragon Auto, Snapdragon Compute, Snapdragon... |
| CVE-2018-11888 | 2019-02-11 | Unauthorized access may be allowed by the SCP11 Crypto Services TA will processing commands from other TA in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer... |
| CVE-2018-11899 | 2019-02-11 | While processing radio connection status change events, Radio index is not properly validated in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice &... |
| CVE-2018-11962 | 2019-02-11 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Use-after-free issue in heap while loading audio effects config in audio effects... |
| CVE-2018-12006 | 2019-02-11 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to... |
| CVE-2018-12010 | 2019-02-11 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Absence of length sanity check may lead to possible stack overflow resulting... |
| CVE-2018-12011 | 2019-02-11 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Uninitialized data for socket address leads to information exposure. |
| CVE-2018-12014 | 2019-02-11 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in... |
| CVE-2018-12547 | 2019-02-11 | In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated... |
| CVE-2018-12549 | 2019-02-11 | In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it. |
| CVE-2018-13888 | 2019-02-11 | There is potential for memory corruption in the RIL daemon due to de reference of memory outside the allocated array length in RIL in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon... |
| CVE-2018-13889 | 2019-02-11 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Heap memory was accessed after it was freed |
| CVE-2018-13893 | 2019-02-11 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value... |
| CVE-2018-15586 | 2019-02-11 | Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email. |
| CVE-2018-15587 | 2019-02-11 | GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated... |
| CVE-2018-15588 | 2019-02-11 | MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email. |
| CVE-2019-7730 | 2019-02-11 | MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI. |
| CVE-2019-7731 | 2019-02-11 | MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the... |
| CVE-2019-7732 | 2019-02-11 | In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response),... |
| CVE-2019-7733 | 2019-02-11 | In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove. |
| CVE-2019-7736 | 2019-02-11 | D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. NOTE: this may overlap CVE-2019-13101. |
| CVE-2018-17542 | 2019-02-11 | SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds |
| CVE-2018-18569 | 2019-02-11 | The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests (with certain restrictions) that will be executed on behalf... |
| CVE-2019-6489 | 2019-02-11 | Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to erase stored shortcuts. |
| CVE-2019-7737 | 2019-02-11 | A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit. |
| CVE-2019-7738 | 2019-02-11 | C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI. |
| CVE-2019-7747 | 2019-02-11 | DbNinja 3.2.7 allows session fixation via the data.php sessid parameter. |
| CVE-2019-7748 | 2019-02-11 | _includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists. |
| CVE-2018-20242 | 2019-02-11 | A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking. |
| CVE-2018-9582 | 2019-02-12 | In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation... |
| CVE-2018-9583 | 2019-02-12 | In bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code... |
| CVE-2018-9584 | 2019-02-12 | In nfc_ncif_set_config_status of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to... |
| CVE-2018-9585 | 2019-02-12 | In nfc_ncif_proc_get_routing of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to... |
| CVE-2018-9586 | 2019-02-12 | In run of InstallPackageTask.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, it is possible that package verification is turned off and remains off due to a race condition. This... |
| CVE-2018-9587 | 2019-02-12 | In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is possible unauthorized access to files within the contact app due to a confused deputy scenario. This... |
| CVE-2018-9588 | 2019-02-12 | In avdt_scb_hdl_report of avdt_scb_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to... |
| CVE-2018-9589 | 2019-02-12 | In ieee802_11_rx_wnmsleep_req of wnm_ap.c in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to... |
| CVE-2018-9590 | 2019-02-12 | In add_attr of sdp_discovery.c in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to... |
| CVE-2018-9591 | 2019-02-12 | In bta_hh_ctrl_dat_act of bta_hh_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to... |
| CVE-2018-9592 | 2019-02-12 | In mca_ccb_hdl_rsp of mca_cact.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to... |
| CVE-2018-9593 | 2019-02-12 | In llcp_dlc_proc_i_pdu of llcp_dlc.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an incorrect bounds check. This could lead to... |
| CVE-2018-9594 | 2019-02-12 | In llcp_link_proc_agf_pdu of llcp_link.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an integer overflow. This could lead to local... |
| CVE-2019-3923 | 2019-02-12 | Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via... |
| CVE-2019-5595 | 2019-02-12 | In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call... |
| CVE-2019-5596 | 2019-02-12 | In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file... |
| CVE-2019-7753 | 2019-02-12 | Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer parameter. |
| CVE-2018-20781 | 2019-02-12 | In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. |
| CVE-2019-6527 | 2019-02-12 | PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) may allow an attacker to be able to change the password for an admin user who is currently... |
| CVE-2019-6533 | 2019-02-12 | Registers used to store Modbus values can be read and written from the web interface without authentication in the PR100088 Modbus gateway versions prior to Release R02 (or Software Version... |
| CVE-2019-7739 | 2019-02-12 | An issue was discovered in Joomla! before 3.9.3. The "No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior. However, it might be unexpected for the... |
| CVE-2019-7740 | 2019-02-12 | An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector. |
| CVE-2019-7741 | 2019-02-12 | An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS. |
| CVE-2019-7742 | 2019-02-12 | An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector. |
| CVE-2019-7743 | 2019-02-12 | An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR... |
| CVE-2019-7744 | 2019-02-12 | An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability. |
| CVE-2019-6549 | 2019-02-12 | An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) through FTP. |
| CVE-2019-7550 | 2019-02-12 | In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the "create user" function. If a register/check/username?username= request corresponds to a username that exists, then... |
| CVE-2018-19645 | 2019-02-12 | Solutions Business Manager (SBM) Authentication Bypass Issue in Version prior to 11.5 |
| CVE-2018-5499 | 2019-02-12 | ATTO FibreBridge 7500N firmware version 2.95 is susceptible to a vulnerability which allows attackers to cause a Denial of Service (DoS). |
| CVE-2019-1688 | 2019-02-12 | Cisco Network Assurance Engine CLI Access with Default Password Vulnerability |
| CVE-2017-0938 | 2019-02-12 | Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks. |
| CVE-2018-19018 | 2019-02-12 | An access of uninitialized pointer vulnerability in CX-Supervisor (Versions 3.42 and prior) could lead to type confusion when processing project files. An attacker could use a specially crafted project file... |
| CVE-2018-19020 | 2019-02-12 | When CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an... |
| CVE-2019-8308 | 2019-02-12 | Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file. |
| CVE-2019-6537 | 2019-02-13 | Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of... |
| CVE-2019-6539 | 2019-02-13 | Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with... |
| CVE-2019-6541 | 2019-02-13 | A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend... |
| CVE-2018-20253 | 2019-02-13 | In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary... |
| CVE-2019-6543 | 2019-02-13 | AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program... |
| CVE-2019-6545 | 2019-02-13 | AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use... |
| CVE-2019-8312 | 2019-02-13 | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell.... |
| CVE-2019-8313 | 2019-02-13 | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell.... |
| CVE-2019-8314 | 2019-02-13 | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell.... |
| CVE-2019-8315 | 2019-02-13 | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell.... |
| CVE-2019-8316 | 2019-02-13 | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell.... |
| CVE-2019-8317 | 2019-02-13 | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell.... |
| CVE-2019-8318 | 2019-02-13 | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell.... |
| CVE-2019-8319 | 2019-02-13 | An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell.... |
| CVE-2018-20164 | 2019-02-13 | An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service (ReDoS) issue allows remote attackers to overload a server by setting... |
| CVE-2018-15781 | 2019-02-13 | DSA-2019-022: Dell Wyse Password Encoder Hard-coded Cryptographic Key Vulnerability |
| CVE-2019-3782 | 2019-02-13 | CredHub CLI writes environment variable credentials to disk |
| CVE-2019-8334 | 2019-02-13 | An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&viewid=[XSS]. |