Lista CVE - 2019 / Aprile
Visualizzazione 301 - 400 di 1531 CVE per Aprile 2019 (Pagina 4 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2018-11970 | 2019-04-04 | TZ App dynamic allocations not protected from XBL loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650,... |
| CVE-2018-11971 | 2019-04-04 | Interrupt exit code flow may undermine access control policy set forth by secure world can lead to potential secure asset leakage in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity,... |
| CVE-2018-13918 | 2019-04-04 | kernel could return a received message length higher than expected, which leads to buffer overflow in a subsequent operation and stops normal operation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon... |
| CVE-2018-10243 | 2019-04-04 | htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header. |
| CVE-2019-1827 | 2019-04-04 | Cisco Small Business RV320 and RV325 Routers Online Help Reflected Cross-Site Scripting Vulnerability |
| CVE-2018-20449 | 2019-04-04 | The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file. |
| CVE-2019-1828 | 2019-04-04 | Cisco Small Business RV320 and RV325 Routers Weak Credential Encryption Vulnerability |
| CVE-2019-10273 | 2019-04-04 | Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication... |
| CVE-2019-1003051 | 2019-04-04 | Jenkins IRC Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. |
| CVE-2019-1003052 | 2019-04-04 | Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master... |
| CVE-2019-1003053 | 2019-04-04 | Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master... |
| CVE-2019-1003054 | 2019-04-04 | Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to... |
| CVE-2019-1003055 | 2019-04-04 | Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. |
| CVE-2019-1003056 | 2019-04-04 | Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the... |
| CVE-2019-1003057 | 2019-04-04 | Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. |
| CVE-2019-1003058 | 2019-04-04 | A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server. |
| CVE-2019-1003059 | 2019-04-04 | A missing permission check in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. |
| CVE-2019-1003060 | 2019-04-04 | Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file... |
| CVE-2019-1003061 | 2019-04-04 | Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master... |
| CVE-2019-1003062 | 2019-04-04 | Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master... |
| CVE-2019-1003063 | 2019-04-04 | Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master... |
| CVE-2019-1003064 | 2019-04-04 | Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. |
| CVE-2019-1003065 | 2019-04-04 | Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. |
| CVE-2019-1003066 | 2019-04-04 | Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. |
| CVE-2019-1003067 | 2019-04-04 | Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the... |
| CVE-2019-1003068 | 2019-04-04 | Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to... |
| CVE-2019-1003069 | 2019-04-04 | Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file... |
| CVE-2019-1003070 | 2019-04-04 | Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. |
| CVE-2019-1003071 | 2019-04-04 | Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. |
| CVE-2019-1003072 | 2019-04-04 | Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the... |
| CVE-2019-1003073 | 2019-04-04 | Jenkins VS Team Services Continuous Deployment Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or... |
| CVE-2019-1003074 | 2019-04-04 | Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. |
| CVE-2019-1003075 | 2019-04-04 | Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file... |
| CVE-2019-1003076 | 2019-04-04 | A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server. |
| CVE-2019-1003077 | 2019-04-04 | A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. |
| CVE-2019-1003078 | 2019-04-04 | A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. |
| CVE-2019-1003079 | 2019-04-04 | A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. |
| CVE-2019-1003080 | 2019-04-04 | A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server. |
| CVE-2019-1003081 | 2019-04-04 | A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. |
| CVE-2019-1003082 | 2019-04-04 | A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. |
| CVE-2019-1003083 | 2019-04-04 | A missing permission check in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. |
| CVE-2019-1003084 | 2019-04-04 | A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. |
| CVE-2019-1003085 | 2019-04-04 | A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. |
| CVE-2019-1003086 | 2019-04-04 | A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. |
| CVE-2019-1003087 | 2019-04-04 | A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. |
| CVE-2019-1003088 | 2019-04-04 | Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to... |
| CVE-2019-1003089 | 2019-04-04 | Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to... |
| CVE-2019-1003090 | 2019-04-04 | A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server. |
| CVE-2019-1003091 | 2019-04-04 | A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. |
| CVE-2019-1003092 | 2019-04-04 | A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. |
| CVE-2019-1003093 | 2019-04-04 | A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. |
| CVE-2019-1003094 | 2019-04-04 | Jenkins Open STF Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. |
| CVE-2019-1003095 | 2019-04-04 | Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. |
| CVE-2019-1003096 | 2019-04-04 | Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master... |
| CVE-2019-1003097 | 2019-04-04 | Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file... |
| CVE-2019-1003098 | 2019-04-04 | A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server. |
| CVE-2019-1003099 | 2019-04-04 | A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. |
| CVE-2019-10277 | 2019-04-04 | Jenkins StarTeam Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master... |
| CVE-2019-10278 | 2019-04-04 | A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. |
| CVE-2019-10279 | 2019-04-04 | A missing permission check in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. |
| CVE-2019-10280 | 2019-04-04 | Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file... |
| CVE-2019-10281 | 2019-04-04 | Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master... |
| CVE-2019-10282 | 2019-04-04 | Jenkins Klaros-Testmanagement Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master... |
| CVE-2019-10283 | 2019-04-04 | Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master... |
| CVE-2019-10284 | 2019-04-04 | Jenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the... |
| CVE-2019-10285 | 2019-04-04 | Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. |
| CVE-2019-10286 | 2019-04-04 | Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master... |
| CVE-2019-10287 | 2019-04-04 | Jenkins youtrack-plugin Plugin 0.7.1 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master... |
| CVE-2019-10288 | 2019-04-04 | Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. |
| CVE-2019-10289 | 2019-04-04 | A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server. |
| CVE-2019-10290 | 2019-04-04 | A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an... |
| CVE-2019-10291 | 2019-04-04 | Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to... |
| CVE-2019-10292 | 2019-04-04 | A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server. |
| CVE-2019-10293 | 2019-04-04 | A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. |
| CVE-2019-10294 | 2019-04-04 | Jenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master... |
| CVE-2019-10295 | 2019-04-04 | Jenkins crittercism-dsym Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master... |
| CVE-2019-10296 | 2019-04-04 | Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file... |
| CVE-2019-10297 | 2019-04-04 | Jenkins Sametime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. |
| CVE-2019-10298 | 2019-04-04 | Jenkins Koji Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. |
| CVE-2019-10299 | 2019-04-04 | Jenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. |
| CVE-2018-20222 | 2019-04-04 | XXE issue in Airsonic before 10.1.2 during parse. |
| CVE-2019-10856 | 2019-04-04 | In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255. |
| CVE-2019-7001 | 2019-04-04 | Avaya IPOCC WebUI SQL Injection |
| CVE-2018-20229 | 2019-04-04 | GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, and 11.5.x before 11.5.5 allows Directory Traversal. |
| CVE-2019-10863 | 2019-04-04 | A command injection vulnerability exists in TeemIp versions before 2.4.0. The new_config parameter of exec.php allows one to create a new PHP file with the exception of config information. The... |
| CVE-2019-10867 | 2019-04-04 | An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function... |
| CVE-2019-6553 | 2019-04-04 | A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input validation issue in a .dll file of RSLinx Classic where the data in a Forward... |
| CVE-2018-18068 | 2019-04-04 | The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register... |
| CVE-2018-19282 | 2019-04-04 | Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. The vulnerability allows... |
| CVE-2019-10868 | 2019-04-05 | In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field... |
| CVE-2019-10871 | 2019-04-05 | An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. |
| CVE-2019-10872 | 2019-04-05 | An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. |
| CVE-2019-10873 | 2019-04-05 | An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc. |
| CVE-2019-10876 | 2019-04-05 | An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may... |
| CVE-2019-10877 | 2019-04-05 | In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in engine/shared/map.cpp that can lead to a buffer overflow, because multiplication of width and height is mishandled. |
| CVE-2019-10878 | 2019-04-05 | In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions in engine/shared/datafile.cpp that can lead to an arbitrary free and out-of-bounds pointer write, possibly... |
| CVE-2019-10879 | 2019-04-05 | In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::Open() in engine/shared/datafile.cpp that can lead to a buffer overflow and possibly remote code execution, because size-related multiplications are mishandled. |
| CVE-2019-10874 | 2019-04-05 | Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable... |
| CVE-2019-10875 | 2019-04-05 | A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle... |
| CVE-2018-20816 | 2019-04-05 | An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard... |