Lista CVE - 2019 / Maggio
Visualizzazione 401 - 500 di 1316 CVE per Maggio 2019 (Pagina 5 di 14)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-10916 | 2019-05-14 | A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7... |
| CVE-2019-10917 | 2019-05-14 | A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7... |
| CVE-2019-10918 | 2019-05-14 | A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7... |
| CVE-2019-10919 | 2019-05-14 | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Attackers with access to port 10005/tcp could perform device reconfigurations and obtain project files... |
| CVE-2019-10920 | 2019-05-14 | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Project data stored on the device, which is accessible via port 10005/tcp, can be... |
| CVE-2019-10921 | 2019-05-14 | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Unencrypted storage of passwords in the project could allow an attacker with access to... |
| CVE-2019-10922 | 2019-05-14 | A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 and newer (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC... |
| CVE-2019-10924 | 2019-05-14 | A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.3). The vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user... |
| CVE-2019-6572 | 2019-05-14 | A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions <... |
| CVE-2019-6574 | 2019-05-14 | A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38,... |
| CVE-2019-6576 | 2019-05-14 | A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions <... |
| CVE-2019-6577 | 2019-05-14 | A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions <... |
| CVE-2019-6578 | 2019-05-14 | A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28), SINAMICS PERFECT HARMONY GH180 with NXG II... |
| CVE-2019-11204 | 2019-05-14 | TIBCO Spotfire Statistics Services Exposes Sensitive Files |
| CVE-2019-11205 | 2019-05-14 | TIBCO Spotfire Server Exposes Multiple Reflected Cross-Site Scripting Vulnerabilities |
| CVE-2019-11206 | 2019-05-14 | TIBCO Spotfire Server Vulnerabilities With Integrity of Comments and Bookmarks |
| CVE-2018-16656 | 2019-05-14 | DoBox_CstmBox_Info.model.htm on Kyocera TASKalfa 4002i and 6002i devices allows remote attackers to read the documents of arbitrary users via a modified HTTP request. |
| CVE-2018-14839 | 2019-05-14 | LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters. |
| CVE-2019-11397 | 2019-05-14 | GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 (when used with .NET Framework 4.5) allows Local File Inclusion via the FileDesc parameter. |
| CVE-2019-0280 | 2019-05-14 | SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18 and 8.0; S4CORE 1.01, 1.02 and 1.03), does not perform necessary authorization checks for authorization objects... |
| CVE-2019-0287 | 2019-05-14 | Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. |
| CVE-2019-0289 | 2019-05-14 | Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. |
| CVE-2019-0291 | 2019-05-14 | Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted. |
| CVE-2019-0293 | 2019-05-14 | Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system... |
| CVE-2019-0298 | 2019-05-14 | SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31,... |
| CVE-2019-0301 | 2019-05-14 | Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for... |
| CVE-2019-11328 | 2019-05-14 | An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing... |
| CVE-2019-12099 | 2019-05-14 | In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload. |
| CVE-2019-12101 | 2019-05-15 | coap_decode_option in coap.c in LibNyoci 0.07.00rc1 mishandles certain packets with "Uri-Path: (null)" and consequently allows remote attackers to cause a denial of service (segmentation fault). |
| CVE-2019-11833 | 2019-05-15 | fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by... |
| CVE-2016-7151 | 2019-05-15 | Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused by a read memory access) in X86_insn_reg_intel in arch/X86/X86Mapping.c. |
| CVE-2016-10719 | 2019-05-15 | TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can be introduced into the admin account through a DHCP request, allowing the attacker to steal the cookie information, which... |
| CVE-2014-9919 | 2019-05-15 | An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the fullname parameter to signup.php. |
| CVE-2014-9918 | 2019-05-15 | An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the user_id parameter to signup.php. |
| CVE-2014-9917 | 2019-05-15 | An issue was discovered in Bilboplanet 2.0. There is a stored XSS vulnerability when adding a tag via the user/?page=tribes tags parameter. |
| CVE-2019-5526 | 2019-05-15 | VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal... |
| CVE-2019-5597 | 2019-05-15 | In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset... |
| CVE-2019-5598 | 2019-05-15 | In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has... |
| CVE-2019-8936 | 2019-05-15 | NTP through 4.2.8p12 has a NULL Pointer Dereference. |
| CVE-2019-3724 | 2019-05-15 | Authorization Bypass VulnerabilityRSA Netwitness Platform |
| CVE-2019-3725 | 2019-05-15 | Command Injection vulnerability |
| CVE-2019-3727 | 2019-05-15 | OS command injection vulnerability |
| CVE-2016-7043 | 2019-05-15 | It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have... |
| CVE-2019-3602 | 2019-05-15 | Cross site scripting vulnerability in McAfee NSM impacting authenticated users |
| CVE-2019-3586 | 2019-05-15 | McAfee Endpoint Security firewall not always acting on GTI lookup results |
| CVE-2019-1717 | 2019-05-15 | Cisco Video Surveillance Manager Web-Based Management Interface Information Disclosure Vulnerability |
| CVE-2019-1726 | 2019-05-15 | Cisco NX-OS Software CLI Bypass to Internal Service Vulnerability |
| CVE-2019-1729 | 2019-05-15 | Cisco NX-OS Software Arbitrary File Overwrite Vulnerability |
| CVE-2019-1728 | 2019-05-15 | Cisco FXOS and NX-OS Software Secure Configuration Bypass Vulnerability |
| CVE-2019-1727 | 2019-05-15 | Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability |
| CVE-2019-1733 | 2019-05-15 | Cisco NX-OS Software NX-API Sandbox Cross-Site Scripting Vulnerability |
| CVE-2019-1732 | 2019-05-15 | Cisco NX-OS Software Remote Package Manager Command Injection Vulnerability |
| CVE-2019-1731 | 2019-05-15 | Cisco NX-OS Software SSH Key Information Disclosure Vulnerability |
| CVE-2019-1730 | 2019-05-15 | Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability |
| CVE-2013-7285 | 2019-05-15 | Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the... |
| CVE-2019-11224 | 2019-05-15 | HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command Injection. |
| CVE-2019-1010258 | 2019-05-15 | nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component... |
| CVE-2019-1767 | 2019-05-15 | Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerability |
| CVE-2019-1735 | 2019-05-15 | Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1735) |
| CVE-2019-10640 | 2019-05-15 | An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows... |
| CVE-2019-10108 | 2019-05-15 | An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allowed non-members of a... |
| CVE-2019-10109 | 2019-05-15 | An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. EXIF geolocation data were not... |
| CVE-2019-1771 | 2019-05-15 | Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerability |
| CVE-2019-1769 | 2019-05-15 | Cisco NX-OS Software Line Card Command Injection Vulnerability |
| CVE-2019-1770 | 2019-05-15 | Cisco NX-OS Software Command Injection Vulnerability |
| CVE-2019-10110 | 2019-05-15 | An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The "move issue" feature may... |
| CVE-2019-1773 | 2019-05-15 | Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities |
| CVE-2019-1772 | 2019-05-15 | Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerability |
| CVE-2019-10111 | 2019-05-15 | An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page. |
| CVE-2019-1776 | 2019-05-15 | Cisco NX-OS Software Command Injection Vulnerability |
| CVE-2019-1775 | 2019-05-15 | Cisco NX-OS Software Command Injection Vulnerability |
| CVE-2019-1774 | 2019-05-15 | Cisco NX-OS Software Command Injection Vulnerability |
| CVE-2019-1778 | 2019-05-15 | Cisco NX-OS Software Command Injection Vulnerability |
| CVE-2019-1779 | 2019-05-15 | Cisco FXOS and NX-OS Software Command Injection Vulnerability |
| CVE-2019-1782 | 2019-05-15 | Cisco FXOS and NX-OS Software Command Injection Vulnerability |
| CVE-2019-1781 | 2019-05-15 | Cisco FXOS and NX-OS Software Command Injection Vulnerability |
| CVE-2019-9196 | 2019-05-15 | The Face authentication component in Aware mobile liveness 2.2.1 sdk 2.2.0 for Knomi allows a Biometrical Liveness authentication bypass via parameter tampering of the /knomi/analyze security_level field. |
| CVE-2019-1790 | 2019-05-15 | Cisco NX-OS Software Command Injection Vulnerability |
| CVE-2019-1784 | 2019-05-15 | Cisco NX-OS Software Command Injection Vulnerability |
| CVE-2019-1783 | 2019-05-15 | Cisco NX-OS Software Command Injection Vulnerability |
| CVE-2019-1795 | 2019-05-15 | Cisco FXOS and NX-OS Software Command Injection Vulnerability |
| CVE-2019-1791 | 2019-05-15 | Cisco NX-OS Software Command Injection Vulnerability |
| CVE-2019-1806 | 2019-05-15 | Cisco Small Business Series Switches Simple Network Management Protocol Denial of Service Vulnerability |
| CVE-2019-1810 | 2019-05-15 | Cisco Nexus 3000 Series and 9000 Series Switches in NX-OS Mode CLI Command Software Image Signature Verification Vulnerability |
| CVE-2019-1809 | 2019-05-15 | Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability |
| CVE-2019-1808 | 2019-05-15 | Cisco MDS 9700 Series Multilayer Directors and Nexus 7000/7700 Series Switches Software Patch Signature Verification Vulnerability |
| CVE-2019-1813 | 2019-05-15 | Cisco NX-OS CLI Command Software Image Signature Verification Vulnerability |
| CVE-2019-1812 | 2019-05-15 | Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities |
| CVE-2019-1811 | 2019-05-15 | Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities |
| CVE-2019-12106 | 2019-05-15 | The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability. |
| CVE-2019-12107 | 2019-05-15 | The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value. |
| CVE-2019-12108 | 2019-05-15 | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port. |
| CVE-2019-12109 | 2019-05-15 | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port. |
| CVE-2019-12110 | 2019-05-15 | An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in upnpredirect.c. |
| CVE-2019-12111 | 2019-05-15 | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c. |
| CVE-2019-12098 | 2019-05-15 | In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. |
| CVE-2019-1814 | 2019-05-15 | Cisco Small Business 300 Series Managed Switches DHCP Denial of Service Vulnerability |
| CVE-2019-1825 | 2019-05-16 | Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities |
| CVE-2019-1824 | 2019-05-16 | Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities |
| CVE-2019-1823 | 2019-05-16 | Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities |