Lista CVE - 2019 / Giugno
Visualizzazione 1001 - 1100 di 1244 CVE per Giugno 2019 (Pagina 11 di 13)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-12880 | 2019-06-24 | BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing * within web_accessible_resources. An attacker can take advantage of this vulnerability and cause significant harm. |
| CVE-2019-7231 | 2019-06-24 | The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An... |
| CVE-2019-12346 | 2019-06-24 | In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post. |
| CVE-2014-9699 | 2019-06-24 | The MakerBot Replicator 5G printer runs an Apache HTTP Server with directory indexing enabled. Apache logs, system logs, design files (i.e., a history of print files), and more are exposed... |
| CVE-2019-10689 | 2019-06-24 | VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the... |
| CVE-2019-12951 | 2019-06-24 | An issue was discovered in Mongoose before 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow. |
| CVE-2019-12957 | 2019-06-24 | In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered... |
| CVE-2019-12958 | 2019-06-24 | In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has... |
| CVE-2019-12949 | 2019-06-25 | In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload... |
| CVE-2019-12817 | 2019-06-25 | arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an... |
| CVE-2019-12960 | 2019-06-25 | LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d. |
| CVE-2019-12961 | 2019-06-25 | LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function. |
| CVE-2019-12962 | 2019-06-25 | LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header. |
| CVE-2019-12963 | 2019-06-25 | LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action. |
| CVE-2019-12964 | 2019-06-25 | LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject. |
| CVE-2018-1858 | 2019-06-25 | IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website... |
| CVE-2018-2011 | 2019-06-25 | IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the... |
| CVE-2018-2013 | 2019-06-25 | IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. IBM X-Force ID: 155193. |
| CVE-2019-4135 | 2019-06-25 | IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331. |
| CVE-2019-4145 | 2019-06-25 | IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force... |
| CVE-2019-4150 | 2019-06-25 | IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM)... |
| CVE-2019-4151 | 2019-06-25 | IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512. |
| CVE-2019-4152 | 2019-06-25 | IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login... |
| CVE-2019-4153 | 2019-06-25 | IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web... |
| CVE-2019-4156 | 2019-06-25 | IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572. |
| CVE-2019-4157 | 2019-06-25 | IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2019-4158 | 2019-06-25 | IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM... |
| CVE-2019-4377 | 2019-06-25 | IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803. |
| CVE-2019-4382 | 2019-06-25 | IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162. |
| CVE-2019-6328 | 2019-06-25 | HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329. |
| CVE-2019-6329 | 2019-06-25 | HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6328. |
| CVE-2019-9836 | 2019-06-25 | Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation. |
| CVE-2019-3961 | 2019-06-25 | Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via... |
| CVE-2019-12280 | 2019-06-25 | PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. |
| CVE-2019-12966 | 2019-06-26 | FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the {"a":(function(){confirm(1)})()} input. |
| CVE-2019-12968 | 2019-06-26 | A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive) distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP... |
| CVE-2019-12972 | 2019-06-26 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because... |
| CVE-2019-11272 | 2019-06-26 | PlaintextPasswordEncoder authenticates encoded passwords that are null |
| CVE-2019-6163 | 2019-06-26 | A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations. |
| CVE-2019-6166 | 2019-06-26 | A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery. |
| CVE-2019-6167 | 2019-06-26 | A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. |
| CVE-2019-6168 | 2019-06-26 | A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. |
| CVE-2019-6169 | 2019-06-26 | A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP. |
| CVE-2019-4224 | 2019-06-26 | IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete... |
| CVE-2019-4225 | 2019-06-26 | IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242. |
| CVE-2019-4234 | 2019-06-26 | IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the... |
| CVE-2019-4235 | 2019-06-26 | IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID:... |
| CVE-2019-4241 | 2019-06-26 | IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467. |
| CVE-2019-3569 | 2019-06-26 | HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in... |
| CVE-2019-11583 | 2019-06-26 | The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic... |
| CVE-2019-10164 | 2019-06-26 | PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own... |
| CVE-2018-20845 | 2019-06-26 | Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). |
| CVE-2018-20846 | 2019-06-26 | Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). |
| CVE-2018-20847 | 2019-06-26 | An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. |
| CVE-2019-12973 | 2019-06-26 | In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.... |
| CVE-2019-12974 | 2019-06-26 | A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a... |
| CVE-2019-12975 | 2019-06-26 | ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c. |
| CVE-2019-12976 | 2019-06-26 | ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. |
| CVE-2019-12977 | 2019-06-26 | ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the WriteJP2Image function in coders/jp2.c. |
| CVE-2019-12978 | 2019-06-26 | ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c. |
| CVE-2019-12979 | 2019-06-26 | ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c. |
| CVE-2019-12980 | 2019-06-26 | In Ming (aka libming) 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the SWFInput_readSBits function in blocks/input.c. Remote attackers could leverage this vulnerability to cause... |
| CVE-2019-12981 | 2019-06-26 | Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c. |
| CVE-2019-12982 | 2019-06-26 | Ming (aka libming) 0.4.8 has a heap buffer overflow and underflow in the decompileCAST function in util/decompile.c in libutil.a. Remote attackers could leverage this vulnerability to cause a denial of... |
| CVE-2019-12984 | 2019-06-26 | A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes,... |
| CVE-2019-10133 | 2019-06-26 | A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs. |
| CVE-2019-10134 | 2019-06-26 | A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of users' private file uploads via email were not correctly checked, so their quota allowance... |
| CVE-2019-10154 | 2019-06-26 | A flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversations. |
| CVE-2019-9039 | 2019-06-26 | In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary... |
| CVE-2019-1619 | 2019-06-27 | Cisco Data Center Network Manager Authentication Bypass Vulnerability |
| CVE-2019-1622 | 2019-06-27 | Cisco Data Center Network Manager Information Disclosure Vulnerability |
| CVE-2019-1621 | 2019-06-27 | Cisco Data Center Network Manager Arbitrary File Download Vulnerability |
| CVE-2019-1620 | 2019-06-27 | Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability |
| CVE-2019-12887 | 2019-06-27 | KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2). |
| CVE-2018-1734 | 2019-06-27 | IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 discloses sensitive information in error messages that may be used by a malicious user to orchestrate further attacks. IBM X-Force ID: 147838. |
| CVE-2018-1758 | 2019-06-27 | IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2018-1760 | 2019-06-27 | IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2018-1826 | 2019-06-27 | IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2018-1827 | 2019-06-27 | IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2018-1828 | 2019-06-27 | IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2018-1892 | 2019-06-27 | IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2018-1893 | 2019-06-27 | IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2019-4083 | 2019-06-27 | IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... |
| CVE-2019-4084 | 2019-06-27 | IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further... |
| CVE-2019-4249 | 2019-06-27 | IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2019-4250 | 2019-06-27 | IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... |
| CVE-2019-4252 | 2019-06-27 | IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot"... |
| CVE-2019-12583 | 2019-06-27 | Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator.... |
| CVE-2019-12581 | 2019-06-27 | A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via... |
| CVE-2019-7228 | 2019-06-27 | The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x... |
| CVE-2019-7227 | 2019-06-27 | In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download... |
| CVE-2019-7226 | 2019-06-27 | The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in... |
| CVE-2017-5028 | 2019-06-27 | Insufficient data validation in V8 in Google Chrome prior to 56.0.2924.76 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2018-16064 | 2019-06-27 | Insufficient data validation in Extensions API in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a... |
| CVE-2018-16069 | 2019-06-27 | Unintended floating-point error accumulation in SwiftShader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2018-16070 | 2019-06-27 | Integer overflows in Skia in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2018-16073 | 2019-06-27 | Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page. |
| CVE-2018-16074 | 2019-06-27 | Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page. |
| CVE-2018-16075 | 2019-06-27 | Insufficient file type enforcement in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain local file data via a crafted HTML page. |
| CVE-2018-16077 | 2019-06-27 | Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass content security policy via a crafted HTML page. |