Lista CVE - 2019 / Giugno
Visualizzazione 901 - 1000 di 1244 CVE per Giugno 2019 (Pagina 10 di 13)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-1625 | 2019-06-20 | Cisco SD-WAN Solution Privilege Escalation Vulnerability |
| CVE-2019-1624 | 2019-06-20 | Cisco SD-WAN Solution Command Injection Vulnerability |
| CVE-2019-1630 | 2019-06-20 | Cisco Integrated Management Controller Denial of Service Vulnerability |
| CVE-2019-1629 | 2019-06-20 | Cisco Integrated Management Controller Arbitrary File Write Vulnerability |
| CVE-2019-1628 | 2019-06-20 | Cisco Integrated Management Controller Denial of Service Vulnerability |
| CVE-2019-1627 | 2019-06-20 | Cisco Integrated Management Controller Information Disclosure Vulnerability |
| CVE-2019-1869 | 2019-06-20 | Cisco StarOS Denial of Service Vulnerability |
| CVE-2019-1848 | 2019-06-20 | Cisco DNA Center Authentication Bypass Vulnerability |
| CVE-2019-1843 | 2019-06-20 | Cisco RV110W, RV130W, and RV215W Routers Management Interface Denial of Service Vulnerability |
| CVE-2019-1632 | 2019-06-20 | Cisco Integrated Management Controller Cross-Site Request Forgery Vulnerability |
| CVE-2019-1631 | 2019-06-20 | Cisco Integrated Management Controller Information Disclosure Vulnerability |
| CVE-2019-1876 | 2019-06-20 | Cisco Wide Area Application Services Software HTTPS Proxy Authentication Bypass Vulnerability |
| CVE-2019-1875 | 2019-06-20 | Cisco Prime Service Catalog Cross-Site Scripting Vulnerability |
| CVE-2019-1874 | 2019-06-20 | Cisco Prime Service Catalog Cross-Site Request Forgery Vulnerability |
| CVE-2019-1898 | 2019-06-20 | Cisco RV110W, RV130W, and RV215W Routers Unauthenticated syslog File Access Vulnerability |
| CVE-2019-1897 | 2019-06-20 | Cisco RV110W, RV130W, and RV215W Routers Denial of Service Vulnerability |
| CVE-2019-1879 | 2019-06-20 | Cisco Integrated Management Controller CLI Command Injection Vulnerability |
| CVE-2019-1878 | 2019-06-20 | Cisco TelePresence Endpoint Command Shell Injection Vulnerability |
| CVE-2019-1906 | 2019-06-20 | Cisco Prime Infrastructure Virtual Domain Privilege Escalation Vulnerability |
| CVE-2019-1905 | 2019-06-20 | Cisco Email Security Appliance GZIP Content Filter Bypass Vulnerability |
| CVE-2019-1903 | 2019-06-20 | Cisco Security Manager XML Entity Expansion Vulnerability |
| CVE-2019-1899 | 2019-06-20 | Cisco RV110W, RV130W, and RV215W Routers Information Disclosure Vulnerability |
| CVE-2018-16553 | 2019-06-20 | In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remote code execution after logging in as web admin. |
| CVE-2018-16514 | 2019-06-20 | A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP... |
| CVE-2018-16251 | 2019-06-20 | A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are filtered, e.g., the /admin/user/users Nickname, email, firstname, lastname, and groupe... |
| CVE-2018-16250 | 2019-06-20 | The "utilisateur" menu in Creatiwity wityCMS 0.6.2 modifies the presence of XSS at two input points for user information, with the "first name" and "last name" parameters. |
| CVE-2019-6961 | 2019-06-20 | Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows a logged in user to control DDNS, QoS, RIP, and other privileged configurations (intended only for the network... |
| CVE-2019-6962 | 2019-06-20 | A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if... |
| CVE-2019-6963 | 2019-06-20 | A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve remote code execution by crafting a long buffer in the... |
| CVE-2019-6964 | 2019-06-20 | A heap-based buffer over-read in Service_SetParamStringValue in cosa_x_cisco_com_ddns_dml.c of the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve information disclosure and code execution by crafting an... |
| CVE-2018-16249 | 2019-06-20 | In Symphony before 3.3.0, there is XSS in the Title under Post. The ID "articleTitle" of this is stored in the "articleTitle" JSON field, and executes a payload when accessing... |
| CVE-2017-17944 | 2019-06-20 | The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation. |
| CVE-2019-12905 | 2019-06-20 | FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. This issue has been fixed in FileRun 2019.06.01. |
| CVE-2018-16248 | 2019-06-20 | b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" JSON field, which allows remote attackers to... |
| CVE-2018-16247 | 2019-06-20 | YzmCMS 5.1 has XSS via the admin/system_manage/user_config_add.html title parameter. |
| CVE-2018-16119 | 2019-06-20 | Stack-based buffer overflow in the httpd server of TP-Link WR1043nd (Firmware Version 3) allows remote attackers to execute arbitrary code via a malicious MediaServer request to /userRpm/MediaServerFoldersCfgRpm.htm. |
| CVE-2018-16118 | 2019-06-20 | A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the... |
| CVE-2018-16117 | 2019-06-20 | A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName"... |
| CVE-2018-16116 | 2019-06-20 | SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter. |
| CVE-2019-12744 | 2019-06-20 | SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940. |
| CVE-2019-12745 | 2019-06-20 | out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field. |
| CVE-2018-15892 | 2019-06-20 | FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page. |
| CVE-2018-15891 | 2019-06-20 | An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a... |
| CVE-2019-8458 | 2019-06-20 | Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with... |
| CVE-2019-8459 | 2019-06-20 | Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously... |
| CVE-2018-15890 | 2019-06-20 | An issue was discovered in EthereumJ 1.8.2. There is Unsafe Deserialization in ois.readObject in mine/Ethash.java and decoder.readObject in crypto/ECKey.java. When a node syncs and mines a new block, arbitrary OS... |
| CVE-2018-15913 | 2019-06-20 | An issue was discovered in Cloudera Manager 5.x through 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter to redirect the user to another page in Cloudera... |
| CVE-2019-12919 | 2019-06-20 | On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the local network has unauthenticated access to the internal SD card via the HTTP service on... |
| CVE-2019-12920 | 2019-06-20 | On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with... |
| CVE-2019-3735 | 2019-06-20 | Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management... |
| CVE-2019-1904 | 2019-06-21 | Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability |
| CVE-2018-15868 | 2019-06-21 | SQL injection vulnerability in ChronoScan version 1.5.4.3 and earlier allows an unauthenticated attacker to execute arbitrary SQL commands via the wcr_machineid cookie. |
| CVE-2018-15747 | 2019-06-21 | The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a "python" "files" "content" JSON file. |
| CVE-2016-7404 | 2019-06-21 | OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though... |
| CVE-2018-15737 | 2019-06-21 | An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x80002043. |
| CVE-2018-15736 | 2019-06-21 | An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000204F. |
| CVE-2018-15735 | 2019-06-21 | An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x8000206F. |
| CVE-2018-15734 | 2019-06-21 | An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x8000206B. |
| CVE-2018-15733 | 2019-06-21 | An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a NULL Pointer Dereference vulnerability due to not validating the size of the output buffer value from... |
| CVE-2018-15732 | 2019-06-21 | An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x80002063. |
| CVE-2018-15731 | 2019-06-21 | An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000205B. |
| CVE-2018-15730 | 2019-06-21 | An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x80002067. |
| CVE-2018-15729 | 2019-06-21 | An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000204B. |
| CVE-2018-15665 | 2019-06-21 | An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2.x through 1.4.0. Unauthenticated users can get a list of user accounts. |
| CVE-2019-12836 | 2019-06-21 | The Bobronix JEditor editor before 3.0.6 for Jira allows an attacker to add a URL/Link (to an existing issue) that can cause forgery of a request to an out-of-origin domain.... |
| CVE-2017-15694 | 2019-06-21 | When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious... |
| CVE-2019-10270 | 2019-06-21 | An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It is possible (due to lack of verification and correlation between the reset password key... |
| CVE-2019-12572 | 2019-06-21 | A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated... |
| CVE-2019-11011 | 2019-06-21 | Akamai CloudTest before 58.30 allows remote code execution. |
| CVE-2019-10072 | 2019-06-21 | The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not... |
| CVE-2019-10719 | 2019-06-21 | BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix... |
| CVE-2019-10720 | 2019-06-21 | BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714. |
| CVE-2019-11392 | 2019-06-21 | BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd. |
| CVE-2019-10718 | 2019-06-21 | BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs. |
| CVE-2019-10028 | 2019-06-21 | Denial of Service (DOS) in Dial Reference Source Code Used before June 18th, 2019. |
| CVE-2019-12935 | 2019-06-23 | Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI. |
| CVE-2019-12936 | 2019-06-23 | BlueStacks App Player 2, 3, and 4 before 4.90 allows DNS Rebinding for attacks on exposed IPC functions. |
| CVE-2019-12937 | 2019-06-23 | apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow allowing local privilege escalation to the root user via the DISPLAY environment variable. |
| CVE-2019-12928 | 2019-06-24 | The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information... |
| CVE-2019-12929 | 2019-06-24 | The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by... |
| CVE-2019-12938 | 2019-06-24 | The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read... |
| CVE-2019-12871 | 2019-06-24 | An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead... |
| CVE-2019-12939 | 2019-06-24 | LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter. |
| CVE-2019-12940 | 2019-06-24 | LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer value of the depth parameter. |
| CVE-2019-12870 | 2019-06-24 | An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead... |
| CVE-2019-12869 | 2019-06-24 | An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead... |
| CVE-2019-11647 | 2019-06-24 | A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack. |
| CVE-2019-12384 | 2019-06-24 | FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content,... |
| CVE-2019-11648 | 2019-06-24 | An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive information. |
| CVE-2019-12323 | 2019-06-24 | The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS. |
| CVE-2019-12292 | 2019-06-24 | Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control. |
| CVE-2018-20843 | 2019-06-24 | In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and... |
| CVE-2019-7232 | 2019-06-24 | The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and... |
| CVE-2019-7230 | 2019-06-24 | The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log... |
| CVE-2019-7229 | 2019-06-24 | The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via... |
| CVE-2019-9085 | 2019-06-24 | Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-creation outage) via the n_file parameter to visualizza_contratto.php with invalid arguments (any non-numeric value), as demonstrated by... |
| CVE-2019-9958 | 2019-06-24 | CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page... |
| CVE-2019-10271 | 2019-06-24 | An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture... |
| CVE-2019-9957 | 2019-06-24 | Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is... |
| CVE-2017-17945 | 2019-06-24 | The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation. |