Lista CVE - 2019 / Luglio
Visualizzazione 1501 - 1600 di 1618 CVE per Luglio 2019 (Pagina 16 di 17)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-14411 | 2019-07-30 | cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473). |
| CVE-2019-14412 | 2019-07-30 | Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474). |
| CVE-2019-14413 | 2019-07-30 | cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476). |
| CVE-2019-14414 | 2019-07-30 | In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478). |
| CVE-2018-20863 | 2019-07-30 | cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452). |
| CVE-2018-20864 | 2019-07-30 | cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454). |
| CVE-2018-20865 | 2019-07-30 | cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459). |
| CVE-2018-20866 | 2019-07-30 | cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461). |
| CVE-2018-20868 | 2019-07-30 | cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464). |
| CVE-2018-20862 | 2019-07-30 | cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366). |
| CVE-2018-20869 | 2019-07-30 | cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465). |
| CVE-2018-20870 | 2019-07-30 | The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467). |
| CVE-2019-11202 | 2019-07-30 | An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. When Rancher starts for the first time, it creates... |
| CVE-2019-10129 | 2019-07-30 | A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the... |
| CVE-2019-10130 | 2019-07-30 | A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column... |
| CVE-2019-10138 | 2019-07-30 | A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated... |
| CVE-2018-16871 | 2019-07-30 | A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS... |
| CVE-2019-10141 | 2019-07-30 | A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using... |
| CVE-2019-10142 | 2019-07-30 | A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. A parameter passed to an ioctl was incorrectly validated and used... |
| CVE-2019-14318 | 2019-07-30 | Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of... |
| CVE-2019-1552 | 2019-07-30 | Windows builds with insecure path defaults |
| CVE-2019-14313 | 2019-07-30 | A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands... |
| CVE-2019-14242 | 2019-07-30 | An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior... |
| CVE-2018-20871 | 2019-07-30 | In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on root_squash, weak file permissions ("other" write access) occur in certain cases (GE-6890). |
| CVE-2018-20861 | 2019-07-30 | libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files. |
| CVE-2018-20860 | 2019-07-30 | libopenmpt before 0.3.13 allows a crash with malformed MED files. |
| CVE-2019-14383 | 2019-07-30 | J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. |
| CVE-2019-14382 | 2019-07-30 | DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. |
| CVE-2019-14380 | 2019-07-30 | libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files. |
| CVE-2017-18381 | 2019-07-30 | The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials. |
| CVE-2018-20859 | 2019-07-30 | edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem. |
| CVE-2019-13026 | 2019-07-30 | OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer... |
| CVE-2019-5448 | 2019-07-30 | Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network. |
| CVE-2019-5456 | 2019-07-30 | SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials... |
| CVE-2019-5458 | 2019-07-30 | Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser. |
| CVE-2019-5457 | 2019-07-30 | Cross-site scripting (XSS) vulnerability in min-http-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser. |
| CVE-2019-5459 | 2019-07-30 | An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. |
| CVE-2019-5455 | 2019-07-30 | Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process. |
| CVE-2019-5454 | 2019-07-30 | SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account. |
| CVE-2019-5453 | 2019-07-30 | Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider. |
| CVE-2019-5452 | 2019-07-30 | Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved. |
| CVE-2019-5451 | 2019-07-30 | Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time. |
| CVE-2019-5450 | 2019-07-30 | Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML. |
| CVE-2019-5449 | 2019-07-30 | A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events. |
| CVE-2019-5460 | 2019-07-30 | Double Free in VLC versions <= 3.0.6 leads to a crash. |
| CVE-2019-7614 | 2019-07-30 | A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could... |
| CVE-2019-7615 | 2019-07-30 | A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent... |
| CVE-2019-7616 | 2019-07-30 | Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the... |
| CVE-2019-10152 | 2019-07-30 | A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause... |
| CVE-2019-10153 | 2019-07-30 | A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception.... |
| CVE-2019-10156 | 2019-07-30 | A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking... |
| CVE-2019-10161 | 2019-07-30 | It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions... |
| CVE-2019-10162 | 2019-07-30 | A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a... |
| CVE-2019-10163 | 2019-07-30 | A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further... |
| CVE-2019-10165 | 2019-07-30 | OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could... |
| CVE-2019-14452 | 2019-07-31 | Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during... |
| CVE-2019-14204 | 2019-07-31 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply. |
| CVE-2019-14203 | 2019-07-31 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply. |
| CVE-2019-14202 | 2019-07-31 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply. |
| CVE-2019-14201 | 2019-07-31 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply. |
| CVE-2019-14200 | 2019-07-31 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply. |
| CVE-2019-14192 | 2019-07-31 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call. |
| CVE-2019-14194 | 2019-07-31 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case. |
| CVE-2019-14195 | 2019-07-31 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length. |
| CVE-2019-14198 | 2019-07-31 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case. |
| CVE-2019-14197 | 2019-07-31 | An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply. |
| CVE-2019-14196 | 2019-07-31 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply. |
| CVE-2019-14199 | 2019-07-31 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call. |
| CVE-2019-14193 | 2019-07-31 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length. |
| CVE-2019-10343 | 2019-07-31 | Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied. |
| CVE-2019-10344 | 2019-07-31 | Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this... |
| CVE-2019-10345 | 2019-07-31 | Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export. |
| CVE-2019-10355 | 2019-07-31 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts. |
| CVE-2019-10356 | 2019-07-31 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts. |
| CVE-2019-10357 | 2019-07-31 | A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced... |
| CVE-2019-10358 | 2019-07-31 | Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log. |
| CVE-2019-10359 | 2019-07-31 | A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options. |
| CVE-2019-10360 | 2019-07-31 | A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. |
| CVE-2019-10361 | 2019-07-31 | Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system. |
| CVE-2019-10362 | 2019-07-31 | Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration... |
| CVE-2019-10363 | 2019-07-31 | Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form. |
| CVE-2019-10364 | 2019-07-31 | Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log. |
| CVE-2019-10365 | 2019-07-31 | Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read... |
| CVE-2019-10366 | 2019-07-31 | Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission,... |
| CVE-2019-13568 | 2019-07-31 | CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image. |
| CVE-2018-16860 | 2019-07-31 | A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD... |
| CVE-2019-4163 | 2019-07-31 | IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow an authenticated user to obtain sensitive information that a privileged user should only be allowed to view. IBM X-Force ID: 158696. |
| CVE-2019-4165 | 2019-07-31 | IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow a remote attacker to cause a denial of service attack using repeated requests to the server. IBM X-Force ID: 158698. |
| CVE-2019-5020 | 2019-07-31 | An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy... |
| CVE-2019-5057 | 2019-07-31 | An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker... |
| CVE-2019-5058 | 2019-07-31 | An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An... |
| CVE-2019-5059 | 2019-07-31 | An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a... |
| CVE-2019-5060 | 2019-07-31 | An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating... |
| CVE-2007-6763 | 2019-07-31 | SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a... |
| CVE-2018-20872 | 2019-07-31 | DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649. |
| CVE-2019-3960 | 2019-07-31 | Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 allows a remote, authenticated attacker to execute arbitrary code by uploading a malicious PHP file. |
| CVE-2019-3959 | 2019-07-31 | Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. |
| CVE-2019-1901 | 2019-07-31 | Cisco Nexus 9000 Series ACI Mode Switch Software Link Layer Discovery Protocol Buffer Overflow Vulnerability |
| CVE-2019-3958 | 2019-07-31 | Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks via a crafted sales transaction. |
| CVE-2019-12750 | 2019-07-31 | Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege... |