Lista CVE - 2019 / Luglio
Visualizzazione 1601 - 1618 di 1618 CVE per Luglio 2019 (Pagina 17 di 17)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-12797 | 2019-07-31 | A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle. |
| CVE-2019-14456 | 2019-07-31 | Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. If a malicious user of an external system (connected to a serial... |
| CVE-2019-14459 | 2019-07-31 | nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service). |
| CVE-2019-10189 | 2019-07-31 | A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment. |
| CVE-2019-10188 | 2019-07-31 | A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz. |
| CVE-2019-10187 | 2019-07-31 | A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did... |
| CVE-2019-10186 | 2019-07-31 | A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool. |
| CVE-2019-7000 | 2019-07-31 | Avaya Aura Conferencing XSS |
| CVE-2019-10198 | 2019-07-31 | An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can... |
| CVE-2019-10185 | 2019-07-31 | It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw... |
| CVE-2019-10182 | 2019-07-31 | It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially... |
| CVE-2019-10181 | 2019-07-31 | It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could... |
| CVE-2019-14462 | 2019-07-31 | An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302. |
| CVE-2019-14463 | 2019-07-31 | An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_REGISTERS case, aka VD-1301. |
| CVE-2015-5297 | 2019-07-31 | An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to... |
| CVE-2019-14464 | 2019-07-31 | XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow. |
| CVE-2019-14465 | 2019-07-31 | fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow. |
| CVE-2015-7559 | 2019-08-01 | It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw... |
| CVE-2019-14332 | 2019-08-01 | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is use of weak ciphers for SSH such as diffie-hellman-group1-sha1. |
| CVE-2019-14333 | 2019-08-01 | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a pre-authenticated denial of service attack against the access point via a long action parameter... |
| CVE-2019-14334 | 2019-08-01 | An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command. |
| CVE-2019-14336 | 2019-08-01 | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated dump of all of the config files through a certain admin.cgi?action= insecure HTTP request. |
| CVE-2019-14337 | 2019-08-01 | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted command line interface, as demonstrated... |
| CVE-2019-14338 | 2019-08-01 | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a post-authentication admin.cgi?action= XSS vulnerability on the management interface. |
| CVE-2018-20873 | 2019-08-01 | cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409). |
| CVE-2018-20874 | 2019-08-01 | cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428). |
| CVE-2018-20875 | 2019-08-01 | cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433). |
| CVE-2018-20876 | 2019-08-01 | cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434). |
| CVE-2018-20877 | 2019-08-01 | cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437). |
| CVE-2018-20878 | 2019-08-01 | cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441). |
| CVE-2018-20879 | 2019-08-01 | cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444). |
| CVE-2018-20880 | 2019-08-01 | cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445). |
| CVE-2018-20881 | 2019-08-01 | cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446). |
| CVE-2018-20882 | 2019-08-01 | cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447). |
| CVE-2018-20883 | 2019-08-01 | cPanel before 74.0.8 allows FTP access during account suspension (SEC-449). |
| CVE-2019-14468 | 2019-08-01 | GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via crafted COBOL source code. |
| CVE-2018-20884 | 2019-08-01 | cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367). |
| CVE-2018-20885 | 2019-08-01 | cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416). |
| CVE-2018-20886 | 2019-08-01 | cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418). |
| CVE-2018-20887 | 2019-08-01 | cPanel before 74.0.0 allows SQL injection during database backups (SEC-420). |
| CVE-2018-20888 | 2019-08-01 | cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424). |
| CVE-2018-20889 | 2019-08-01 | cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425). |
| CVE-2018-20890 | 2019-08-01 | cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426). |
| CVE-2018-20891 | 2019-08-01 | cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436). |
| CVE-2018-20892 | 2019-08-01 | cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439). |
| CVE-2018-20893 | 2019-08-01 | cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442). |
| CVE-2018-20894 | 2019-08-01 | cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443). |
| CVE-2019-3884 | 2019-08-01 | A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those... |
| CVE-2019-3890 | 2019-08-01 | It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting... |
| CVE-2018-10899 | 2019-08-01 | A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking... |
| CVE-2014-8183 | 2019-08-01 | It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge... |
| CVE-2018-20895 | 2019-08-01 | In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393). |
| CVE-2019-0193 | 2019-08-01 | In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come... |
| CVE-2018-20896 | 2019-08-01 | cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394). |
| CVE-2018-20897 | 2019-08-01 | cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395). |
| CVE-2018-20898 | 2019-08-01 | cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396). |
| CVE-2018-20899 | 2019-08-01 | cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398). |
| CVE-2018-20900 | 2019-08-01 | cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399). |
| CVE-2019-14471 | 2019-08-01 | TestLink 1.9.19 has XSS via the error.php message parameter. |
| CVE-2019-14472 | 2019-08-01 | Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. |
| CVE-2013-7474 | 2019-08-01 | Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users. |
| CVE-2018-20901 | 2019-08-01 | cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400). |
| CVE-2018-20902 | 2019-08-01 | cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408). |
| CVE-2013-7473 | 2019-08-01 | Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account. |
| CVE-2018-20903 | 2019-08-01 | cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421). |
| CVE-2018-20904 | 2019-08-01 | cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427). |
| CVE-2018-20905 | 2019-08-01 | cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429). |
| CVE-2018-20906 | 2019-08-01 | cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430). |
| CVE-2018-20907 | 2019-08-01 | cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432). |
| CVE-2018-20908 | 2019-08-01 | cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435). |
| CVE-2018-20909 | 2019-08-01 | cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338). |
| CVE-2018-20910 | 2019-08-01 | cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357). |
| CVE-2015-9291 | 2019-08-01 | cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221). |
| CVE-2016-10860 | 2019-08-01 | cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66). |
| CVE-2019-13572 | 2019-08-01 | The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection. |
| CVE-2016-10859 | 2019-08-01 | cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65). |
| CVE-2016-10858 | 2019-08-01 | cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64). |
| CVE-2016-10857 | 2019-08-01 | cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60). |
| CVE-2016-10856 | 2019-08-01 | cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29). |
| CVE-2018-20911 | 2019-08-01 | cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359). |
| CVE-2016-10855 | 2019-08-01 | cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91). |
| CVE-2018-20912 | 2019-08-01 | cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362). |
| CVE-2018-20913 | 2019-08-01 | cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364). |
| CVE-2016-10854 | 2019-08-01 | cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87). |
| CVE-2019-14259 | 2019-08-01 | On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web"... |
| CVE-2018-20914 | 2019-08-01 | In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368). |
| CVE-2016-10853 | 2019-08-01 | cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86). |
| CVE-2018-20915 | 2019-08-01 | cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369). |
| CVE-2018-20916 | 2019-08-01 | cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370). |
| CVE-2018-20917 | 2019-08-01 | cPanel before 70.0.23 allows any user to disable Solr (SEC-371). |
| CVE-2016-10852 | 2019-08-01 | cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85). |
| CVE-2018-20918 | 2019-08-01 | cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372). |
| CVE-2016-10851 | 2019-08-01 | cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84). |
| CVE-2018-20919 | 2019-08-01 | cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373). |
| CVE-2018-20920 | 2019-08-01 | cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374). |
| CVE-2018-20921 | 2019-08-01 | cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375). |
| CVE-2018-20922 | 2019-08-01 | cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376). |
| CVE-2018-20923 | 2019-08-01 | cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377). |
| CVE-2016-10850 | 2019-08-01 | cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83). |
| CVE-2018-20924 | 2019-08-01 | cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378). |