Lista CVE - 2019 / Agosto
Visualizzazione 1001 - 1100 di 2001 CVE per Agosto 2019 (Pagina 11 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-12791 | 2019-08-15 | A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form. |
| CVE-2019-12792 | 2019-08-15 | A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root. |
| CVE-2018-14062 | 2019-08-15 | The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages (unrelated to distress alerts) via a crafted 406 MHz... |
| CVE-2019-10081 | 2019-08-15 | HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied... |
| CVE-2019-9850 | 2019-08-15 | Insufficient url validation allowing LibreLogo script execution |
| CVE-2019-9851 | 2019-08-15 | LibreLogo global-event script execution |
| CVE-2019-9852 | 2019-08-15 | Insufficient URL encoding flaw in allowed script location check |
| CVE-2019-15084 | 2019-08-15 | Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, installs with incorrect file permissions. As a result, a local attacker can escalate to SYSTEM. |
| CVE-2019-15090 | 2019-08-15 | An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read. |
| CVE-2019-5477 | 2019-08-16 | A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file`... |
| CVE-2019-15095 | 2019-08-16 | DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter. |
| CVE-2019-15099 | 2019-08-16 | drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. |
| CVE-2019-15098 | 2019-08-16 | drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. |
| CVE-2019-15107 | 2019-08-16 | An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability. |
| CVE-2019-15106 | 2019-08-16 | An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used... |
| CVE-2019-15105 | 2019-08-16 | An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the... |
| CVE-2019-15104 | 2019-08-16 | An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority... |
| CVE-2016-10894 | 2019-08-16 | xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such... |
| CVE-2019-15108 | 2019-08-16 | An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component. |
| CVE-2018-20969 | 2019-08-16 | do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax... |
| CVE-2019-15091 | 2019-08-16 | filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload. |
| CVE-2019-14923 | 2019-08-16 | EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field. |
| CVE-2015-9326 | 2019-08-16 | The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection. |
| CVE-2015-9325 | 2019-08-16 | The visitors-online plugin before 0.4 for WordPress has SQL injection. |
| CVE-2016-10904 | 2019-08-16 | The olimometer plugin before 2.57 for WordPress has SQL injection. |
| CVE-2017-18548 | 2019-08-16 | The note-press plugin before 0.1.2 for WordPress has SQL injection. |
| CVE-2019-15118 | 2019-08-16 | check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. |
| CVE-2019-15117 | 2019-08-16 | parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access. |
| CVE-2019-15119 | 2019-08-16 | lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user. |
| CVE-2019-15120 | 2019-08-16 | The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode. |
| CVE-2019-7964 | 2019-08-16 | Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Successful exploitation could lead to remote code execution. |
| CVE-2019-8063 | 2019-08-16 | Creative Cloud Desktop Application 4.6.1 and earlier versions have an insecure transmission of sensitive data vulnerability. Successful exploitation could lead to information leakage. |
| CVE-2019-7957 | 2019-08-16 | Creative Cloud Desktop Application versions 4.6.1 and earlier have a security bypass vulnerability. Successful exploitation could lead to denial of service. |
| CVE-2019-7958 | 2019-08-16 | Creative Cloud Desktop Application versions 4.6.1 and earlier have an insecure inherited permissions vulnerability. Successful exploitation could lead to privilege escalation. |
| CVE-2019-7959 | 2019-08-16 | Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2014-10376 | 2019-08-16 | The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection. |
| CVE-2015-9324 | 2019-08-16 | The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection. |
| CVE-2019-15116 | 2019-08-16 | The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging. |
| CVE-2015-9323 | 2019-08-16 | The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection. |
| CVE-2019-15115 | 2019-08-16 | The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF. |
| CVE-2017-18547 | 2019-08-16 | The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms. |
| CVE-2018-20974 | 2019-08-16 | The js-jobs plugin before 1.0.7 for WordPress has CSRF. |
| CVE-2017-18546 | 2019-08-16 | The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF. |
| CVE-2017-18545 | 2019-08-16 | The invite-anyone plugin before 1.3.16 for WordPress has incorrect escaping of untrusted Dashboard and front-end input. |
| CVE-2017-18544 | 2019-08-16 | The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF. |
| CVE-2017-18543 | 2019-08-16 | The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations. |
| CVE-2019-15114 | 2019-08-16 | The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF. |
| CVE-2015-9322 | 2019-08-16 | The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF. |
| CVE-2019-15113 | 2019-08-16 | The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF. |
| CVE-2018-20973 | 2019-08-16 | The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion. |
| CVE-2018-20972 | 2019-08-16 | The companion-auto-update plugin before 3.2.1 for WordPress has CSRF. |
| CVE-2018-20971 | 2019-08-16 | The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan. |
| CVE-2017-18542 | 2019-08-16 | The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues. |
| CVE-2017-18541 | 2019-08-16 | The xo-security plugin before 1.5.3 for WordPress has XSS. |
| CVE-2019-15132 | 2019-08-17 | Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is... |
| CVE-2019-15133 | 2019-08-17 | In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal... |
| CVE-2019-14937 | 2019-08-17 | REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login... |
| CVE-2019-13069 | 2019-08-17 | extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account,... |
| CVE-2019-15134 | 2019-08-17 | RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads... |
| CVE-2019-15135 | 2019-08-18 | The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext information about all of the capabilities of a participant (including capabilities inapplicable to the current session), which... |
| CVE-2019-15136 | 2019-08-18 | The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not check partition permissions from remote participant connections, which can lead to policy bypass for a secure Data Distribution... |
| CVE-2019-15137 | 2019-08-18 | The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings (instead of the permission expressions themselves), which can lead to unintended connections... |
| CVE-2019-15129 | 2019-08-18 | The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to access all candidates' files in the photo folder on the website by specifying a "user... |
| CVE-2019-15130 | 2019-08-18 | The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitment_online/personalData/act_personaltab.cfm multiple-part... |
| CVE-2019-15148 | 2019-08-18 | GoPro GPMF-parser 1.2.2 has an out-of-bounds write in OpenMP4Source in demo/GPMF_mp4reader.c. |
| CVE-2019-15147 | 2019-08-18 | GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GPMF_Next in GPMF_parser.c. |
| CVE-2019-15146 | 2019-08-18 | GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in GPMF_Next in GPMF_parser.c. |
| CVE-2019-15145 | 2019-08-18 | DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because... |
| CVE-2019-15144 | 2019-08-18 | In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled... |
| CVE-2019-15143 | 2019-08-18 | In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to... |
| CVE-2019-15142 | 2019-08-18 | In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a... |
| CVE-2019-15141 | 2019-08-18 | WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory,... |
| CVE-2019-15140 | 2019-08-18 | coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file... |
| CVE-2019-15139 | 2019-08-18 | The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage... |
| CVE-2019-15149 | 2019-08-18 | core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is... |
| CVE-2019-15151 | 2019-08-18 | AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h. |
| CVE-2017-18552 | 2019-08-19 | An issue was discovered in net/rds/af_rds.c in the Linux kernel before 4.11. There is an out of bounds write and read in the function rds_recv_track_latency. |
| CVE-2017-18551 | 2019-08-19 | An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated. |
| CVE-2016-10907 | 2019-08-19 | An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6. There is an out of bounds write in the function ad5755_parse_dt. |
| CVE-2017-18550 | 2019-08-19 | An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure. |
| CVE-2017-18549 | 2019-08-19 | An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure. |
| CVE-2016-10906 | 2019-08-19 | An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean. |
| CVE-2016-10905 | 2019-08-19 | An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry. |
| CVE-2018-20976 | 2019-08-19 | An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure. |
| CVE-2019-15150 | 2019-08-19 | In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function. |
| CVE-2019-15160 | 2019-08-19 | The SweetXml (aka sweet_xml) package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service (resource consumption) via an XML entity expansion attack with an inline... |
| CVE-2019-5631 | 2019-08-19 | Rapid7 InsightAppSec Local Privilege Escalation |
| CVE-2019-11276 | 2019-08-19 | Apps Manager sends tokens to Spring apps via HTTP |
| CVE-2019-6159 | 2019-08-19 | A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an... |
| CVE-2019-6165 | 2019-08-19 | A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Lenovo has ended support for PaperDisplay Hotkey software as the Night light... |
| CVE-2019-6171 | 2019-08-19 | A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller... |
| CVE-2019-6178 | 2019-08-19 | An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled.... |
| CVE-2019-11162 | 2019-08-19 | Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of... |
| CVE-2019-11163 | 2019-08-19 | Insufficient access control in a hardware abstraction driver for Intel(R) Processor Identification Utility for Windows before version 6.1.0731 may allow an authenticated user to potentially enable escalation of privilege, denial... |
| CVE-2019-11148 | 2019-08-19 | Improper permissions in the installer for Intel(R) Remote Displays SDK before version 2.0.1 R2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2019-11145 | 2019-08-19 | Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2019-11146 | 2019-08-19 | Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2019-11143 | 2019-08-19 | Improper permissions in the software installer for Intel(R) Authenticate before 3.8 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2019-11140 | 2019-08-19 | Insufficient session validation in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. |
| CVE-2019-0173 | 2019-08-19 | Authentication bypass in the web console for Intel(R) Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disclosure of information via network access. |