Lista CVE - 2019 / Agosto
Visualizzazione 1901 - 2000 di 2001 CVE per Agosto 2019 (Pagina 20 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-15775 | 2019-08-29 | The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. |
| CVE-2019-15774 | 2019-08-29 | The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. |
| CVE-2019-15776 | 2019-08-29 | The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file. |
| CVE-2019-15777 | 2019-08-29 | The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS. |
| CVE-2019-15780 | 2019-08-29 | The formidable plugin before 4.02.01 for WordPress has unsafe deserialization. |
| CVE-2019-14943 | 2019-08-29 | An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials. |
| CVE-2019-15788 | 2019-08-29 | Clara Genomics Analysis before 0.2.0 has an integer overflow for cudapoa memory management in allocate_block.cpp. |
| CVE-2019-15784 | 2019-08-29 | Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array overflow if there are many SRT connections. |
| CVE-2019-15781 | 2019-08-29 | The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF. |
| CVE-2019-15779 | 2019-08-29 | The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete. |
| CVE-2019-15778 | 2019-08-29 | The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS. |
| CVE-2019-15771 | 2019-08-29 | The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. |
| CVE-2019-15786 | 2019-08-29 | ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large rxpacket. |
| CVE-2019-15785 | 2019-08-29 | FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c. |
| CVE-2019-15745 | 2019-08-29 | The Eques elf smart plug and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication... |
| CVE-2019-11500 | 2019-08-29 | In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to... |
| CVE-2019-3394 | 2019-08-29 | There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this... |
| CVE-2019-11476 | 2019-08-29 | Integer overflow in whoopsie results in out-of-bounds heap write |
| CVE-2019-7307 | 2019-08-29 | Apport contains a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml |
| CVE-2019-4132 | 2019-08-29 | IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message. IBM X-Force ID: 158274. |
| CVE-2019-4133 | 2019-08-29 | IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. IBM X-Force ID: 158278. |
| CVE-2019-4536 | 2019-08-29 | IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated... |
| CVE-2019-15502 | 2019-08-29 | The TeamSpeak client before 3.3.2 allows remote servers to trigger a crash via the 0xe2 0x81 0xa8 0xe2 0x81 0xa7 byte sequence, aka Unicode characters U+2068 (FIRST STRONG ISOLATE) and... |
| CVE-2019-15717 | 2019-08-29 | Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP. |
| CVE-2019-15806 | 2019-08-29 | CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basic_sett.html. Any user... |
| CVE-2019-15805 | 2019-08-29 | CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user... |
| CVE-2019-14437 | 2019-08-29 | The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted... |
| CVE-2019-15807 | 2019-08-29 | In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. |
| CVE-2019-14438 | 2019-08-29 | A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file. |
| CVE-2019-14498 | 2019-08-29 | A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. |
| CVE-2019-14535 | 2019-08-29 | A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file. |
| CVE-2019-14978 | 2019-08-29 | /payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lower than the intended... |
| CVE-2019-14979 | 2019-08-29 | cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower... |
| CVE-2019-13608 | 2019-08-29 | Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks. |
| CVE-2019-14534 | 2019-08-29 | In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. |
| CVE-2019-14533 | 2019-08-29 | The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. |
| CVE-2019-14776 | 2019-08-29 | A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. |
| CVE-2019-14778 | 2019-08-29 | The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. |
| CVE-2019-14777 | 2019-08-29 | The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. |
| CVE-2019-14970 | 2019-08-29 | A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file. |
| CVE-2019-15811 | 2019-08-29 | In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS. |
| CVE-2019-11396 | 2019-08-29 | An issue was discovered in Avira Free Security Suite 10. The permissive access rights on the SoftwareUpdater folder (files / folders and configuration) are incompatible with the privileged file manipulation... |
| CVE-2019-11363 | 2019-08-29 | A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter. |
| CVE-2019-11364 | 2019-08-29 | An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNAS_share parameter. |
| CVE-2019-8461 | 2019-08-29 | Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An... |
| CVE-2019-6113 | 2019-08-29 | Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. (dot dot) and %2f to the default URI. |
| CVE-2018-15512 | 2019-08-29 | Cross-site scripting (XSS) vulnerability in the 'Authorisation Service' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. |
| CVE-2018-15513 | 2019-08-29 | Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role. |
| CVE-2018-15510 | 2019-08-29 | Cross-site scripting (XSS) vulnerability in the 'Certificate' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. |
| CVE-2018-15511 | 2019-08-29 | Cross-site scripting (XSS) vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. |
| CVE-2019-5610 | 2019-08-29 | In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a... |
| CVE-2019-5611 | 2019-08-29 | In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain... |
| CVE-2019-1967 | 2019-08-29 | Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability |
| CVE-2019-1966 | 2019-08-29 | Cisco Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability |
| CVE-2019-1977 | 2019-08-29 | Cisco Nexus 9000 Series Fabric Switches ACI Mode Border Leaf Endpoint Learning Vulnerability |
| CVE-2019-1969 | 2019-08-29 | Cisco NX-OS Software SNMP Access Control List Configuration Name Bypass Vulnerability |
| CVE-2019-1968 | 2019-08-29 | Cisco NX-OS Software NX-API Denial of Service Vulnerability |
| CVE-2019-5608 | 2019-08-29 | In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query... |
| CVE-2019-5609 | 2019-08-29 | In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the... |
| CVE-2018-18370 | 2019-08-29 | The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS)... |
| CVE-2018-18371 | 2019-08-29 | The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in... |
| CVE-2019-11658 | 2019-08-29 | Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a... |
| CVE-2019-12754 | 2019-08-29 | Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers... |
| CVE-2019-5612 | 2019-08-29 | In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not... |
| CVE-2019-12753 | 2019-08-29 | An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud... |
| CVE-2019-9697 | 2019-08-29 | An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and... |
| CVE-2019-13526 | 2019-08-29 | Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code. |
| CVE-2015-9380 | 2019-08-30 | The photo-gallery plugin before 1.2.42 for WordPress has CSRF. |
| CVE-2019-15816 | 2019-08-30 | The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. |
| CVE-2019-15817 | 2019-08-30 | The easy-property-listings plugin before 3.4 for WordPress has XSS. |
| CVE-2019-15818 | 2019-08-30 | The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist. |
| CVE-2019-15819 | 2019-08-30 | The nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for nd_rst_import_settings_php_function authentication. |
| CVE-2019-15820 | 2019-08-30 | The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication. |
| CVE-2019-15821 | 2019-08-30 | The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data. |
| CVE-2019-15822 | 2019-08-30 | The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal. |
| CVE-2019-15823 | 2019-08-30 | The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass. |
| CVE-2019-15824 | 2019-08-30 | The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass. |
| CVE-2019-15825 | 2019-08-30 | The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass. |
| CVE-2019-15826 | 2019-08-30 | The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field. |
| CVE-2019-15827 | 2019-08-30 | The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. |
| CVE-2019-15828 | 2019-08-30 | The one-click-ssl plugin before 1.4.7 for WordPress has CSRF. |
| CVE-2019-15829 | 2019-08-30 | The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS. |
| CVE-2019-15830 | 2019-08-30 | The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. |
| CVE-2019-15831 | 2019-08-30 | The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page. |
| CVE-2019-15832 | 2019-08-30 | The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF. |
| CVE-2019-15833 | 2019-08-30 | The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS. |
| CVE-2019-15026 | 2019-08-30 | memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. |
| CVE-2019-2390 | 2019-08-30 | Code execution on Windows via OpenSSL engine injection |
| CVE-2019-2389 | 2019-08-30 | Process termination via PID file manipulation |
| CVE-2019-15834 | 2019-08-30 | The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF. |
| CVE-2019-15835 | 2019-08-30 | The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF. |
| CVE-2019-15836 | 2019-08-30 | The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS. |
| CVE-2019-15837 | 2019-08-30 | The webp-express plugin before 0.14.8 for WordPress has stored XSS. |
| CVE-2019-15838 | 2019-08-30 | The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789. |
| CVE-2019-15839 | 2019-08-30 | The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion. |
| CVE-2019-15840 | 2019-08-30 | The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF. |
| CVE-2019-15841 | 2019-08-30 | The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. |
| CVE-2019-15842 | 2019-08-30 | The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS. |
| CVE-2019-12810 | 2019-08-30 | A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in... |
| CVE-2019-15630 | 2019-08-30 | Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before... |