Lista CVE - 2019 / Agosto
Visualizzazione 601 - 700 di 2001 CVE per Agosto 2019 (Pagina 7 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2018-20955 | 2019-08-08 | Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. NOTE: all affected customers were migrated by 2020-08-31. |
| CVE-2018-20954 | 2019-08-08 | The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys. |
| CVE-2016-10862 | 2019-08-08 | Neet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be changed via the configuration page. |
| CVE-2019-14783 | 2019-08-08 | On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. The Samsung ID is SVE-2019-14764. |
| CVE-2019-14792 | 2019-08-09 | The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter. |
| CVE-2019-14793 | 2019-08-09 | The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter. |
| CVE-2019-14234 | 2019-08-09 | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField,... |
| CVE-2019-14799 | 2019-08-09 | The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS. |
| CVE-2019-14787 | 2019-08-09 | The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter. |
| CVE-2019-14312 | 2019-08-09 | Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server... |
| CVE-2016-10865 | 2019-08-09 | The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS. |
| CVE-2019-14785 | 2019-08-09 | The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter. |
| CVE-2019-14801 | 2019-08-09 | The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection. |
| CVE-2019-14798 | 2019-08-09 | The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter. |
| CVE-2019-14797 | 2019-08-09 | The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS. |
| CVE-2019-14796 | 2019-08-09 | The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter. |
| CVE-2019-14791 | 2019-08-09 | The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. |
| CVE-2019-14794 | 2019-08-09 | The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders. |
| CVE-2019-14804 | 2019-08-09 | studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing. |
| CVE-2019-14805 | 2019-08-09 | studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets during set editing. |
| CVE-2019-14806 | 2019-08-09 | Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. |
| CVE-2018-20858 | 2019-08-09 | Recommender before 2018-07-18 allows XSS. |
| CVE-2019-12805 | 2019-08-09 | NC Launcher 2 Arbitrary Command Injection Vulnerability |
| CVE-2017-18486 | 2019-08-09 | Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a... |
| CVE-2019-5395 | 2019-08-09 | A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. |
| CVE-2019-5396 | 2019-08-09 | A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. |
| CVE-2019-5397 | 2019-08-09 | A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. |
| CVE-2019-5398 | 2019-08-09 | A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. |
| CVE-2019-5399 | 2019-08-09 | A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. |
| CVE-2019-5400 | 2019-08-09 | A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. |
| CVE-2019-5402 | 2019-08-09 | A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. |
| CVE-2019-5403 | 2019-08-09 | A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. |
| CVE-2019-5404 | 2019-08-09 | A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. |
| CVE-2019-5405 | 2019-08-09 | A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. |
| CVE-2019-5406 | 2019-08-09 | A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. |
| CVE-2019-5407 | 2019-08-09 | A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. |
| CVE-2019-5408 | 2019-08-09 | Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due... |
| CVE-2019-12257 | 2019-08-09 | Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc. |
| CVE-2019-12256 | 2019-08-09 | Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options. |
| CVE-2019-5498 | 2019-08-09 | OnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user. |
| CVE-2019-12259 | 2019-08-09 | Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in... |
| CVE-2019-12263 | 2019-08-09 | Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due... |
| CVE-2019-12265 | 2019-08-09 | Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3... |
| CVE-2019-14433 | 2019-08-09 | An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due... |
| CVE-2019-11776 | 2019-08-09 | In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context. |
| CVE-2019-3742 | 2019-08-09 | Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing... |
| CVE-2019-3744 | 2019-08-09 | Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package... |
| CVE-2019-12255 | 2019-08-09 | Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an... |
| CVE-2019-11274 | 2019-08-09 | UAA SCIM Filter XSS |
| CVE-2019-11041 | 2019-08-09 | heap-buffer-overflow on exif_scan_thumbnail in EXIF extension |
| CVE-2019-11042 | 2019-08-09 | heap-buffer-overflow on exif_process_user_comment in EXIF extension |
| CVE-2019-11581 | 2019-08-09 | There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems... |
| CVE-2018-20827 | 2019-08-09 | The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter. |
| CVE-2018-20826 | 2019-08-09 | The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check. |
| CVE-2019-12258 | 2019-08-09 | Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options. |
| CVE-2019-12260 | 2019-08-09 | Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused... |
| CVE-2019-12261 | 2019-08-09 | Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state... |
| CVE-2019-14807 | 2019-08-09 | In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php. |
| CVE-2019-14354 | 2019-08-10 | On Ledger Nano S and Nano X devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number... |
| CVE-2019-14355 | 2019-08-10 | On ShapeShift KeepKey devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing... |
| CVE-2019-14357 | 2019-08-10 | On Mooltipass Mini devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing... |
| CVE-2019-14924 | 2019-08-10 | An issue was discovered in GCDWebServer before 3.5.3. The method moveItem in the GCDWebUploader class checks the FileExtension of newAbsolutePath but not oldAbsolutePath. By leveraging this vulnerability, an adversary can... |
| CVE-2019-14933 | 2019-08-11 | Bagisto 0.1.5 allows CSRF under /admin URIs. |
| CVE-2019-14934 | 2019-08-11 | An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write. |
| CVE-2019-14935 | 2019-08-11 | 3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp... |
| CVE-2019-14939 | 2019-08-12 | An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default. |
| CVE-2019-14940 | 2019-08-12 | In Storage Performance Development Kit (SPDK) before 19.07, a user of a vhost can cause a crash if the target is sent invalid input. |
| CVE-2019-14932 | 2019-08-12 | The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates' information on the website via a modified selApp variable to personalData/resumeDetail.cfm. This includes... |
| CVE-2015-9306 | 2019-08-12 | The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS. |
| CVE-2016-10879 | 2019-08-12 | The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS. |
| CVE-2017-18508 | 2019-08-12 | The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS. |
| CVE-2019-14950 | 2019-08-12 | The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page. |
| CVE-2015-9305 | 2019-08-12 | The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS related to the add_query_arg() and remove_query_arg() functions. |
| CVE-2016-10878 | 2019-08-12 | The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS. |
| CVE-2016-10877 | 2019-08-12 | The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues. |
| CVE-2016-10876 | 2019-08-12 | The wp-database-backup plugin before 4.3.1 for WordPress has CSRF. |
| CVE-2016-10875 | 2019-08-12 | The wp-database-backup plugin before 4.3.1 for WordPress has XSS. |
| CVE-2016-10874 | 2019-08-12 | The wp-database-backup plugin before 4.3.3 for WordPress has CSRF. |
| CVE-2016-10873 | 2019-08-12 | The wp-database-backup plugin before 4.3.3 for WordPress has XSS. |
| CVE-2019-14949 | 2019-08-12 | The wp-database-backup plugin before 5.1.2 for WordPress has XSS. |
| CVE-2019-14948 | 2019-08-12 | The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure. |
| CVE-2017-18506 | 2019-08-12 | The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens. |
| CVE-2019-14951 | 2019-08-12 | The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes... |
| CVE-2018-20966 | 2019-08-12 | The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in the Products Per Page feature. |
| CVE-2015-9304 | 2019-08-12 | The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input. |
| CVE-2016-10872 | 2019-08-12 | The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form. |
| CVE-2018-20965 | 2019-08-12 | The ultimate-member plugin before 2.0.4 for WordPress has XSS. |
| CVE-2019-14947 | 2019-08-12 | The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade. |
| CVE-2019-14946 | 2019-08-12 | The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations. |
| CVE-2019-14945 | 2019-08-12 | The ultimate-member plugin before 2.0.54 for WordPress has XSS. |
| CVE-2017-18505 | 2019-08-12 | The twitter-plugin plugin before 2.55 for WordPress has XSS. |
| CVE-2017-18504 | 2019-08-12 | The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF. |
| CVE-2017-18503 | 2019-08-12 | The twitter-cards-meta plugin before 2.5.0 for WordPress has XSS. |
| CVE-2017-18502 | 2019-08-12 | The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues. |
| CVE-2017-18501 | 2019-08-12 | The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. |
| CVE-2017-18500 | 2019-08-12 | The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues. |
| CVE-2015-9303 | 2019-08-12 | The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS. |
| CVE-2017-18499 | 2019-08-12 | The simple-membership plugin before 3.5.7 for WordPress has XSS. |
| CVE-2019-13462 | 2019-08-12 | Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. |
| CVE-2019-12618 | 2019-08-12 | HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver. |