Lista CVE - 2019 / Agosto
Visualizzazione 201 - 300 di 2001 CVE per Agosto 2019 (Pagina 3 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2017-18411 | 2019-08-02 | The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285). |
| CVE-2017-18412 | 2019-08-02 | cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296). |
| CVE-2019-10176 | 2019-08-02 | A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a... |
| CVE-2017-18413 | 2019-08-02 | In cPanel before 67.9999.103, the backup system overwrites root's home directory when a mount disappears (SEC-299). |
| CVE-2017-18414 | 2019-08-02 | cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300). |
| CVE-2017-18415 | 2019-08-02 | cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302). |
| CVE-2017-18416 | 2019-08-02 | cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303). |
| CVE-2019-10938 | 2019-08-02 | A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01),... |
| CVE-2019-14532 | 2019-08-02 | An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table. |
| CVE-2019-14531 | 2019-08-02 | An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c. |
| CVE-2018-1987 | 2019-08-02 | IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace... |
| CVE-2019-4275 | 2019-08-02 | IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. IBM X-Force ID:... |
| CVE-2019-14233 | 2019-08-02 | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to... |
| CVE-2019-14235 | 2019-08-02 | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a... |
| CVE-2019-5493 | 2019-08-02 | Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be... |
| CVE-2019-5501 | 2019-08-02 | Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers. |
| CVE-2017-18417 | 2019-08-02 | cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263). |
| CVE-2017-18418 | 2019-08-02 | cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265). |
| CVE-2017-18419 | 2019-08-02 | cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266). |
| CVE-2017-18420 | 2019-08-02 | cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269). |
| CVE-2017-18421 | 2019-08-02 | cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271). |
| CVE-2017-18422 | 2019-08-02 | In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272). |
| CVE-2017-18423 | 2019-08-02 | In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273). |
| CVE-2017-18424 | 2019-08-02 | In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274). |
| CVE-2017-18425 | 2019-08-02 | In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280). |
| CVE-2017-18426 | 2019-08-02 | cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288). |
| CVE-2017-18427 | 2019-08-02 | In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289). |
| CVE-2017-18428 | 2019-08-02 | In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290). |
| CVE-2019-9141 | 2019-08-02 | Zoneplayer ActiveX Remote Code Execution vulnerability |
| CVE-2017-18429 | 2019-08-02 | In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291). |
| CVE-2017-18430 | 2019-08-02 | In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294). |
| CVE-2017-18431 | 2019-08-02 | cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941). |
| CVE-2017-18432 | 2019-08-02 | In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234). |
| CVE-2017-18433 | 2019-08-02 | cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236). |
| CVE-2017-18434 | 2019-08-02 | cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237). |
| CVE-2017-18435 | 2019-08-02 | cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238). |
| CVE-2019-10961 | 2019-08-02 | In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended... |
| CVE-2017-18436 | 2019-08-02 | cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239). |
| CVE-2017-18437 | 2019-08-02 | cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240). |
| CVE-2017-18438 | 2019-08-02 | cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242). |
| CVE-2017-18439 | 2019-08-02 | cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243). |
| CVE-2017-18440 | 2019-08-02 | cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244). |
| CVE-2017-18441 | 2019-08-02 | cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245). |
| CVE-2017-18442 | 2019-08-02 | cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246). |
| CVE-2017-18443 | 2019-08-02 | cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247). |
| CVE-2017-18444 | 2019-08-02 | cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248). |
| CVE-2017-18445 | 2019-08-02 | cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249). |
| CVE-2017-18446 | 2019-08-02 | cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250). |
| CVE-2017-18447 | 2019-08-02 | cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251). |
| CVE-2017-18448 | 2019-08-02 | cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252). |
| CVE-2017-18449 | 2019-08-02 | cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254). |
| CVE-2017-18450 | 2019-08-02 | cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255). |
| CVE-2017-18451 | 2019-08-02 | cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade (SEC-257). |
| CVE-2017-18452 | 2019-08-02 | cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259). |
| CVE-2017-18453 | 2019-08-02 | cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260). |
| CVE-2017-18454 | 2019-08-02 | cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262). |
| CVE-2017-18455 | 2019-08-02 | In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208). |
| CVE-2017-18456 | 2019-08-02 | cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217). |
| CVE-2017-18457 | 2019-08-02 | cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218). |
| CVE-2017-18458 | 2019-08-02 | cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219). |
| CVE-2017-18459 | 2019-08-02 | cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220). |
| CVE-2017-18460 | 2019-08-02 | cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221). |
| CVE-2017-18461 | 2019-08-02 | cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223). |
| CVE-2017-18463 | 2019-08-02 | cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225). |
| CVE-2019-10093 | 2019-08-02 | In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users... |
| CVE-2019-10094 | 2019-08-02 | A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to... |
| CVE-2019-10088 | 2019-08-02 | A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later. |
| CVE-2019-14541 | 2019-08-02 | GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id in cobc/typeck.c via crafted COBOL source code. |
| CVE-2019-6968 | 2019-08-02 | The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflected. |
| CVE-2019-6969 | 2019-08-02 | The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sensitive information such as the Wi-Fi password... |
| CVE-2019-7163 | 2019-08-02 | The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the... |
| CVE-2019-7849 | 2019-08-02 | A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1... |
| CVE-2019-7851 | 2019-08-02 | A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages. |
| CVE-2019-7852 | 2019-08-02 | A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in... |
| CVE-2019-7854 | 2019-08-02 | An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company... |
| CVE-2019-7855 | 2019-08-02 | A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant... |
| CVE-2019-7857 | 2019-08-02 | A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a... |
| CVE-2019-7858 | 2019-08-02 | A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that... |
| CVE-2019-7859 | 2019-08-02 | A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to... |
| CVE-2019-7860 | 2019-08-02 | A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. |
| CVE-2019-7861 | 2019-08-02 | Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to... |
| CVE-2019-7862 | 2019-08-02 | A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior... |
| CVE-2019-7863 | 2019-08-02 | A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited... |
| CVE-2019-7864 | 2019-08-02 | An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can... |
| CVE-2019-7865 | 2019-08-02 | A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could... |
| CVE-2019-7866 | 2019-08-02 | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited... |
| CVE-2019-7867 | 2019-08-02 | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited... |
| CVE-2019-7868 | 2019-08-02 | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited... |
| CVE-2019-7869 | 2019-08-02 | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited... |
| CVE-2019-7871 | 2019-08-02 | A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An... |
| CVE-2019-7872 | 2019-08-02 | An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This... |
| CVE-2019-14544 | 2019-08-02 | routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks. |
| CVE-2019-7873 | 2019-08-02 | A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the... |
| CVE-2019-7874 | 2019-08-02 | A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user... |
| CVE-2019-7875 | 2019-08-02 | A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2... |
| CVE-2019-7876 | 2019-08-02 | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts... |
| CVE-2019-7877 | 2019-08-02 | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with... |
| CVE-2019-7880 | 2019-08-02 | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited... |
| CVE-2019-7881 | 2019-08-02 | A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user... |
| CVE-2019-7882 | 2019-08-02 | A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2... |