Lista CVE - 2019 / Agosto
Visualizzazione 301 - 400 di 2001 CVE per Agosto 2019 (Pagina 4 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-7885 | 2019-08-02 | Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento... |
| CVE-2019-7886 | 2019-08-02 | A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization... |
| CVE-2019-7887 | 2019-08-02 | A reflected cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2... |
| CVE-2019-7888 | 2019-08-02 | An information disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to create email templates... |
| CVE-2019-7889 | 2019-08-02 | An injection vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior... |
| CVE-2019-7890 | 2019-08-02 | An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This... |
| CVE-2019-7892 | 2019-08-02 | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access... |
| CVE-2019-7895 | 2019-08-02 | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts... |
| CVE-2019-7896 | 2019-08-02 | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts... |
| CVE-2019-7897 | 2019-08-02 | A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2... |
| CVE-2019-7898 | 2019-08-02 | Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9,... |
| CVE-2019-7899 | 2019-08-02 | Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1... |
| CVE-2019-7903 | 2019-08-02 | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email... |
| CVE-2019-7904 | 2019-08-02 | Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a low-privileged user to make unauthorized... |
| CVE-2019-7908 | 2019-08-02 | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited... |
| CVE-2019-7909 | 2019-08-02 | A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2... |
| CVE-2019-7911 | 2019-08-02 | A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9,... |
| CVE-2019-7912 | 2019-08-02 | A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user... |
| CVE-2019-7913 | 2019-08-02 | A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated... |
| CVE-2019-7915 | 2019-08-02 | A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Under certain conditions, an unauthenticated attacker could force the Magento... |
| CVE-2019-7921 | 2019-08-02 | A stored cross-site scripting vulnerability exists in the product catalog form of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be... |
| CVE-2019-7923 | 2019-08-02 | A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by authenticated user... |
| CVE-2019-7925 | 2019-08-02 | An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an... |
| CVE-2019-7926 | 2019-08-02 | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited... |
| CVE-2019-7927 | 2019-08-02 | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited... |
| CVE-2019-7928 | 2019-08-02 | A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange... |
| CVE-2019-7929 | 2019-08-02 | An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges may be able... |
| CVE-2019-7930 | 2019-08-02 | A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the... |
| CVE-2019-7932 | 2019-08-02 | A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento... |
| CVE-2019-7934 | 2019-08-02 | A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2... |
| CVE-2019-7935 | 2019-08-02 | A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2... |
| CVE-2019-7936 | 2019-08-02 | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited... |
| CVE-2019-7937 | 2019-08-02 | A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited... |
| CVE-2019-7938 | 2019-08-02 | A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2... |
| CVE-2019-7939 | 2019-08-02 | A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could... |
| CVE-2019-7940 | 2019-08-02 | A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2... |
| CVE-2019-7942 | 2019-08-02 | A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create... |
| CVE-2019-7944 | 2019-08-02 | A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento... |
| CVE-2019-7945 | 2019-08-02 | A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento... |
| CVE-2019-7947 | 2019-08-02 | A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento... |
| CVE-2019-7950 | 2019-08-02 | An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via... |
| CVE-2019-7951 | 2019-08-02 | An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce... |
| CVE-2019-7853 | 2019-08-02 | A stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user... |
| CVE-2019-14551 | 2019-08-03 | Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrated by a cross-origin /install request with an attacker-controlled releaseUrl, which triggers download and execution... |
| CVE-2019-14653 | 2019-08-03 | pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element. |
| CVE-2019-14654 | 2019-08-05 | In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute... |
| CVE-2019-14662 | 2019-08-05 | Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in fileio.c via crafted BASIC source code. |
| CVE-2019-14663 | 2019-08-05 | Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fileio.c via crafted BASIC source code. |
| CVE-2019-14525 | 2019-08-05 | In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making... |
| CVE-2019-14521 | 2019-08-05 | The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the... |
| CVE-2017-18462 | 2019-08-05 | cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224). |
| CVE-2017-18464 | 2019-08-05 | cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226). |
| CVE-2017-18466 | 2019-08-05 | cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228). |
| CVE-2017-18465 | 2019-08-05 | cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227). |
| CVE-2017-18467 | 2019-08-05 | cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229). |
| CVE-2017-18468 | 2019-08-05 | cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232). |
| CVE-2017-18469 | 2019-08-05 | cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233). |
| CVE-2017-18470 | 2019-08-05 | cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196). |
| CVE-2017-18471 | 2019-08-05 | cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197). |
| CVE-2017-18472 | 2019-08-05 | cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198). |
| CVE-2017-18473 | 2019-08-05 | cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199). |
| CVE-2017-18474 | 2019-08-05 | cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201). |
| CVE-2017-18475 | 2019-08-05 | In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204). |
| CVE-2017-18476 | 2019-08-05 | Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205). |
| CVE-2017-18477 | 2019-08-05 | In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206). |
| CVE-2017-18478 | 2019-08-05 | In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207). |
| CVE-2017-18479 | 2019-08-05 | In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209). |
| CVE-2017-18480 | 2019-08-05 | cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210). |
| CVE-2017-18481 | 2019-08-05 | cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211). |
| CVE-2017-18482 | 2019-08-05 | cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213). |
| CVE-2016-10767 | 2019-08-05 | cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159). |
| CVE-2016-10768 | 2019-08-05 | cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161). |
| CVE-2016-10769 | 2019-08-05 | cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162). |
| CVE-2016-10770 | 2019-08-05 | cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164). |
| CVE-2016-10771 | 2019-08-05 | cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165). |
| CVE-2016-10772 | 2019-08-05 | cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168). |
| CVE-2016-10773 | 2019-08-05 | cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171). |
| CVE-2016-10774 | 2019-08-05 | cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172). |
| CVE-2016-10775 | 2019-08-05 | cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173). |
| CVE-2019-4261 | 2019-08-05 | IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by... |
| CVE-2019-4284 | 2019-08-05 | IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used... |
| CVE-2019-4473 | 2019-08-05 | Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local... |
| CVE-2019-14348 | 2019-08-05 | The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter. |
| CVE-2019-11270 | 2019-08-05 | UAA clients.write vulnerability |
| CVE-2019-3717 | 2019-08-05 | Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run... |
| CVE-2019-3800 | 2019-08-05 | CF CLI writes the client id and secret to config file |
| CVE-2019-11198 | 2019-08-05 | Multiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) #300583 - List Manager Dashboard module,... |
| CVE-2019-12264 | 2019-08-05 | Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component. |
| CVE-2019-14665 | 2019-08-05 | Brandy 1.20.1 has a heap-based buffer overflow in define_array in variables.c via crafted BASIC source code. |
| CVE-2019-10980 | 2019-08-05 | A type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially crafted project file. This may allow an attacker to execute remote code. The attacker must have... |
| CVE-2019-10994 | 2019-08-05 | Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access... |
| CVE-2019-5502 | 2019-08-05 | SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data. |
| CVE-2019-14549 | 2019-08-05 | An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed inside the title and breadcrumb of a newly formed entity available to all the users. A malicious user... |
| CVE-2019-14550 | 2019-08-05 | An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a victim clicks on the Edit Dashboard feature present on the Homepage. An attacker can load malicious... |
| CVE-2019-14546 | 2019-08-05 | An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed on the Preference page as well as while sending an email when a malicious payload was inserted inside... |
| CVE-2019-14548 | 2019-08-05 | An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the body of an Article was executed when a victim opens articles received through mail. This Article can be... |
| CVE-2019-14547 | 2019-08-05 | An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a attacker sends an attachment to admin with malicious JavaScript in the filename. This JavaScript executed when... |
| CVE-2019-14672 | 2019-08-05 | Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code is executed upon an error... |
| CVE-2019-14671 | 2019-08-05 | Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is... |
| CVE-2019-14670 | 2019-08-05 | Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation. |