Lista CVE - 2019 / Agosto
Visualizzazione 501 - 600 di 2001 CVE per Agosto 2019 (Pagina 6 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-10371 | 2019-08-07 | A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. |
| CVE-2019-10372 | 2019-08-07 | An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login. |
| CVE-2019-10373 | 2019-08-07 | A stored cross-site scripting vulnerability in Jenkins Build Pipeline Plugin 1.5.8 and earlier allows attackers able to edit the build pipeline description to inject arbitrary HTML and JavaScript in the... |
| CVE-2019-10374 | 2019-08-07 | A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert... |
| CVE-2019-10375 | 2019-08-07 | An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on... |
| CVE-2019-10376 | 2019-08-07 | A reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin. |
| CVE-2019-10377 | 2019-08-07 | A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins. |
| CVE-2019-10378 | 2019-08-07 | Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master... |
| CVE-2019-10379 | 2019-08-07 | Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access... |
| CVE-2019-10380 | 2019-08-07 | Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary... |
| CVE-2019-10381 | 2019-08-07 | Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. |
| CVE-2019-10382 | 2019-08-07 | Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. |
| CVE-2019-10385 | 2019-08-07 | Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access... |
| CVE-2019-10386 | 2019-08-07 | A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs... |
| CVE-2019-10387 | 2019-08-07 | A missing permission check in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained... |
| CVE-2019-10388 | 2019-08-07 | A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server. |
| CVE-2019-10389 | 2019-08-07 | A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server. |
| CVE-2019-14744 | 2019-08-07 | In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and... |
| CVE-2018-20961 | 2019-08-07 | In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or... |
| CVE-2019-14432 | 2019-08-07 | Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same... |
| CVE-2019-14745 | 2019-08-07 | In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of... |
| CVE-2019-14746 | 2019-08-07 | A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request. |
| CVE-2019-14747 | 2019-08-07 | DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-design!copySurvey.action surveyName parameter. |
| CVE-2016-5431 | 2019-08-07 | The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens. |
| CVE-2019-10099 | 2019-08-07 | Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by... |
| CVE-2019-5476 | 2019-08-07 | An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://lookup.nextcloud.com) caused unauthenticated users to be able to execute arbitrary SQL commands. |
| CVE-2019-11653 | 2019-08-07 | Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user’s CheckIn request. |
| CVE-2019-14750 | 2019-08-07 | An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and... |
| CVE-2019-14749 | 2019-08-07 | An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or... |
| CVE-2019-14748 | 2019-08-07 | An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload... |
| CVE-2019-14537 | 2019-08-07 | YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass. |
| CVE-2019-14474 | 2019-08-07 | eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in function 'Call()' of ReGa core logic process, resulting in the ability to start a Denial of Service. Due to... |
| CVE-2019-1895 | 2019-08-07 | Cisco Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability |
| CVE-2019-1910 | 2019-08-07 | Cisco IOS XR Software Intermediate System to Intermediate System Denial of Service Vulnerability |
| CVE-2019-1925 | 2019-08-07 | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities |
| CVE-2019-1924 | 2019-08-07 | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities |
| CVE-2019-1918 | 2019-08-07 | Cisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnerability |
| CVE-2019-1927 | 2019-08-07 | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities |
| CVE-2019-1926 | 2019-08-07 | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities |
| CVE-2019-1944 | 2019-08-07 | Cisco Adaptive Security Appliance Smart Tunnel Vulnerabilities |
| CVE-2019-1934 | 2019-08-07 | Cisco Adaptive Security Appliance Software Web-Based Management Interface Privilege Escalation Vulnerability |
| CVE-2019-1929 | 2019-08-07 | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities |
| CVE-2019-1928 | 2019-08-07 | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities |
| CVE-2019-1945 | 2019-08-07 | Cisco Adaptive Security Appliance Smart Tunnel Vulnerabilities |
| CVE-2019-14763 | 2019-08-07 | In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid. |
| CVE-2019-14771 | 2019-08-08 | Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives... |
| CVE-2019-14770 | 2019-08-08 | In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and... |
| CVE-2019-14769 | 2019-08-08 | Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then... |
| CVE-2019-1946 | 2019-08-08 | Cisco Enterprise NFV Infrastructure Software Web-Based Management Interface Authentication Bypass Vulnerability |
| CVE-2019-1952 | 2019-08-08 | Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability |
| CVE-2019-1951 | 2019-08-08 | Cisco SD-WAN Solution Packet Filtering Bypass Vulnerability |
| CVE-2019-1949 | 2019-08-08 | Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability |
| CVE-2019-1958 | 2019-08-08 | Cisco HyperFlex Software Cross-Site Request Forgery Vulnerability |
| CVE-2019-1957 | 2019-08-08 | Cisco IoT Field Network Director TLS Renegotiation Denial of Service Vulnerability |
| CVE-2019-1956 | 2019-08-08 | Cisco SPA112 2-Port Phone Adapter Stored Cross-Site Scripting Vulnerability |
| CVE-2019-1955 | 2019-08-08 | Cisco Email Security Appliance Header Injection Vulnerability |
| CVE-2019-1954 | 2019-08-08 | Cisco Webex Meetings Server Open Redirection Vulnerability |
| CVE-2019-1953 | 2019-08-08 | Cisco Enterprise NFV Infrastructure Software Password Recovery Vulnerability |
| CVE-2019-1972 | 2019-08-08 | Cisco Enterprise NFV Infrastructure Software Privilege Escalation Vulnerability |
| CVE-2019-1971 | 2019-08-08 | Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability |
| CVE-2019-1970 | 2019-08-08 | Cisco Firepower Threat Defense Software File Policy Bypass Vulnerability |
| CVE-2019-1961 | 2019-08-08 | Cisco Enterprise NFV Infrastructure Software Web Portal Arbitrary File Read Vulnerability |
| CVE-2019-1960 | 2019-08-08 | Cisco Enterprise NFV Infrastructure Software Arbitrary File Read Vulnerabilities |
| CVE-2019-1959 | 2019-08-08 | Cisco Enterprise NFV Infrastructure Software Arbitrary File Read Vulnerabilities |
| CVE-2019-1973 | 2019-08-08 | Cisco Enterprise NFV Infrastructure Software Cross-site Scripting Vulnerability |
| CVE-2019-13101 | 2019-08-08 | An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN,... |
| CVE-2019-14754 | 2019-08-08 | Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter. |
| CVE-2019-14221 | 2019-08-08 | 1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation. |
| CVE-2019-14255 | 2019-08-08 | A Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote attacker to perform HTTP requests to internal endpoints. |
| CVE-2016-10864 | 2019-08-08 | NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID. |
| CVE-2018-19855 | 2019-08-08 | UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features. |
| CVE-2019-14772 | 2019-08-08 | verdaccio before 3.12.0 allows XSS. |
| CVE-2019-14335 | 2019-08-08 | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated denial of service leading to the reboot of the AP via the admin.cgi?action=%s URI. |
| CVE-2019-13176 | 2019-08-08 | An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST... |
| CVE-2019-11208 | 2019-08-08 | TIBCO API Exchange Processes OAuth Incorrectly |
| CVE-2019-5236 | 2019-08-08 | Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double free vulnerability. An attacker can trick a user to click a URL... |
| CVE-2019-5301 | 2019-08-08 | Huawei smart phones Honor V20 with the versions before 9.0.1.161(C00E161R2P2) have an information leak vulnerability. An attacker may trick a user into installing a malicious application. Due to coding error... |
| CVE-2019-5237 | 2019-08-08 | Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information. |
| CVE-2019-5238 | 2019-08-08 | Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information. |
| CVE-2019-5239 | 2019-08-08 | Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have an information leak vulnerability. Successful exploitation may cause the attacker to read information. |
| CVE-2019-12397 | 2019-08-08 | Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix. |
| CVE-2019-14693 | 2019-08-08 | Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information... |
| CVE-2019-12994 | 2019-08-08 | Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL. |
| CVE-2019-12959 | 2019-08-08 | Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter. |
| CVE-2019-14353 | 2019-08-08 | On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated... |
| CVE-2019-14774 | 2019-08-08 | The woo-variation-swatches (aka Variation Swatches for WooCommerce) plugin 1.0.61 for WordPress allows XSS via the wp-admin/admin.php?page=woo-variation-swatches-settings tab parameter. |
| CVE-2019-14773 | 2019-08-08 | admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion. |
| CVE-2018-20962 | 2019-08-08 | The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type. |
| CVE-2019-14683 | 2019-08-08 | The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF. |
| CVE-2019-14682 | 2019-08-08 | The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbs_admin_page CSRF. |
| CVE-2019-14681 | 2019-08-08 | The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF. |
| CVE-2019-14680 | 2019-08-08 | The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF. |
| CVE-2019-14679 | 2019-08-08 | core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 for WordPress allows wp-admin/admin.php?page=arplite_import_export CSRF. |
| CVE-2015-9292 | 2019-08-08 | 6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter). |
| CVE-2016-10863 | 2019-08-08 | Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure. |
| CVE-2017-18485 | 2019-08-08 | Cognitoys Dino devices allow profiles_add.html CSRF. |
| CVE-2017-18484 | 2019-08-08 | Cognitoys Dino devices allow XSS via the SSID. |
| CVE-2018-20960 | 2019-08-08 | Nespresso Prodigio devices lack Bluetooth connection security. |
| CVE-2018-20957 | 2019-08-08 | The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks. |
| CVE-2018-20956 | 2019-08-08 | Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset. NOTE: all affected customers were migrated by 2020-08-31. |