Lista CVE - 2019 / Settembre
Visualizzazione 1101 - 1200 di 1531 CVE per Settembre 2019 (Pagina 12 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-16900 | 2019-09-26 | Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. |
| CVE-2019-16899 | 2019-09-26 | In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. |
| CVE-2015-9431 | 2019-09-26 | The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter. |
| CVE-2015-9432 | 2019-09-26 | The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter. |
| CVE-2015-9433 | 2019-09-26 | The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php. |
| CVE-2015-9434 | 2019-09-26 | The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter. |
| CVE-2015-9435 | 2019-09-26 | The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers. |
| CVE-2015-9436 | 2019-09-26 | The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter. |
| CVE-2015-9437 | 2019-09-26 | The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter. |
| CVE-2015-9438 | 2019-09-26 | The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter. |
| CVE-2019-16738 | 2019-09-26 | In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup. |
| CVE-2015-9439 | 2019-09-26 | The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter. |
| CVE-2015-9440 | 2019-09-26 | The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new. |
| CVE-2015-9448 | 2019-09-26 | The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter. |
| CVE-2015-9447 | 2019-09-26 | The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters. |
| CVE-2015-9446 | 2019-09-26 | The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php. |
| CVE-2015-9445 | 2019-09-26 | The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation. |
| CVE-2015-9444 | 2019-09-26 | The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF. |
| CVE-2015-9443 | 2019-09-26 | The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP. |
| CVE-2015-9442 | 2019-09-26 | The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin. |
| CVE-2015-9441 | 2019-09-26 | The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php. |
| CVE-2019-16903 | 2019-09-26 | Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServer.cpp because it checks for /.. where it should be checking for ../ instead. |
| CVE-2019-16904 | 2019-09-26 | TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable... |
| CVE-2019-14273 | 2019-09-26 | In SilverStripe assets 4.0, there is broken access control on files. |
| CVE-2019-14844 | 2019-09-26 | A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC... |
| CVE-2019-14272 | 2019-09-26 | In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS. |
| CVE-2019-12617 | 2019-09-26 | In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution. |
| CVE-2019-10092 | 2019-09-26 | In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed... |
| CVE-2019-10097 | 2019-09-26 | In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer... |
| CVE-2019-13523 | 2019-09-26 | In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP... |
| CVE-2019-16532 | 2019-09-26 | An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections. |
| CVE-2019-16894 | 2019-09-26 | download.php in inoERP 4.15 allows SQL injection through insecure deserialization. |
| CVE-2019-16409 | 2019-09-26 | In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed... |
| CVE-2019-10082 | 2019-09-26 | In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. |
| CVE-2019-4262 | 2019-09-26 | IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the QRadar system, potentially leading... |
| CVE-2019-4378 | 2019-09-26 | IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service... |
| CVE-2019-10882 | 2019-09-26 | Netskope client buffer overflow vulnerability |
| CVE-2019-12091 | 2019-09-26 | Netskope client command injections vulnerability |
| CVE-2019-6175 | 2019-09-26 | System Update Vulnerability |
| CVE-2019-6161 | 2019-09-26 | An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session... |
| CVE-2019-16755 | 2019-09-26 | BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System... |
| CVE-2019-16869 | 2019-09-26 | Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. |
| CVE-2019-16524 | 2019-09-26 | The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This... |
| CVE-2018-11782 | 2019-09-26 | In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to... |
| CVE-2019-0203 | 2019-09-26 | In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to... |
| CVE-2019-16915 | 2019-09-26 | An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents. |
| CVE-2019-16914 | 2019-09-26 | An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization. |
| CVE-2019-16667 | 2019-09-26 | diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a... |
| CVE-2019-12562 | 2019-09-26 | Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to... |
| CVE-2019-15862 | 2019-09-26 | An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept... |
| CVE-2019-15891 | 2019-09-26 | An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof... |
| CVE-2019-11278 | 2019-09-26 | Privilege Escalation via Blind SCIM Injection in UAA |
| CVE-2019-11279 | 2019-09-26 | Privilege Escalation via Scope Manipulation in UAA |
| CVE-2019-16902 | 2019-09-27 | In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname. |
| CVE-2019-16920 | 2019-09-27 | Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common... |
| CVE-2019-16921 | 2019-09-27 | In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813. |
| CVE-2019-13376 | 2019-09-27 | phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS |
| CVE-2019-4141 | 2019-09-27 | IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused... |
| CVE-2018-19592 | 2019-09-27 | The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context... |
| CVE-2019-9853 | 2019-09-27 | Insufficient URL decoding flaw in categorizing macro location |
| CVE-2019-16922 | 2019-09-27 | SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files. |
| CVE-2019-8072 | 2019-09-27 | ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the... |
| CVE-2019-8073 | 2019-09-27 | ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in... |
| CVE-2019-8074 | 2019-09-27 | ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of... |
| CVE-2019-8075 | 2019-09-27 | Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. |
| CVE-2019-16923 | 2019-09-27 | kkcms 1.3 has jx.php?url= XSS. |
| CVE-2019-16924 | 2019-09-27 | The Nulock application 1.5.0 for mobile devices sends a cleartext password over Bluetooth, which allows remote attackers (after sniffing the network) to take control of the lock. |
| CVE-2019-11755 | 2019-09-27 | A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no... |
| CVE-2019-11753 | 2019-09-27 | The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is... |
| CVE-2019-11752 | 2019-09-27 | It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects... |
| CVE-2019-11751 | 2019-09-27 | Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can... |
| CVE-2019-11750 | 2019-09-27 | A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. |
| CVE-2019-11749 | 2019-09-27 | A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering... |
| CVE-2019-11748 | 2019-09-27 | WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities... |
| CVE-2019-11747 | 2019-09-27 | The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any... |
| CVE-2019-11746 | 2019-09-27 | A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox <... |
| CVE-2019-11744 | 2019-09-27 | Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on... |
| CVE-2019-11743 | 2019-09-27 | Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only... |
| CVE-2019-11742 | 2019-09-27 | A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is... |
| CVE-2019-11741 | 2019-09-27 | A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org... |
| CVE-2019-11740 | 2019-09-27 | Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we... |
| CVE-2019-11739 | 2019-09-27 | Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 68.1 and Thunderbird < 60.9. |
| CVE-2019-11738 | 2019-09-27 | If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This... |
| CVE-2019-11737 | 2019-09-27 | If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives... |
| CVE-2019-11736 | 2019-09-27 | The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable,... |
| CVE-2019-11735 | 2019-09-27 | Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that... |
| CVE-2019-11734 | 2019-09-27 | Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that... |
| CVE-2019-11733 | 2019-09-27 | When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored... |
| CVE-2019-11754 | 2019-09-27 | When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users.... |
| CVE-2019-2055 | 2019-09-27 | In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User... |
| CVE-2019-2059 | 2019-09-27 | In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User... |
| CVE-2019-2060 | 2019-09-27 | In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2019-2061 | 2019-09-27 | In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User... |
| CVE-2019-2062 | 2019-09-27 | In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User... |
| CVE-2019-2063 | 2019-09-27 | In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional... |
| CVE-2019-2064 | 2019-09-27 | In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User... |
| CVE-2019-2065 | 2019-09-27 | In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User... |
| CVE-2019-2066 | 2019-09-27 | In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User... |
| CVE-2019-2067 | 2019-09-27 | In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User... |
| CVE-2019-2068 | 2019-09-27 | In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User... |