Lista CVE - 2019 / Settembre
Visualizzazione 1501 - 1531 di 1531 CVE per Settembre 2019 (Pagina 16 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-10501 | 2019-09-30 | Possible use after free issue due to improper input validation in volume listener library in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &... |
| CVE-2019-10506 | 2019-09-30 | While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor command, driver does not validate the data obtained from the user space which could be invalid and thus leads to an undesired behaviour in Snapdragon Auto,... |
| CVE-2019-10507 | 2019-09-30 | Lack of check of extscan change results received from firmware can lead to an out of buffer read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2019-10508 | 2019-09-30 | Lack of input validation for data received from user space can lead to OOB access in WLAN in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2019-10509 | 2019-09-30 | Device record of the pairing device used after free during ACL disconnection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &... |
| CVE-2019-10510 | 2019-09-30 | BT process died and BT toggled due to null pointer dereference when invalid vendor pass through command sent from remote in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice... |
| CVE-2019-10538 | 2019-09-30 | Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range which can compromise HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon... |
| CVE-2019-10539 | 2019-09-30 | Possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,... |
| CVE-2019-10540 | 2019-09-30 | Buffer overflow in WLAN NAN function due to lack of check of count value received in NAN availability attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,... |
| CVE-2019-2252 | 2019-09-30 | Classic buffer overflow vulnerability while playing the specific video whose Decode picture buffer size is more than 16 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2019-2284 | 2019-09-30 | Possible use-after-free issue due to a race condition while calling camera ioctl concurrently in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables... |
| CVE-2019-2294 | 2019-09-30 | Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer... |
| CVE-2019-2333 | 2019-09-30 | Buffer overflow due to improper validation of buffer size while IPA driver processing to perform read operation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,... |
| CVE-2019-2341 | 2019-09-30 | Buffer overflow when the audio buffer size provided by user is larger than the maximum allowable audio buffer size. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2019-15810 | 2019-09-30 | Insufficient sanitization during device search in Netdisco 2.042010 allows for reflected XSS via manipulation of a URL parameter. |
| CVE-2019-13466 | 2019-09-30 | Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The “generate reports” archive is protected with a hard-coded password. An application update that... |
| CVE-2019-13467 | 2019-09-30 | Description: Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 applications are potentially vulnerable to man-in-the-middle attacks when the applications download resources from the Dashboard web service.... |
| CVE-2019-17049 | 2019-09-30 | NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account. |
| CVE-2019-16276 | 2019-09-30 | Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. |
| CVE-2019-17050 | 2019-09-30 | An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env... |
| CVE-2019-17051 | 2019-09-30 | Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on... |
| CVE-2019-13123 | 2019-09-30 | Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 1 of 2). |
| CVE-2019-13124 | 2019-09-30 | Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 2 of 2). |
| CVE-2019-16760 | 2019-09-30 | Cargo prior to Rust 1.26.0 may download the wrong dependency |
| CVE-2019-3728 | 2019-09-30 | RSA BSAFE Crypto-C Micro Edition versions from 4.0.0.0 before 4.0.5.4 and from 4.1.0 before 4.1.4, RSA BSAFE Micro Edition Suite versions from 4.0.0 before 4.0.13 and from 4.1.0 before 4.4... |
| CVE-2019-3729 | 2019-09-30 | RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user... |
| CVE-2019-3730 | 2019-09-30 | RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability,... |
| CVE-2019-3731 | 2019-09-30 | RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote... |
| CVE-2019-3732 | 2019-09-30 | RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions... |
| CVE-2019-3733 | 2019-09-30 | RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'.... |
| CVE-2019-17069 | 2019-10-01 | PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. |
| CVE-2019-16508 | 2019-10-01 | The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application.... |
| CVE-2019-15940 | 2019-10-01 | Victure PC530 devices allow unauthenticated TELNET access as root. |
| CVE-2019-17056 | 2019-10-01 | llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176. |
| CVE-2019-17055 | 2019-10-01 | base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. |
| CVE-2019-17054 | 2019-10-01 | atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c. |
| CVE-2019-17053 | 2019-10-01 | ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. |
| CVE-2019-17052 | 2019-10-01 | ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka... |
| CVE-2019-15039 | 2019-10-01 | An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1. |
| CVE-2019-14954 | 2019-10-01 | JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection. |
| CVE-2019-14952 | 2019-10-01 | JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles. |
| CVE-2019-10431 | 2019-10-01 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed... |
| CVE-2019-10432 | 2019-10-01 | Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the project and build display names in the HTML report frame, resulting in a cross-site scripting vulnerability exploitable by users... |
| CVE-2019-10433 | 2019-10-01 | Jenkins Dingding[钉钉] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master... |
| CVE-2019-10434 | 2019-10-01 | Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. |
| CVE-2019-10435 | 2019-10-01 | Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. |
| CVE-2019-11275 | 2019-10-01 | CSV Injection in usage report downloaded from Pivotal Application Manager |
| CVE-2019-10202 | 2019-10-01 | A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by... |
| CVE-2019-4246 | 2019-10-01 | IBM Daeja ViewONE Virtual 5.0 through 5.0.6 could expose internal parameters to ViewONE clients that could be used in further attacks against the system. IBM X-Force ID: 159521. |
| CVE-2019-4494 | 2019-10-01 | IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the... |
| CVE-2019-4495 | 2019-10-01 | IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the... |
| CVE-2019-4497 | 2019-10-01 | IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the... |
| CVE-2019-17063 | 2019-10-01 | In Snowtide PDFxStream before 3.7.1 (for Java), a crafted PDF file can trigger an extremely long running computation because of page-tree mishandling. |
| CVE-2019-17064 | 2019-10-01 | Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. |
| CVE-2019-14957 | 2019-10-01 | The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository. |
| CVE-2019-15038 | 2019-10-01 | An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1. |
| CVE-2019-14953 | 2019-10-01 | JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser. |
| CVE-2019-14955 | 2019-10-01 | In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented. |
| CVE-2019-14960 | 2019-10-01 | JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file. |
| CVE-2019-16942 | 2019-10-01 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint... |
| CVE-2019-16943 | 2019-10-01 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint... |
| CVE-2019-15042 | 2019-10-01 | An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1. |
| CVE-2019-14961 | 2019-10-01 | JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS. |
| CVE-2019-17068 | 2019-10-01 | PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. |
| CVE-2019-17067 | 2019-10-01 | PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection. |
| CVE-2019-7618 | 2019-10-01 | A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary... |
| CVE-2019-17074 | 2019-10-01 | An issue was discovered in XunRuiCMS 4.3.1. There is a stored XSS in the module_category area. |
| CVE-2019-17073 | 2019-10-01 | emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal. |
| CVE-2019-15035 | 2019-10-01 | An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1. |
| CVE-2019-15041 | 2019-10-01 | JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere. |
| CVE-2019-0231 | 2019-10-01 | Apache MINA SSLFilter security Issue |
| CVE-2019-8288 | 2019-10-01 | Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized. |
| CVE-2019-8289 | 2019-10-01 | Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable |
| CVE-2019-8290 | 2019-10-01 | Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an... |
| CVE-2019-8291 | 2019-10-01 | Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path traversal. |
| CVE-2019-8292 | 2019-10-01 | Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion. |
| CVE-2019-17075 | 2019-10-01 | An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could... |
| CVE-2019-13335 | 2019-10-02 | SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF. |
| CVE-2019-14454 | 2019-10-02 | SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation. |
| CVE-2019-17080 | 2019-10-02 | mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by an attacker, because an unpickle occurs. This is resolved in 8.0.0 and... |
| CVE-2019-17091 | 2019-10-02 | faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled. |
| CVE-2019-4520 | 2019-10-02 | IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178. |
| CVE-2019-4538 | 2019-10-02 | IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a... |
| CVE-2019-4539 | 2019-10-02 | IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it... |
| CVE-2019-4542 | 2019-10-02 | IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2019-4549 | 2019-10-02 | IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951. |
| CVE-2019-13025 | 2019-10-02 | Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST (HTTP) request containing shell commands, which will be executed... |
| CVE-2019-16116 | 2019-10-02 | EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash. |
| CVE-2019-13343 | 2019-10-02 | Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Effectively, a remote anonymous user can download any file on servers running... |
| CVE-2019-5031 | 2019-10-02 | An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn't... |
| CVE-2019-13658 | 2019-10-02 | CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. |
| CVE-2019-8462 | 2019-10-02 | In a rare scenario, Check Point R80.30 Security Gateway before JHF Take 50 managed by Check Point R80.30 Management crashes with a unique configuration of enhanced logging. |
| CVE-2019-16407 | 2019-10-02 | JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability. |
| CVE-2019-12630 | 2019-10-02 | Cisco Security Manager Java Deserialization Vulnerability |
| CVE-2019-12631 | 2019-10-02 | Cisco Identity Services Engine Cross-Site Scripting Vulnerability |
| CVE-2019-10212 | 2019-10-02 | A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the... |
| CVE-2019-16171 | 2019-10-02 | In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page. |
| CVE-2019-15040 | 2019-10-02 | JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page. |
| CVE-2019-15037 | 2019-10-02 | An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1. |
| CVE-2019-15036 | 2019-10-02 | An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1. |