Lista CVE - 2019 / Settembre
Visualizzazione 101 - 200 di 1531 CVE per Settembre 2019 (Pagina 2 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-5070 | 2019-09-05 | An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in... |
| CVE-2019-13349 | 2019-09-05 | In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes. |
| CVE-2019-13187 | 2019-09-05 | The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php. |
| CVE-2019-13191 | 2019-09-05 | A SQL injection vulnerability in IntraMaps MapControl 8 allows attackers to execute arbitrary SQL commands via the /ApplicationEngine/Search/Refine/Set page. |
| CVE-2019-14278 | 2019-09-05 | In Knowage through 6.1.1, an unauthenticated user can enumerated valid usernames via the ChangePwdServlet page. |
| CVE-2019-13188 | 2019-09-05 | In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application. |
| CVE-2019-15955 | 2019-09-05 | An issue was discovered in Total.js CMS 12.0.0. A low privilege user can perform a simple transformation of a cookie to obtain the random values inside it. If an attacker... |
| CVE-2019-15954 | 2019-09-05 | An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious... |
| CVE-2019-15953 | 2019-09-05 | An issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API.... |
| CVE-2019-15952 | 2019-09-05 | An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to include .html files that are outside the... |
| CVE-2019-15944 | 2019-09-05 | In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection message. |
| CVE-2019-15848 | 2019-09-05 | JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in... |
| CVE-2019-14339 | 2019-09-05 | The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's malicious application to obtain sensitive information including factory... |
| CVE-2019-10753 | 2019-09-05 | In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies... |
| CVE-2019-11380 | 2019-09-05 | The master-password feature in the ES File Explorer File Manager application 4.2.0.1.3 for Android can be bypassed via a com.estrongs.android.pop.ftp.ESFtpShortcut intent, leading to remote FTP access to the entirety of... |
| CVE-2019-15029 | 2019-09-05 | FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger... |
| CVE-2019-14224 | 2019-09-05 | An issue was discovered in Alfresco Community Edition 5.2 201707. By leveraging multiple components in the Alfresco Software applications, an exploit chain was observed that allows an attacker to achieve... |
| CVE-2019-14222 | 2019-09-05 | An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the... |
| CVE-2019-2123 | 2019-09-05 | In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible local execution of arbitrary code in a privileged process due to a memory overwrite.... |
| CVE-2019-2174 | 2019-09-05 | In SensorManager::assertStateLocked of SensorManager.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible use after free due to improper locking. This could lead to local escalation of... |
| CVE-2019-2175 | 2019-09-05 | In checkAccess of SliceManagerService.java in Android 9, there is a possible permissions check bypass due to incorrect order of arguments. This could lead to local escalation of privilege with no... |
| CVE-2019-2103 | 2019-09-05 | In Google Assistant in Android 9, there is a possible permissions bypass that allows the Assistant to take a screenshot of apps with FLAG_SECURE. This could lead to local information... |
| CVE-2019-2176 | 2019-09-05 | In ihevcd_parse_buffering_period_sei of ihevcd_parse_headers.c in Android 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code... |
| CVE-2019-2177 | 2019-09-05 | In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code... |
| CVE-2019-2115 | 2019-09-05 | In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege... |
| CVE-2019-2178 | 2019-09-05 | In rw_t4t_sm_read_ndef of rw_t4t in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to... |
| CVE-2019-2179 | 2019-09-05 | In NDEF_MsgValidate of ndef_utils in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds read due to an integer overflow. This could lead to local... |
| CVE-2019-2180 | 2019-09-05 | In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure... |
| CVE-2019-2124 | 2019-09-05 | In ComposeActivityEmailExternal of ComposeActivityEmailExternal.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible way to silently attach files to an email due to a confused deputy. This... |
| CVE-2019-9254 | 2019-09-05 | In readArgumentList of zygote.java in Android 10, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution... |
| CVE-2019-2108 | 2019-09-05 | In ihevcd_ref_list of ihevcd_ref_list.c in Android 10, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no... |
| CVE-2019-2181 | 2019-09-05 | In binder_transaction of binder.c in the Android kernel, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with... |
| CVE-2019-15846 | 2019-09-06 | Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. |
| CVE-2019-14813 | 2019-09-06 | A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A... |
| CVE-2019-13517 | 2019-09-06 | In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not... |
| CVE-2018-6240 | 2019-09-06 | NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address |
| CVE-2019-13656 | 2019-09-06 | An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code. |
| CVE-2019-13953 | 2019-09-06 | An exploitable authentication bypass vulnerability exists in the Bluetooth Low Energy (BLE) authentication module of YI M1 Mirrorless Camera V3.2-cn. An attacker can send a set of BLE commands to... |
| CVE-2019-14223 | 2019-09-06 | An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request.... |
| CVE-2019-15102 | 2019-09-06 | An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner_Non_distributed (and distributed end points) does not have any authentication mechanism. This allow an attacker to execute an arbitrary... |
| CVE-2018-18630 | 2019-09-06 | A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary... |
| CVE-2019-15890 | 2019-09-06 | libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. |
| CVE-2019-16056 | 2019-09-06 | An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters.... |
| CVE-2019-16058 | 2019-09-06 | An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a... |
| CVE-2019-16059 | 2019-09-06 | Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page. |
| CVE-2019-16060 | 2019-09-06 | The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are... |
| CVE-2019-9854 | 2019-09-06 | Unsafe URL assembly flaw in allowed script location check |
| CVE-2019-9855 | 2019-09-06 | Windows 8.3 path equivalence handling flaw allows LibreLogo script execution |
| CVE-2016-7398 | 2019-09-06 | A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to... |
| CVE-2019-11925 | 2019-09-06 | Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects... |
| CVE-2019-11926 | 2019-09-06 | Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects... |
| CVE-2019-10891 | 2019-09-06 | An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnap_main, which calls system() without checking the parameter that can be controlled by user, and... |
| CVE-2019-10892 | 2019-09-06 | An issue was discovered in D-Link DIR-806 devices. There is a stack-based buffer overflow in function hnap_main at /htdocs/cgibin. The function will call sprintf without checking the length of strings... |
| CVE-2018-11198 | 2019-09-06 | An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json. |
| CVE-2019-15128 | 2019-09-06 | iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to create a user. |
| CVE-2019-16088 | 2019-09-06 | Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc. |
| CVE-2019-9426 | 2019-09-06 | In the Android kernel in Bluetooth there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System... |
| CVE-2019-9436 | 2019-09-06 | In the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2019-9345 | 2019-09-06 | In the Android kernel in sdcardfs there is a possible violation of the separation of data between profiles due to shared mapping of obb files. This could lead to local... |
| CVE-2019-9461 | 2019-09-06 | In the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent network attacker with no additional execution privileges... |
| CVE-2019-9248 | 2019-09-06 | In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of... |
| CVE-2019-9270 | 2019-09-06 | In the Android kernel in unifi and r8180 WiFi drivers there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation... |
| CVE-2019-2182 | 2019-09-06 | In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of... |
| CVE-2019-9271 | 2019-09-06 | In the Android kernel in the mnh driver there is a race condition due to insufficient locking. This could lead to a use-after-free which could lead to escalation of privilege... |
| CVE-2019-9273 | 2019-09-06 | In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System... |
| CVE-2019-9274 | 2019-09-06 | In the Android kernel in the mnh driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege... |
| CVE-2019-9275 | 2019-09-06 | In the Android kernel in the mnh driver there is a use after free due to improper locking. This could lead to escalation of privilege with System execution privileges needed.... |
| CVE-2019-9276 | 2019-09-06 | In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible out of bounds write due to a use after free. This could lead to a local escalation... |
| CVE-2019-9441 | 2019-09-06 | In the Android kernel in the mnh driver there is a possible out of bounds write due to improper input validation. This could lead to escalation of privilege with System... |
| CVE-2019-9442 | 2019-09-06 | In the Android kernel in the mnh driver there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System privileges... |
| CVE-2019-9443 | 2019-09-06 | In the Android kernel in the vl53L0 driver there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege due... |
| CVE-2019-9446 | 2019-09-06 | In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to improper input validation. This could lead to a local escalation of... |
| CVE-2019-9447 | 2019-09-06 | In the Android kernel in the FingerTipS touchscreen driver there is a possible use-after-free due to improper locking. This could lead to a local escalation of privilege with System execution... |
| CVE-2019-9448 | 2019-09-06 | In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation... |
| CVE-2019-9450 | 2019-09-06 | In the Android kernel in the FingerTipS touchscreen driver there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System... |
| CVE-2019-9451 | 2019-09-06 | In the Android kernel in the touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege... |
| CVE-2019-9454 | 2019-09-06 | In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution... |
| CVE-2019-9456 | 2019-09-06 | In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege... |
| CVE-2019-9458 | 2019-09-06 | In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional... |
| CVE-2019-9245 | 2019-09-06 | In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with... |
| CVE-2019-9444 | 2019-09-06 | In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure... |
| CVE-2019-9445 | 2019-09-06 | In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system... |
| CVE-2019-9449 | 2019-09-06 | In the Android kernel in FingerTipS touchscreen driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with... |
| CVE-2019-9452 | 2019-09-06 | In the Android kernel in SEC_TS touch driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with... |
| CVE-2019-9453 | 2019-09-06 | In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system... |
| CVE-2019-9455 | 2019-09-06 | In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges... |
| CVE-2019-16089 | 2019-09-06 | An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value. |
| CVE-2019-16095 | 2019-09-08 | Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c. |
| CVE-2019-16094 | 2019-09-08 | Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. |
| CVE-2019-16093 | 2019-09-08 | Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. |
| CVE-2019-16092 | 2019-09-08 | Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c. |
| CVE-2019-16091 | 2019-09-08 | Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c. |
| CVE-2019-16096 | 2019-09-08 | Kilo 0.0.1 has a heap-based buffer overflow because there is an integer overflow in a calculation involving the number of tabs in one row. |
| CVE-2016-10937 | 2019-09-08 | IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. |
| CVE-2019-16097 | 2019-09-08 | core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user... |
| CVE-2019-16105 | 2019-09-08 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI. |
| CVE-2019-16104 | 2019-09-08 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO. |
| CVE-2019-16103 | 2019-09-08 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature. |
| CVE-2019-16102 | 2019-09-08 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity. |
| CVE-2019-16101 | 2019-09-08 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI. |