CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-1010318 2019-07-11 2019-07-11
0.0
None ??? ??? ??? ??? ??? ???
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: WavpackSetConfiguration64 (pack_utils.c:198). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4.
2 CVE-2019-1010312 DoS 2019-07-12 2019-07-12
0.0
None ??? ??? ??? ??? ??? ???
Tildeslash Monit Version 5.25.2 and earlier is affected by: Buffer Over-read. The impact is: Disclosure of memory contents in an HTTP response, and Denial of Service. The component is: In function Util_urlDecode() on lines 1553 -1563 in Monit/src/util.c, a crafted POST parameter can cause the buffer index to increment to a value greater than the length of the buffer. The attack vector is: An authenticated remote attacker can exploit the vulnerability by sending a HTTP POST request that contains a maliciously crafted body parameter. The fixed version is: Version 5.25.3 and later.
3 CVE-2019-1010311 XSS 2019-07-12 2019-07-12
0.0
None ??? ??? ??? ??? ??? ???
Tildeslash Monit Version 5.25.2 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Execute javascript in a victim s browser; disable all monitoring for a particular host or service. The component is: In function do_viewlog() on line 910 in Monit/src/http/cervlet.c, an attacker controlled log file is copied into an HTTP response without any HTML escaping. The attack vector is: An authenticated remote attacker can exploit the vulnerability over a network. The fixed version is: Version 5.25.3 and later.
4 CVE-2019-1010309 Exec Code Dir. Trav. 2019-07-12 2019-07-12
0.0
None ??? ??? ??? ??? ??? ???
pacman prior to version 5.1.3 is affected by: Directory Traversal. The impact is: arbitrary file placement potentially leading to arbitrary root code execution. The component is: installing a remote package via a specified URL "pacman -U <url>". The problem was located in function curl_download_internal in lib/libalpm/dload.c line 535. The attack vector is: the victim must install a remote package via a specified URL from a malicious server (or a network MitM if downloading over HTTP). The fixed version is: 5.1.3 via commit 9702703633bec2c007730006de2aeec8587dfc84.
5 CVE-2019-1010048 DoS Overflow 2019-07-16 2019-07-16
0.0
None ??? ??? ??? ??? ??? ???
UPX 3.95 is affected by: Integer Overflow. The impact is: attacker can cause a denial of service. The component is: src/p_lx_elf.cpp PackLinuxElf32::PackLinuxElf32help1() Line 262. The attack vector is: the victim must open a specially crafted ELF file.
6 CVE-2019-1010042 2019-07-15 2019-07-15
0.0
None ??? ??? ??? ??? ??? ???
couchcms 2 is affected by: Web Site physical path leakage. The impact is: disclosure the full path. The component is: includes/mysql2i/mysql2i.func.php and addons/phpmailer/phpmailer.php. The attack vector is: network connectivity.
7 CVE-2019-1010011 DoS Overflow 2019-07-14 2019-07-15
0.0
None ??? ??? ??? ??? ??? ???
moinejf abcm2ps 8.13.16 and after is affected by: CWE-121: Stack-based Buffer Overflow. The impact is: This vulnerability allows remote attackers to cause a denial of service via a crafted file. The component is: parse.c / function: get_key and music.c/ function: delayed_output.
8 CVE-2019-16396 2019-09-17 2019-09-17
0.0
None ??? ??? ??? ??? ??? ???
GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code.
9 CVE-2019-16395 Overflow 2019-09-17 2019-09-17
0.0
None ??? ??? ??? ??? ??? ???
GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code.
10 CVE-2019-16394 2019-09-17 2019-09-17
0.0
None ??? ??? ??? ??? ??? ???
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.
11 CVE-2019-16393 2019-09-17 2019-09-17
0.0
None ??? ??? ??? ??? ??? ???
SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.
12 CVE-2019-16392 XSS 2019-09-17 2019-09-17
0.0
None ??? ??? ??? ??? ??? ???
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.
13 CVE-2019-16391 2019-09-17 2019-09-17
0.0
None ??? ??? ??? ??? ??? ???
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
14 CVE-2019-16370 2019-09-16 2019-09-16
0.0
None ??? ??? ??? ??? ??? ???
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.
15 CVE-2019-16353 2019-09-16 2019-09-16
0.0
None ??? ??? ??? ??? ??? ???
Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device.
16 CVE-2019-16335 2019-09-15 2019-09-16
0.0
None ??? ??? ??? ??? ??? ???
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
17 CVE-2019-16321 XSS 2019-09-15 2019-09-16
0.0
None ??? ??? ??? ??? ??? ???
ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO.
18 CVE-2019-16320 +Info 2019-09-15 2019-09-16
0.0
None ??? ??? ??? ??? ??? ???
Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel's latitude and longitude, via the public SNMP community.
19 CVE-2019-16307 XSS 2019-09-14 2019-09-16
0.0
None ??? ??? ??? ??? ??? ???
A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp).
20 CVE-2019-16199 Exec Code 2019-09-17 2019-09-17
0.0
None ??? ??? ??? ??? ??? ???
eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process.
21 CVE-2019-16170 2019-09-16 2019-09-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control.
22 CVE-2019-15741 2019-09-16 2019-09-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
23 CVE-2019-15736 DoS 2019-09-16 2019-09-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack.
24 CVE-2019-15734 2019-09-16 2019-09-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these.
25 CVE-2019-15732 Bypass 2019-09-16 2019-09-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions.
26 CVE-2019-15730 Bypass 2019-09-16 2019-09-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. The Jira integration contains a SSRF vulnerability as a result of a bypass of the current protection mechanisms against this type of attack, which would allow sending requests to any resources accessible in the local network by the GitLab server.
27 CVE-2019-15729 2019-09-17 2019-09-17
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request.
28 CVE-2019-15728 2019-09-16 2019-09-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server.
29 CVE-2019-15727 2019-09-16 2019-09-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users.
30 CVE-2019-15726 2019-09-16 2019-09-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server.
31 CVE-2019-15723 Bypass 2019-09-16 2019-09-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations.
32 CVE-2019-15231 Exec Code 2019-08-19 2019-08-21
0.0
None ??? ??? ??? ??? ??? ???
Webmin 1.890, in a default installation, contains a backdoor that allows an unauthenticated attacker to remotely execute commands. This CVE only refers to the backdoor that was enabled by default, and therefore is a separate CVE from CVE-2019-15107. NOTE: although the vendor's build infrastructure was compromised in 2018, the compromise is not known to affect any GitHub repository. Thus, the relatively uncommon case of an end user building their own copy of Webmin (from the 1.890 tag on GitHub) is thought to be safe.
33 CVE-2019-14835 Overflow 2019-09-17 2019-09-17
0.0
None ??? ??? ??? ??? ??? ???
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
34 CVE-2019-14826 2019-09-17 2019-09-17
0.0
None ??? ??? ??? ??? ??? ???
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.
35 CVE-2019-14540 2019-09-15 2019-09-16
0.0
None ??? ??? ??? ??? ??? ???
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
36 CVE-2019-13542 2019-09-17 2019-09-17
0.0
None ??? ??? ??? ??? ??? ???
3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.
37 CVE-2019-13538 Exec Code 2019-09-17 2019-09-17
0.0
None ??? ??? ??? ??? ??? ???
3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.15.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only.
38 CVE-2019-13474 2019-09-16 2019-09-16
0.0
None ??? ??? ??? ??? ??? ???
TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have insufficient access control for the /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands.
39 CVE-2019-12983 DoS +Info 2019-06-26 2019-06-26
0.0
None ??? ??? ??? ??? ??? ???
In the Linux kernel before 5.0.15, the function do_hidp_sock_ioctl in net/bluetooth/hidp/sock.c does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service, which is similar to CVE-2011-1079. The user would use an HIDPCONNADD command.
40 CVE-2019-12755 2019-09-17 2019-09-17
0.0
None ??? ??? ??? ??? ??? ???
Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.
41 CVE-2019-12396 2019-05-28 2019-05-28
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Revive Adserver before 4.2.1. In lib/OA/Dal/PasswordRecovery.php, the function generateRecoveryId() uses an insecure way to generate a password reset token. The token relies on the PHP uniqid function and consequently depends only on the current server time, which is often visible in an HTTP Date header.
42 CVE-2019-12165 Exec Code 2019-05-29 2019-05-29
0.0
None ??? ??? ??? ??? ??? ???
MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7) have a Command Execution Vulnerability. Successful exploit of this vulnerability could allow an attacker to execute arbitrary system commands.
43 CVE-2019-11667 2019-09-17 2019-09-17
0.0
None ??? ??? ??? ??? ??? ???
Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to private data.
44 CVE-2019-11666 2019-09-17 2019-09-17
0.0
None ??? ??? ??? ??? ??? ???
Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data.
45 CVE-2019-11665 2019-09-17 2019-09-17
0.0
None ??? ??? ??? ??? ??? ???
Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
46 CVE-2019-10397 2019-09-12 2019-09-12
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.
47 CVE-2019-10396 XSS 2019-09-12 2019-09-12
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions.
48 CVE-2019-10395 XSS 2019-09-12 2019-09-12
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties.
49 CVE-2019-10394 Exec Code Bypass 2019-09-12 2019-09-12
0.0
None ??? ??? ??? ??? ??? ???
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts.
50 CVE-2019-10393 Exec Code Bypass 2019-09-12 2019-09-12
0.0
None ??? ??? ??? ??? ??? ???
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts.
Total number of vulnerabilities : 994   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.