CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-1010318 2019-07-11 2019-07-11
0.0
None ??? ??? ??? ??? ??? ???
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: WavpackSetConfiguration64 (pack_utils.c:198). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4.
2 CVE-2019-1010312 DoS 2019-07-12 2019-07-12
0.0
None ??? ??? ??? ??? ??? ???
Tildeslash Monit Version 5.25.2 and earlier is affected by: Buffer Over-read. The impact is: Disclosure of memory contents in an HTTP response, and Denial of Service. The component is: In function Util_urlDecode() on lines 1553 -1563 in Monit/src/util.c, a crafted POST parameter can cause the buffer index to increment to a value greater than the length of the buffer. The attack vector is: An authenticated remote attacker can exploit the vulnerability by sending a HTTP POST request that contains a maliciously crafted body parameter. The fixed version is: Version 5.25.3 and later.
3 CVE-2019-1010311 XSS 2019-07-12 2019-07-12
0.0
None ??? ??? ??? ??? ??? ???
Tildeslash Monit Version 5.25.2 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Execute javascript in a victim s browser; disable all monitoring for a particular host or service. The component is: In function do_viewlog() on line 910 in Monit/src/http/cervlet.c, an attacker controlled log file is copied into an HTTP response without any HTML escaping. The attack vector is: An authenticated remote attacker can exploit the vulnerability over a network. The fixed version is: Version 5.25.3 and later.
4 CVE-2019-1010310 2019-07-12 2019-07-12
0.0
None ??? ??? ??? ??? ??? ???
GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools > Reminder > Description .. Set the description to any iframe/form tags and apply. The attack vector is: The attacker puts a login form, the user fills it and clicks on submit .. the request is sent to the attacker domain saving the data. The fixed version is: 9.4.1.
5 CVE-2019-1010309 Exec Code Dir. Trav. 2019-07-12 2019-07-12
0.0
None ??? ??? ??? ??? ??? ???
pacman prior to version 5.1.3 is affected by: Directory Traversal. The impact is: arbitrary file placement potentially leading to arbitrary root code execution. The component is: installing a remote package via a specified URL "pacman -U <url>". The problem was located in function curl_download_internal in lib/libalpm/dload.c line 535. The attack vector is: the victim must install a remote package via a specified URL from a malicious server (or a network MitM if downloading over HTTP). The fixed version is: 5.1.3 via commit 9702703633bec2c007730006de2aeec8587dfc84.
6 CVE-2019-1010308 2019-07-15 2019-07-15
0.0
None ??? ??? ??? ??? ??? ???
Aquaverde GmbH Aquarius CMS prior to version 4.1.1 is affected by: Incorrect Access Control. The impact is: The access to the log file is not restricted. It contains sensitive information like passwords etc. The component is: log file. The attack vector is: open the file.
7 CVE-2019-1010307 XSS 2019-07-15 2019-07-15
0.0
None ??? ??? ??? ??? ??? ???
GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vector is: 1- User Create a ticket , 2- Admin opens another ticket and click on the "Link Tickets" feature, 3- a request to the endpoint fetches js and executes it.
8 CVE-2019-1010306 Exec Code 2019-07-15 2019-07-15
0.0
None ??? ??? ??? ??? ??? ???
Slanger 0.6.0 is affected by: Remote Code Execution (RCE). The impact is: A remote attacker can execute arbitrary commands by sending a crafted request to the server. The component is: Message handler & request validator. The attack vector is: Remote unauthenticated. The fixed version is: after commit 5267b455caeb2e055cccf0d2b6a22727c111f5c3.
9 CVE-2019-1010305 Overflow 2019-07-15 2019-07-15
0.0
None ??? ??? ??? ??? ??? ???
libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d.
10 CVE-2019-1010304 2019-07-15 2019-07-15
0.0
None ??? ??? ??? ??? ??? ???
Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. This commit was released as part of 2.0.0 release is affected by: Incorrect Access Control. The impact is: Important. The component is: ProductVariant type in GraphQL API. The attack vector is: Unauthenticated user can access the GraphQL API (which is by default publicly exposed under `/graphql/` URL) and fetch products data which may include admin-restricted shop's revenue data. The fixed version is: 2.3.1.
11 CVE-2019-1010300 Overflow 2019-07-15 2019-07-15
0.0
None ??? ??? ??? ??? ??? ???
mz-automation libiec61850 1.3.2 1.3.1 1.3.0 is affected by: Buffer Overflow. The impact is: Software crash. The component is: server_example_complex_array. The attack vector is: Send a specific MMS protocol packet.
12 CVE-2019-1010299 2019-07-15 2019-07-15
0.0
None ??? ??? ??? ??? ??? ???
The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator over an empty VecDeque. The fixed version is: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d.
13 CVE-2019-1010292 Mem. Corr. 2019-07-16 2019-07-16
0.0
None ??? ??? ??? ??? ??? ???
Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0.
14 CVE-2019-1010290 2019-07-16 2019-07-16
0.0
None ??? ??? ??? ??? ??? ???
Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a "newurl" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any legitimate site using Babel to redirect user to a URL of his/her choosing.
15 CVE-2019-1010287 Exec Code XSS 2019-07-17 2019-07-17
0.0
None ??? ??? ??? ??? ??? ???
Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url.
16 CVE-2019-1010283 2019-07-17 2019-07-17
0.0
None ??? ??? ??? ??? ??? ???
Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later.
17 CVE-2019-1010275 2019-07-17 2019-07-17
0.0
None ??? ??? ??? ??? ??? ???
helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm (many files updated, see https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50). The attack vector is: A malicious client could connect to the server over the network. The fixed version is: 2.7.2.
18 CVE-2019-1010266 DoS 2019-07-17 2019-07-17
0.0
None ??? ??? ??? ??? ??? ???
lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.7.11.
19 CVE-2019-1010263 Bypass 2019-07-17 2019-07-17
0.0
None ??? ??? ??? ??? ??? ???
Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac(). The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is: after commit b98a59b42ded9f9e51b2560410106207c2152d6c.
20 CVE-2019-1010091 Exec Code 2019-07-17 2019-07-17
0.0
None ??? ??? ??? ??? ??? ???
tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab.
21 CVE-2019-1010084 2019-07-17 2019-07-17
0.0
None ??? ??? ??? ??? ??? ???
Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: Incorrect Access Control. The impact is: Potential for unathorised access to data. The component is: Incorrect calls to _ensure_auth() wrapper result in authentication-checking not being applied to al routes.
22 CVE-2019-1010083 DoS 2019-07-17 2019-07-17
0.0
None ??? ??? ??? ??? ??? ???
The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1.
23 CVE-2019-1010062 2019-07-16 2019-07-16
0.0
None ??? ??? ??? ??? ??? ???
PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed version is: after commit 09f0ab871bf633973cfd9fc4fe59d4a912397cf8.
24 CVE-2019-1010060 Exec Code Overflow 2019-07-16 2019-07-16
0.0
None ??? ??? ??? ??? ??? ???
NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. NOTE: this CVE refers to the issues not covered by CVE-2018-3846, CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849. One example is ftp_status in drvrnet.c mishandling a long string beginning with a '4' character.
25 CVE-2019-1010057 DoS Exec Code Overflow 2019-07-16 2019-07-16
0.0
None ??? ??? ??? ??? ??? ???
nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffile_inline.c:83, minilzo.c (redistributed). The attack vector is: nfdump must read and process a specially crafted file. The fixed version is: after commit 9f0fe9563366f62a71d34c92229da3432ec5cf0e.
26 CVE-2019-1010048 DoS Overflow 2019-07-16 2019-07-16
0.0
None ??? ??? ??? ??? ??? ???
UPX 3.95 is affected by: Integer Overflow. The impact is: attacker can cause a denial of service. The component is: src/p_lx_elf.cpp PackLinuxElf32::PackLinuxElf32help1() Line 262. The attack vector is: the victim must open a specially crafted ELF file.
27 CVE-2019-1010043 DoS Exec Code Overflow 2019-07-16 2019-07-16
0.0
None ??? ??? ??? ??? ??? ???
Quake3e < 5ed740d is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Argument string creation.
28 CVE-2019-1010042 2019-07-15 2019-07-15
0.0
None ??? ??? ??? ??? ??? ???
couchcms 2 is affected by: Web Site physical path leakage. The impact is: disclosure the full path. The component is: includes/mysql2i/mysql2i.func.php and addons/phpmailer/phpmailer.php. The attack vector is: network connectivity.
29 CVE-2019-1010038 DoS Exec Code Overflow 2019-07-15 2019-07-15
0.0
None ??? ??? ??? ??? ??? ???
OpenModelica OMCompiler is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: OPENMODELICAHOME parameter changeable via environment variable. The attack vector is: Changing an environment variable.
30 CVE-2019-1010034 Sql 2019-07-15 2019-07-15
0.0
None ??? ??? ??? ??? ??? ???
Deepwoods Software WebLibrarian 3.5.2 and earlier is affected by: SQL Injection. The impact is: Exposing the entire database. The component is: Function "AllBarCodes" (defined at database_code.php line 1018) is vulnerable to a boolean-based blind sql injection. This function call can be triggered by any user logged-in with at least Volunteer role or manage_circulation capabilities. PoC : /wordpress/wp-admin/admin.php?page=weblib-circulation-desk&orderby=title&order=DESC.
31 CVE-2019-1010025 Bypass 2019-07-15 2019-07-15
0.0
None ??? ??? ??? ??? ??? ???
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc.
32 CVE-2019-1010024 Bypass 2019-07-15 2019-07-15
0.0
None ??? ??? ??? ??? ??? ???
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.
33 CVE-2019-1010023 Exec Code 2019-07-15 2019-07-15
0.0
None ??? ??? ??? ??? ??? ???
GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.
34 CVE-2019-1010022 Overflow Bypass 2019-07-15 2019-07-15
0.0
None ??? ??? ??? ??? ??? ???
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.
35 CVE-2019-1010018 Exec Code XSS 2019-07-16 2019-07-16
0.0
None ??? ??? ??? ??? ??? ???
Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1.3.
36 CVE-2019-1010011 DoS Overflow 2019-07-14 2019-07-15
0.0
None ??? ??? ??? ??? ??? ???
moinejf abcm2ps 8.13.16 and after is affected by: CWE-121: Stack-based Buffer Overflow. The impact is: This vulnerability allows remote attackers to cause a denial of service via a crafted file. The component is: parse.c / function: get_key and music.c/ function: delayed_output.
37 CVE-2019-1010009 2019-07-14 2019-07-15
0.0
None ??? ??? ??? ??? ??? ???
DGLogik Inc DGLux Server All Versions is affected by: Insecure Permissions. The impact is: Remote Execution, Credential Leaks. The component is: IoT API. The attack vector is: Any Accessible Server.
38 CVE-2019-1010008 Exec Code XSS 2019-07-14 2019-07-15
0.0
None ??? ??? ??? ??? ??? ???
OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting (XSS). The impact is: Theoretically low, but might potentially enable persistent XSS (user could embed mal. code). The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting Page" fields in the "My Account" page. File: Lib/listjs/list.js, line 67. The attack vector is: unknown, victim must open profile page if persistent was possible.
39 CVE-2019-13637 Exec Code 2019-07-17 2019-07-17
0.0
None ??? ??? ??? ??? ??? ???
In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.
40 CVE-2019-13636 2019-07-17 2019-07-17
0.0
None ??? ??? ??? ??? ??? ???
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
41 CVE-2019-13631 2019-07-17 2019-07-17
0.0
None ??? ??? ??? ??? ??? ???
In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages.
42 CVE-2019-13626 Overflow 2019-07-17 2019-07-17
0.0
None ??? ??? ??? ??? ??? ???
SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.
43 CVE-2019-13625 2019-07-16 2019-07-17
0.0
None ??? ??? ??? ??? ??? ???
NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file.
44 CVE-2019-13624 2019-07-16 2019-07-17
0.0
None ??? ??? ??? ??? ??? ???
In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command.
45 CVE-2019-13623 Exec Code 2019-07-16 2019-07-17
0.0
None ??? ??? ??? ??? ??? ???
In NSA Ghidra through 9.0.4, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an intermediate analysis result is archived for sharing with other persons. To achieve arbitrary code execution, one approach is to overwrite some critical Ghidra modules, e.g., the decompile module.
46 CVE-2019-13619 2019-07-17 2019-07-17
0.0
None ??? ??? ??? ??? ??? ???
In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.
47 CVE-2019-13617 2019-07-16 2019-07-16
0.0
None ??? ??? ??? ??? ??? ???
njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call.
48 CVE-2019-13615 2019-07-16 2019-07-16
0.0
None ??? ??? ??? ??? ??? ???
VideoLAN VLC media player 3.0.7.1 has a heap-based buffer over-read in mkv::demux_sys_t::FreeUnused() in modules/demux/mkv/demux.cpp when called from mkv::Open in modules/demux/mkv/mkv.cpp.
49 CVE-2019-13614 DoS Exec Code Overflow 2019-07-17 2019-07-17
0.0
None ??? ??? ??? ??? ??? ???
CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in TP-Link Archer C1200 1.0.0 Build 20180502 rel.45702 and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server.
50 CVE-2019-13613 DoS Exec Code Overflow 2019-07-17 2019-07-17
0.0
None ??? ??? ??? ??? ??? ???
CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wireless Router Archer Router version 1.0.0 Build 20180502 rel.45702 (EU) and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server.
Total number of vulnerabilities : 1065   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.