CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2019-13516 CSRF 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect.
102 CVE-2019-13515 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information.
103 CVE-2019-13514 Exec Code 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger a use-after-free vulnerability, which may allow information disclosure, remote code execution, or crash of the application.
104 CVE-2019-13513 Exec Code 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds read vulnerabilities, which may allow information disclosure, remote code execution, or crash of the application.
105 CVE-2019-13512 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
Fuji Electric FRENIC Loader 3.5.0.0 and prior is vulnerable to an out-of-bounds read vulnerability, which may allow an attacker to read limited information from the device.
106 CVE-2019-13511 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation.
107 CVE-2019-13510 Exec Code 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code.
108 CVE-2019-13420 2019-08-13 2019-08-13
0.0
None ??? ??? ??? ??? ??? ???
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database.
109 CVE-2019-13419 2019-08-13 2019-08-13
0.0
None ??? ??? ??? ??? ??? ???
Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked.
110 CVE-2019-13418 2019-08-12 2019-08-13
0.0
None ??? ??? ??? ??? ??? ???
Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized.
111 CVE-2019-13417 2019-08-12 2019-08-13
0.0
None ??? ??? ??? ??? ??? ???
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.
112 CVE-2019-13416 2019-08-13 2019-08-13
0.0
None ??? ??? ??? ??? ??? ???
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s).
113 CVE-2019-13415 2019-08-13 2019-08-13
0.0
None ??? ??? ??? ??? ??? ???
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see.
114 CVE-2019-13377 +Info 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.
115 CVE-2019-13223 DoS 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.
116 CVE-2019-13222 DoS 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.
117 CVE-2019-13221 DoS Exec Code Overflow 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.
118 CVE-2019-13220 DoS 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.
119 CVE-2019-13219 DoS 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.
120 CVE-2019-13218 DoS 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.
121 CVE-2019-13217 DoS Exec Code Overflow 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.
122 CVE-2019-13176 2019-08-08 2019-08-08
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP, and outbound DNS).
123 CVE-2019-13069 2019-08-17 2019-08-17
0.0
None ??? ??? ??? ??? ??? ???
extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service.
124 CVE-2019-13030 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a missing check in rc.d/97NeoServer.
125 CVE-2019-12983 DoS +Info 2019-06-26 2019-06-26
0.0
None ??? ??? ??? ??? ??? ???
In the Linux kernel before 5.0.15, the function do_hidp_sock_ioctl in net/bluetooth/hidp/sock.c does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service, which is similar to CVE-2011-1079. The user would use an HIDPCONNADD command.
126 CVE-2019-12854 DoS 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.
127 CVE-2019-12809 Exec Code 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that could allow remote attackers to download and execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for code execution.
128 CVE-2019-12808 Exec Code 2019-08-13 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulnerability and execute arbitrary code with system privileges.
129 CVE-2019-12807 Exec Code Overflow 2019-08-13 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code.
130 CVE-2019-12806 Exec Code Overflow 2019-08-13 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote attacker to execute arbitrary code via crafted https packets.
131 CVE-2019-12805 Exec Code 2019-08-09 2019-08-09
0.0
None ??? ??? ??? ??? ??? ???
NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This can be leveraged for code execution in the context of the current user.
132 CVE-2019-12792 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root.
133 CVE-2019-12791 Dir. Trav. 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form.
134 CVE-2019-12479 2019-08-13 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specified basepath. If the application using this library does not sanitize user-supplied filenames, then this issue may be exploited to read or write arbitrary files. This affects LocalStorageProvider.cs.
135 CVE-2019-12396 2019-05-28 2019-05-28
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Revive Adserver before 4.2.1. In lib/OA/Dal/PasswordRecovery.php, the function generateRecoveryId() uses an insecure way to generate a password reset token. The token relies on the PHP uniqid function and consequently depends only on the current server time, which is often visible in an HTTP Date header.
136 CVE-2019-12265 +Info 2019-08-09 2019-08-11
0.0
None ??? ??? ??? ??? ??? ???
Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report.
137 CVE-2019-12263 Overflow 2019-08-09 2019-08-11
0.0
None ??? ??? ??? ??? ??? ???
Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.
138 CVE-2019-12262 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw).
139 CVE-2019-12261 Overflow 2019-08-09 2019-08-11
0.0
None ??? ??? ??? ??? ??? ???
Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.
140 CVE-2019-12260 Overflow 2019-08-09 2019-08-11
0.0
None ??? ??? ??? ??? ??? ???
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.
141 CVE-2019-12259 2019-08-09 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.
142 CVE-2019-12258 2019-08-09 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.
143 CVE-2019-12256 Overflow 2019-08-09 2019-08-16
0.0
None ??? ??? ??? ??? ??? ???
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets? IP options.
144 CVE-2019-12255 Overflow 2019-08-09 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow.
145 CVE-2019-12165 Exec Code 2019-05-29 2019-05-29
0.0
None ??? ??? ??? ??? ??? ???
MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7) have a Command Execution Vulnerability. Successful exploit of this vulnerability could allow an attacker to execute arbitrary system commands.
146 CVE-2019-12104 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities.
147 CVE-2019-12103 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by a pre-authentication command injection vulnerability.
148 CVE-2019-11652 Bypass 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate.
149 CVE-2019-11581 Exec Code 2019-08-09 2019-08-11
0.0
None ??? ??? ??? ??? ??? ???
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
150 CVE-2019-11208 2019-08-08 2019-08-08
0.0
None ??? ??? ??? ??? ??? ???
The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.'s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions.
Total number of vulnerabilities : 1161   Page : 1 2 3 (This Page)4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.