| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
2801 |
CVE-2019-11444 |
78 |
|
Exec Code |
2019-04-22 |
2019-05-09 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
** DISPUTED ** An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a [command].execute() call, as demonstrated by "def cmd =" in the ServerAdminPortlet_script value to group/control_panel/manage. Valid credentials for an application administrator user account are required. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to run groovy scripts and therefore not a design flaw. |
|
2802 |
CVE-2019-11428 |
79 |
|
XSS |
2019-04-22 |
2019-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
I, Librarian 4.10 has XSS via the export.php export_files parameter. |
|
2803 |
CVE-2019-11427 |
79 |
|
XSS |
2019-04-22 |
2019-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter. |
|
2804 |
CVE-2019-11426 |
79 |
|
XSS |
2019-04-22 |
2019-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter. |
|
2805 |
CVE-2019-11419 |
20 |
|
DoS |
2019-05-14 |
2019-05-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service (application crash) by replacing an emoji file (under the /sdcard/tencent/MicroMsg directory) with a crafted .wxgf file. The content of the replacement must be derived from the phone's IMEI. The crash occurs upon receiving a message that contains the replaced emoji. |
|
2806 |
CVE-2019-11418 |
119 |
|
Overflow |
2019-04-22 |
2019-04-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the SOAPACTION:HNAP1 interface. |
|
2807 |
CVE-2019-11417 |
119 |
|
Overflow |
2019-04-22 |
2019-04-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-length check before a strcpy operation in the respondAsp function. Attackers can exploit the vulnerability by using the languse parameter with a long string. This affects 1.2.2 build 28, 64, 65, and 68. |
|
2808 |
CVE-2019-11416 |
352 |
|
CSRF |
2019-04-22 |
2019-05-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user. |
|
2809 |
CVE-2019-11415 |
20 |
|
DoS |
2019-04-22 |
2019-05-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login. |
|
2810 |
CVE-2019-11414 |
640 |
|
|
2019-04-22 |
2019-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router. |
|
2811 |
CVE-2019-11413 |
400 |
|
|
2019-04-22 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match function in regexp.c lacks a depth check. |
|
2812 |
CVE-2019-11412 |
119 |
|
DoS Overflow |
2019-04-22 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call. |
|
2813 |
CVE-2019-11411 |
119 |
|
Overflow |
2019-04-22 |
2019-05-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow. |
|
2814 |
CVE-2019-11410 |
77 |
|
Exec Code |
2019-06-17 |
2019-06-18 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host. |
|
2815 |
CVE-2019-11409 |
79 |
|
Exec Code XSS |
2019-06-17 |
2019-06-18 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module. |
|
2816 |
CVE-2019-11408 |
79 |
|
Exec Code XSS |
2019-06-17 |
2019-06-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code execution by chaining this vulnerability with a command injection vulnerability also present in FusionPBX. |
|
2817 |
CVE-2019-11407 |
200 |
|
+Info |
2019-06-17 |
2019-06-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information. |
|
2818 |
CVE-2019-11406 |
79 |
|
XSS |
2019-05-08 |
2019-05-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter. |
|
2819 |
CVE-2019-11405 |
254 |
|
|
2019-04-22 |
2019-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies. |
|
2820 |
CVE-2019-11404 |
254 |
|
|
2019-04-22 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack. |
|
2821 |
CVE-2019-11403 |
255 |
|
|
2019-04-22 |
2019-04-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page. |
|
2822 |
CVE-2019-11402 |
255 |
|
|
2019-04-22 |
2019-04-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format. |
|
2823 |
CVE-2019-11401 |
434 |
|
Exec Code |
2019-04-22 |
2019-04-24 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted. |
|
2824 |
CVE-2019-11398 |
79 |
|
XSS |
2019-05-08 |
2019-06-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter to /admin/index.php?register=register, or the error parameter to admin/index.php?action=favicon. |
|
2825 |
CVE-2019-11397 |
22 |
|
Dir. Trav. File Inclusion |
2019-05-14 |
2019-05-16 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 (when used with .NET Framework 4.5) allows Local File Inclusion via the FileDesc parameter. |
|
2826 |
CVE-2019-11396 |
264 |
|
|
2019-08-29 |
2019-09-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Avira Free Security Suite 10. The permissive access rights on the SoftwareUpdater folder (files / folders and configuration) are incompatible with the privileged file manipulation performed by the product. Files can be created that can be used by an unprivileged user to obtain SYSTEM privileges. Arbitrary file creation can be achieved by abusing the SwuConfig.json file creation: an unprivileged user can replace these files by pseudo-symbolic links to arbitrary files. When an update occurs, a privileged service creates a file and sets its access rights, offering write access to the Everyone group in any directory. |
|
2827 |
CVE-2019-11395 |
119 |
|
Exec Code Overflow |
2019-04-22 |
2019-04-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long string, as demonstrated by SMTP RCPT TO, POP3 USER, POP3 LIST, POP3 TOP, or POP3 RETR. |
|
2828 |
CVE-2019-11393 |
640 |
|
|
2019-04-22 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter. |
|
2829 |
CVE-2019-11392 |
611 |
|
|
2019-06-21 |
2019-06-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd. |
|
2830 |
CVE-2019-11391 |
185 |
|
DoS |
2019-04-20 |
2019-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with $a# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity. |
|
2831 |
CVE-2019-11390 |
185 |
|
DoS |
2019-04-20 |
2019-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with set_error_handler# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity. |
|
2832 |
CVE-2019-11389 |
185 |
|
DoS |
2019-04-20 |
2019-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with next# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity. |
|
2833 |
CVE-2019-11388 |
185 |
|
DoS |
2019-04-20 |
2019-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity. |
|
2834 |
CVE-2019-11387 |
185 |
|
DoS |
2019-04-20 |
2019-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. |
|
2835 |
CVE-2019-11384 |
255 |
|
|
2019-04-22 |
2019-04-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Zalora application 6.15.1 for Android stores confidential information insecurely on the system (i.e. plain text), which allows a non-root user to find out the username/password of a valid user via /data/data/com.zalora.android/shared_prefs/login_data.xml. |
|
2836 |
CVE-2019-11383 |
255 |
|
|
2019-04-22 |
2019-04-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the Medha WiFi FTP Server application 1.8.3 for Android. An attacker can read the username/password of a valid user via /data/data/com.medhaapps.wififtpserver/shared_prefs/com.medhaapps.wififtpserver_preferences.xml |
|
2837 |
CVE-2019-11380 |
284 |
|
Bypass |
2019-09-05 |
2019-09-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The master-password feature in the ES File Explorer File Manager application 4.2.0.1.3 for Android can be bypassed via a com.estrongs.android.pop.ftp.ESFtpShortcut intent, leading to remote FTP access to the entirety of local storage. |
|
2838 |
CVE-2019-11378 |
434 |
|
Dir. Trav. |
2019-04-20 |
2019-05-10 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code. |
|
2839 |
CVE-2019-11377 |
434 |
|
|
2019-04-20 |
2019-04-22 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function. |
|
2840 |
CVE-2019-11376 |
94 |
|
Exec Code |
2019-04-20 |
2019-04-22 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
** DISPUTED ** SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box. NOTE: the vendor indicates that there was an assumption that the content is "made editable on its own." |
|
2841 |
CVE-2019-11375 |
352 |
|
CSRF |
2019-04-20 |
2019-04-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI. |
|
2842 |
CVE-2019-11374 |
352 |
|
CSRF |
2019-04-20 |
2019-04-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI. |
|
2843 |
CVE-2019-11373 |
125 |
|
|
2019-04-20 |
2019-05-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. |
|
2844 |
CVE-2019-11372 |
125 |
|
|
2019-04-20 |
2019-05-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. |
|
2845 |
CVE-2019-11371 |
119 |
|
Overflow |
2019-04-20 |
2019-04-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow via a long prefix that is mishandled in bns_fasta2bntseq and bns_dump at btnseq.c. |
|
2846 |
CVE-2019-11369 |
255 |
|
|
2019-06-03 |
2019-06-04 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device. |
|
2847 |
CVE-2019-11367 |
287 |
|
|
2019-06-03 |
2019-06-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully. |
|
2848 |
CVE-2019-11366 |
476 |
|
DoS |
2019-04-20 |
2019-05-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next. |
|
2849 |
CVE-2019-11365 |
119 |
|
Overflow |
2019-04-20 |
2019-05-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c. |
|
2850 |
CVE-2019-11364 |
78 |
|
|
2019-08-29 |
2019-09-03 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNAS_share parameter. |
