| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-1003004 |
|
|
|
2019-01-22 |
2021-11-02 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time. |
|
2 |
CVE-2019-1003003 |
|
|
|
2019-01-22 |
2021-11-02 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g. to persist access to temporarily compromised user accounts. |
|
3 |
CVE-2019-1003002 |
|
|
Exec Code Bypass |
2019-01-22 |
2020-09-29 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. |
|
4 |
CVE-2019-1003001 |
|
|
Exec Code Bypass |
2019-01-22 |
2020-09-29 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. |
|
5 |
CVE-2019-1003000 |
|
|
Exec Code Bypass |
2019-01-22 |
2020-09-29 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM. |
|
6 |
CVE-2019-7297 |
78 |
|
Exec Code |
2019-01-31 |
2023-04-26 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input. |
|
7 |
CVE-2019-7296 |
79 |
|
Exec Code XSS |
2019-01-31 |
2019-02-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula. |
|
8 |
CVE-2019-7295 |
79 |
|
Exec Code XSS |
2019-01-31 |
2019-02-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
typora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula. |
|
9 |
CVE-2019-7283 |
|
|
|
2019-01-31 |
2021-11-23 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111. |
|
10 |
CVE-2019-7282 |
|
|
Bypass |
2019-01-31 |
2022-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. |
|
11 |
CVE-2019-7250 |
79 |
|
XSS |
2019-01-31 |
2019-02-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code (via SCRIPT elements, event handlers, etc.). Since this code is stored by the plugin, the attacker may be able to target anyone who opens the configuration panel of the plugin. |
|
12 |
CVE-2019-7249 |
367 |
|
|
2019-01-31 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper with another's installs. |
|
13 |
CVE-2019-7237 |
22 |
|
Dir. Trav. |
2019-01-30 |
2019-01-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal. |
|
14 |
CVE-2019-7236 |
22 |
|
Dir. Trav. |
2019-01-30 |
2019-01-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal. |
|
15 |
CVE-2019-7235 |
22 |
|
Dir. Trav. |
2019-01-30 |
2019-02-01 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request. |
|
16 |
CVE-2019-7234 |
22 |
|
Dir. Trav. |
2019-01-30 |
2019-02-05 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloaded via an admincp.php?app=apps&do=pack request. |
|
17 |
CVE-2019-7233 |
476 |
|
|
2019-01-30 |
2019-02-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer dereference. |
|
18 |
CVE-2019-7216 |
|
|
Bypass |
2019-01-31 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi has a filter bypass that allows a malicious user to upload any type of file by using % characters within the extension, e.g., file.%ph%p becomes file.php. |
|
19 |
CVE-2019-7173 |
79 |
|
Exec Code XSS |
2019-01-29 |
2019-01-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4. |
|
20 |
CVE-2019-7172 |
79 |
|
Exec Code XSS |
2019-01-29 |
2019-01-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php. |
|
21 |
CVE-2019-7171 |
79 |
|
Exec Code XSS |
2019-01-29 |
2019-01-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8. |
|
22 |
CVE-2019-7170 |
79 |
|
Exec Code XSS |
2019-01-29 |
2019-01-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies. |
|
23 |
CVE-2019-7169 |
79 |
|
Exec Code XSS |
2019-01-29 |
2019-01-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3. |
|
24 |
CVE-2019-7168 |
79 |
|
Exec Code XSS |
2019-01-29 |
2019-01-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog. |
|
25 |
CVE-2019-7160 |
22 |
|
Exec Code Dir. Trav. |
2019-01-29 |
2019-02-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php. |
|
26 |
CVE-2019-7156 |
369 |
|
|
2019-01-29 |
2019-02-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows division by zero. |
|
27 |
CVE-2019-7154 |
787 |
|
Overflow |
2019-01-29 |
2020-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap-based buffer overflow because Emscripten is misused, triggering an error in cashew::JSPrinter::printAst() in emscripten-optimizer/simple_ast.h. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js. |
|
28 |
CVE-2019-7153 |
476 |
|
|
2019-01-29 |
2020-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt. |
|
29 |
CVE-2019-7152 |
125 |
|
|
2019-01-29 |
2020-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt. |
|
30 |
CVE-2019-7151 |
476 |
|
|
2019-01-29 |
2020-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference was discovered in wasm::Module::getFunctionOrNull in wasm/wasm.cpp in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt. |
|
31 |
CVE-2019-7150 |
125 |
|
|
2019-01-29 |
2021-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack. |
|
32 |
CVE-2019-7149 |
125 |
|
|
2019-01-29 |
2019-06-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm. |
|
33 |
CVE-2019-7148 |
770 |
|
|
2019-01-29 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a "warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens." |
|
34 |
CVE-2019-7147 |
125 |
|
|
2019-01-29 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service. |
|
35 |
CVE-2019-7146 |
125 |
|
|
2019-01-29 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf. |
|
36 |
CVE-2019-6992 |
79 |
|
Exec Code XSS |
2019-01-28 |
2019-01-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI. |
|
37 |
CVE-2019-6991 |
787 |
|
Exec Code Overflow |
2019-01-28 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username. |
|
38 |
CVE-2019-6990 |
79 |
|
Exec Code XSS |
2019-01-28 |
2019-01-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI. |
|
39 |
CVE-2019-6988 |
770 |
|
DoS |
2019-01-28 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress. |
|
40 |
CVE-2019-6986 |
77 |
|
DoS |
2019-01-28 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request. |
|
41 |
CVE-2019-6985 |
125 |
|
Overflow |
2019-01-28 |
2019-01-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Read in Indexing or a Heap Overflow and crash during handling of certain PDF files that embed specifically crafted 3D content, due to an array access violation. |
|
42 |
CVE-2019-6984 |
416 |
|
|
2019-01-28 |
2021-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter a Use-After-Free or Type Confusion and crash during handling of certain PDF files that embed specifically crafted 3D content, due to the use of a wild pointer. |
|
43 |
CVE-2019-6983 |
190 |
|
Overflow |
2019-01-28 |
2019-01-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Integer Overflow and crash during the handling of certain PDF files that embed specifically crafted 3D content, because of a free of valid memory. |
|
44 |
CVE-2019-6982 |
787 |
|
|
2019-01-28 |
2019-01-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Write and crash during the handling of certain PDF files that embed specifically crafted 3D content, because of the improper handling of a logic exception in the IFXASSERT function. |
|
45 |
CVE-2019-6979 |
79 |
|
XSS |
2019-01-28 |
2019-01-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in the User IP History Logs (aka IP_History_Logs) plugin 1.0.2 for MyBB. There is XSS via the admin/modules/tools/ip_history_logs.php useragent field. |
|
46 |
CVE-2019-6978 |
415 |
|
|
2019-01-28 |
2019-04-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. |
|
47 |
CVE-2019-6977 |
787 |
|
Overflow |
2019-01-27 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data. |
|
48 |
CVE-2019-6976 |
908 |
|
|
2019-01-26 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can result in leaking raw process memory contents through the output image. |
|
49 |
CVE-2019-6966 |
770 |
|
|
2019-01-25 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h, as demonstrated by mp42hls. |
|
50 |
CVE-2019-6956 |
125 |
|
|
2019-01-25 |
2022-04-22 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c. |
