| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-1010258 |
119 |
|
Overflow Mem. Corr. |
2019-05-15 |
2021-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is: it's part of a svg processing library. function nsvg__parseColorRGB in src/nanosvg.h / line 1227. The attack vector is: It depends library usage. If input is passed from the network, then network connectivity is enough. Most likely an attack will require opening a specially crafted .svg file. |
|
2 |
CVE-2019-12507 |
79 |
|
XSS |
2019-05-31 |
2019-05-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An XSS vulnerability exists in PHPRelativePath (aka Relative Path) through 1.0.2 via the RelativePath.Example1.php path parameter. |
|
3 |
CVE-2019-12502 |
352 |
|
CSRF |
2019-05-31 |
2019-05-31 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI. |
|
4 |
CVE-2019-12500 |
306 |
|
|
2019-05-31 |
2020-08-24 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
|
The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "suddenly accelerate" commands. This occurs because Bluetooth Low Energy commands have no server-side authentication check. Other affected commands include suddenly braking, locking, and unlocking. |
|
5 |
CVE-2019-12499 |
|
|
|
2019-05-31 |
2020-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. To succeed, certain conditions need to be fulfilled: The jail (with the exploit code inside) needs to be started as root, and it also needs to be terminated as root from the host (either by stopping it ungracefully (e.g., SIGKILL), or by using the --shutdown control command). This is similar to CVE-2019-5736. |
|
6 |
CVE-2019-12496 |
295 |
|
|
2019-05-31 |
2019-05-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in Hybrid Group Gobot before 1.13.0. The mqtt subsystem skips verification of root CA certificates by default. |
|
7 |
CVE-2019-12495 |
787 |
|
|
2019-05-31 |
2019-06-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to a one-byte out-of-bounds write in the gsym_addr function in x86_64-gen.c. This occurs because tccasm.c mishandles section switches. |
|
8 |
CVE-2019-12493 |
125 |
|
DoS |
2019-05-31 |
2019-09-30 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data. |
|
9 |
CVE-2019-12483 |
787 |
|
Overflow |
2019-05-30 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a, as demonstrated by MP4Box. |
|
10 |
CVE-2019-12482 |
476 |
|
|
2019-05-30 |
2019-06-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gf_isom_get_original_format_type at isomedia/drm_sample.c in libgpac.a, as demonstrated by MP4Box. |
|
11 |
CVE-2019-12481 |
476 |
|
|
2019-05-30 |
2019-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function GetESD at isomedia/track.c in libgpac.a, as demonstrated by MP4Box. |
|
12 |
CVE-2019-12480 |
125 |
|
DoS |
2019-05-30 |
2019-07-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
BACnet Protocol Stack through 0.8.6 has a segmentation fault leading to denial of service in BACnet APDU Layer because a malformed DCC in AtomicWriteFile, AtomicReadFile and DeviceCommunicationControl services. An unauthenticated remote attacker could cause a denial of service (bacserv daemon crash) because there is an invalid read in bacdcode.c during parsing of alarm tag numbers. |
|
13 |
CVE-2019-12461 |
79 |
|
XSS |
2019-05-30 |
2020-06-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Web Port 1.19.1 allows XSS via the /log type parameter. |
|
14 |
CVE-2019-12460 |
79 |
|
XSS |
2019-05-30 |
2020-06-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Web Port 1.19.1 allows XSS via the /access/setup type parameter. |
|
15 |
CVE-2019-12459 |
22 |
|
Dir. Trav. |
2019-05-30 |
2021-03-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. This issue has been fixed in FileRun 2019.06.01. |
|
16 |
CVE-2019-12458 |
22 |
|
Dir. Trav. |
2019-05-30 |
2021-03-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has been fixed in FileRun 2019.06.01. |
|
17 |
CVE-2019-12457 |
22 |
|
Dir. Trav. |
2019-05-30 |
2021-03-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
FileRun 2019.05.21 allows images/extjs Directory Listing. This issue has been fixed in FileRun 2019.06.01. |
|
18 |
CVE-2019-12456 |
|
|
DoS |
2019-05-30 |
2020-08-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used. |
|
19 |
CVE-2019-12455 |
476 |
|
DoS |
2019-05-30 |
2020-02-10 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This id is disputed as not being an issue because “The memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started. Therefore, there is no possibility for an unprivileged user to control it, and no denial of service.”. |
|
20 |
CVE-2019-12454 |
|
|
|
2019-05-30 |
2020-08-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** An issue was discovered in wcd9335_codec_enable_dec in sound/soc/codecs/wcd9335.c in the Linux kernel through 5.1.5. It uses kstrndup instead of kmemdup_nul, which allows attackers to have an unspecified impact via unknown vectors. NOTE: The vendor disputes this issues as not being a vulnerability because switching to kmemdup_nul() would only fix a security issue if the source string wasn't NUL-terminated, which is not the case. |
|
21 |
CVE-2019-12452 |
522 |
|
|
2019-05-29 |
2021-07-28 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control (which is contrary to the API documentation), allows remote authenticated users to discover password hashes by reading the Basic HTTP Authentication or Digest HTTP Authentication section, or discover a key by reading the ClientTLS section. These can be found in the JSON response to a /api request. |
|
22 |
CVE-2019-12450 |
362 |
|
|
2019-05-29 |
2023-03-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. |
|
23 |
CVE-2019-12449 |
755 |
|
|
2019-05-29 |
2020-08-24 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable. |
|
24 |
CVE-2019-12448 |
362 |
|
|
2019-05-29 |
2019-07-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write. |
|
25 |
CVE-2019-12447 |
|
|
|
2019-05-29 |
2020-08-24 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
|
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. |
|
26 |
CVE-2019-12440 |
287 |
|
|
2019-05-29 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service. |
|
27 |
CVE-2019-12439 |
20 |
|
Exec Code |
2019-05-29 |
2020-06-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations (related to XDG_RUNTIME_DIR), a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code. |
|
28 |
CVE-2019-12396 |
|
|
|
2019-05-28 |
2019-05-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in Revive Adserver before 4.2.1. In lib/OA/Dal/PasswordRecovery.php, the function generateRecoveryId() uses an insecure way to generate a password reset token. The token relies on the PHP uniqid function and consequently depends only on the current server time, which is often visible in an HTTP Date header. |
|
29 |
CVE-2019-12395 |
287 |
|
|
2019-05-28 |
2021-11-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Webbukkit Dynmap 3.0-beta-3 or below, due to a missing login check in servlet/MapStorageHandler.java, an attacker can see a map image without login even if victim enables login-required in setting. |
|
30 |
CVE-2019-12383 |
203 |
|
|
2019-05-28 |
2023-03-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting. |
|
31 |
CVE-2019-12382 |
476 |
|
DoS |
2019-05-28 |
2019-06-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference. |
|
32 |
CVE-2019-12381 |
476 |
|
DoS |
2019-05-28 |
2019-06-20 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL. |
|
33 |
CVE-2019-12380 |
388 |
|
|
2019-05-28 |
2020-08-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”. |
|
34 |
CVE-2019-12379 |
401 |
|
|
2019-05-28 |
2020-08-24 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
** DISPUTED ** An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue. |
|
35 |
CVE-2019-12378 |
476 |
|
DoS |
2019-05-28 |
2019-06-10 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue. |
|
36 |
CVE-2019-12372 |
89 |
|
Sql |
2019-05-28 |
2019-05-29 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via the User ID parameter to the login form. |
|
37 |
CVE-2019-12362 |
79 |
|
XSS |
2019-05-27 |
2019-05-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php. |
|
38 |
CVE-2019-12361 |
352 |
|
XSS CSRF |
2019-05-27 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page. |
|
39 |
CVE-2019-12360 |
125 |
|
DoS |
2019-05-27 |
2020-07-05 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content. |
|
40 |
CVE-2019-12347 |
79 |
|
XSS |
2019-05-29 |
2019-05-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action. The vulnerability occurs due to input validation errors. |
|
41 |
CVE-2019-12345 |
79 |
|
XSS |
2019-05-27 |
2019-08-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress. |
|
42 |
CVE-2019-12315 |
79 |
|
XSS |
2019-05-24 |
2019-05-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Samsung SCX-824 printers allow a reflected Cross-Site-Scripting (XSS) vulnerability that can be triggered by using the "print from file" feature, as demonstrated by the sws/swsAlert.sws?popupid=successMsg msg parameter. |
|
43 |
CVE-2019-12314 |
22 |
|
Dir. Trav. File Inclusion |
2019-05-24 |
2019-11-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI. |
|
44 |
CVE-2019-12313 |
79 |
|
XSS |
2019-05-24 |
2019-05-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HTML element. |
|
45 |
CVE-2019-12312 |
476 |
|
|
2019-05-24 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan. |
|
46 |
CVE-2019-12309 |
22 |
|
Dir. Trav. |
2019-05-23 |
2019-05-24 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive. |
|
47 |
CVE-2019-12301 |
|
|
|
2019-05-23 |
2020-08-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2. |
|
48 |
CVE-2019-12300 |
287 |
|
|
2019-05-23 |
2019-06-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim. |
|
49 |
CVE-2019-12298 |
787 |
|
|
2019-05-23 |
2019-05-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Leanify 0.4.3 allows remote attackers to trigger an out-of-bounds write (1024 bytes) via a modified input file. |
|
50 |
CVE-2019-12297 |
134 |
|
|
2019-05-23 |
2019-05-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an Externally Controlled Format String, reachable via TCP port 8010 or UDP port 8080. |
