CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-1010258 119 Overflow Mem. Corr. 2019-05-15 2019-05-16
4.3
None Remote Medium Not required None None Partial
nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is: it's part of a svg processing library. function nsvg__parseColorRGB in src/nanosvg.h / line 1227. The attack vector is: It depends library usage. If input is passed from the network, then network connectivity is enough. Most likely an attack will require opening a specially crafted .svg file.
2 CVE-2019-12309 2019-05-23 2019-05-23
0.0
None ??? ??? ??? ??? ??? ???
dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive.
3 CVE-2019-12301 2019-05-23 2019-05-23
0.0
None ??? ??? ??? ??? ??? ???
The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2.
4 CVE-2019-12300 2019-05-23 2019-05-23
0.0
None ??? ??? ??? ??? ??? ???
Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim.
5 CVE-2019-12298 787 2019-05-23 2019-05-23
4.3
None Remote Medium Not required None None Partial
Leanify 0.4.3 allows remote attackers to trigger an out-of-bounds write (1024 bytes) via a modified input file.
6 CVE-2019-12297 2019-05-23 2019-05-23
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an Externally Controlled Format String, reachable via TCP port 8010 or UDP port 8080.
7 CVE-2019-12295 94 2019-05-23 2019-05-23
5.0
None Remote Low Not required None None Partial
In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.
8 CVE-2019-12293 125 2019-05-23 2019-05-23
6.8
None Remote Medium Not required Partial Partial Partial
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.
9 CVE-2019-12289 Exec Code 2019-05-23 2019-05-23
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files within the internal firmware or even steal account information by executing a command.
10 CVE-2019-12288 2019-05-23 2019-05-23
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V (C38S) KR203.18.1.20 devices. The web service, network, and account files can be manipulated through a web UI firmware update without any authentication. The attacker can achieve access to the device through a manipulated web UI firmware update.
11 CVE-2019-12279 89 Sql 2019-05-22 2019-05-23
7.5
None Remote Low Not required Partial Partial Partial
Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form).
12 CVE-2019-12277 20 2019-05-22 2019-05-23
7.5
None Remote Low Not required Partial Partial Partial
Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for .. in a pathname.
13 CVE-2019-12272 2019-05-23 2019-05-23
0.0
None ??? ??? ??? ??? ??? ???
In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.
14 CVE-2019-12270 275 2019-05-21 2019-05-22
6.8
None Remote Medium Not required Partial Partial Partial
OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. The share is used to retrieve documents for processing, and to store processed documents for display in the browser. The only required share level access is read/write by the JobProcessor service account. At the local filesystem level, the only additional required permissions would be read/write from the servlet engine, such as Tomcat. (The affected server components are not installed with Content Server by default, and must be installed separately.) NOTE: the vendor's position is that customers are not supposed to use this default setting without consulting the documentation.
15 CVE-2019-12269 347 2019-05-21 2019-05-22
5.0
None Remote Low Not required None Partial None
Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text.
16 CVE-2019-12253 352 CSRF 2019-05-21 2019-05-21
5.8
None Remote Medium Not required None Partial Partial
my little forum before 2.4.20 allows CSRF to delete posts, as demonstrated by mode=posting&delete_posting.
17 CVE-2019-12252 264 2019-05-21 2019-05-23
4.0
None Remote Low Single system Partial None None
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&notifyTo=SOLFORWARD&id= substring.
18 CVE-2019-12251 89 Sql 2019-05-21 2019-05-21
6.5
None Remote Low Single system Partial Partial Partial
sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter.
19 CVE-2019-12250 79 XSS 2019-05-21 2019-05-21
4.3
None Remote Medium Not required None Partial None
IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log.
20 CVE-2019-12247 190 Overflow 2019-05-22 2019-05-23
5.0
None Remote Low Not required None None Partial
QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables.
21 CVE-2019-12241 502 2019-05-20 2019-05-22
7.5
None Remote Low Not required Partial Partial Partial
The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source cookie to classes/wc-cartsguru-event-handler.php.
22 CVE-2019-12240 502 2019-05-20 2019-05-21
7.5
None Remote Low Not required Partial Partial Partial
The Virim plugin 0.4 for WordPress allows Insecure Deserialization via s_values, t_values, or c_values in graph.php.
23 CVE-2019-12239 89 Sql CSRF 2019-05-20 2019-05-21
6.5
None Remote Low Single system Partial Partial Partial
The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access.
24 CVE-2019-12222 125 2019-05-20 2019-05-21
4.3
None Remote Medium Not required None None Partial
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c.
25 CVE-2019-12221 119 Overflow 2019-05-20 2019-05-21
4.3
None Remote Medium Not required None None Partial
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.
26 CVE-2019-12220 125 2019-05-20 2019-05-21
4.3
None Remote Medium Not required None None Partial
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c.
27 CVE-2019-12219 415 2019-05-20 2019-05-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c.
28 CVE-2019-12218 476 2019-05-20 2019-05-21
4.3
None Remote Medium Not required None None Partial
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.
29 CVE-2019-12217 476 2019-05-20 2019-05-21
4.3
None Remote Medium Not required None None Partial
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c.
30 CVE-2019-12216 119 Overflow 2019-05-20 2019-05-21
4.3
None Remote Medium Not required None None Partial
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.
31 CVE-2019-12215 200 +Info 2019-05-20 2019-05-21
4.0
None Remote Low Single system Partial None None
** DISPUTED ** A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating "avoid reporting path disclosures, as we don't consider them as security vulnerabilities."
32 CVE-2019-12214 125 2019-05-20 2019-05-21
5.0
None Remote Low Not required None None Partial
In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.
33 CVE-2019-12213 400 2019-05-20 2019-05-20
4.3
None Remote Medium Not required None None Partial
When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
34 CVE-2019-12212 400 DoS 2019-05-20 2019-05-21
5.0
None Remote Low Not required None None Partial
When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
35 CVE-2019-12211 119 Overflow 2019-05-20 2019-05-20
5.0
None Remote Low Not required None None Partial
When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.
36 CVE-2019-12208 119 Overflow 2019-05-20 2019-05-20
7.5
None Remote Low Not required Partial Partial Partial
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.
37 CVE-2019-12207 119 Overflow 2019-05-20 2019-05-20
7.5
None Remote Low Not required Partial Partial Partial
njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.
38 CVE-2019-12206 119 Overflow 2019-05-20 2019-05-20
7.5
None Remote Low Not required Partial Partial Partial
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.
39 CVE-2019-12198 125 2019-05-20 2019-05-21
5.0
None Remote Low Not required None None Partial
In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header.
40 CVE-2019-12190 79 XSS 2019-05-21 2019-05-21
3.5
None Remote Medium Single system None Partial None
XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter.
41 CVE-2019-12189 79 XSS 2019-05-21 2019-05-23
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
42 CVE-2019-12185 77 Exec Code 2019-05-19 2019-05-20
9.0
None Remote Low Single system Complete Complete Complete
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
43 CVE-2019-12184 79 XSS 2019-05-19 2019-05-20
3.5
None Remote Medium Single system None Partial None
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.
44 CVE-2019-12173 20 Exec Code 2019-05-17 2019-05-20
6.8
None Remote Medium Not required Partial Partial Partial
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
45 CVE-2019-12172 20 Exec Code 2019-05-17 2019-05-21
6.8
None Remote Medium Not required Partial Partial Partial
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
46 CVE-2019-12170 434 Exec Code 2019-05-17 2019-05-21
9.0
None Remote Low Single system Complete Complete Complete
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
47 CVE-2019-12168 77 Exec Code 2019-05-17 2019-05-21
9.0
None Remote Low Single system Complete Complete Complete
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen.
48 CVE-2019-12167 79 XSS 2019-05-22 2019-05-23
4.3
None Remote Medium Not required None Partial None
httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter.
49 CVE-2019-12163 200 +Info 2019-05-17 2019-05-22
5.0
None Remote Low Not required Partial None None
GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via {} in a ws/gatshipWs.asmx/SqlVersion request.
50 CVE-2019-12161 918 2019-05-17 2019-05-21
4.0
None Remote Low Single system Partial None None
WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168).
Total number of vulnerabilities : 1033   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.