CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-6462 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.
2 CVE-2019-6461 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.
3 CVE-2019-6460 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_field_set_name() in the file rec-field.c in librec.a.
4 CVE-2019-6459 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_extract_type in rec-utils.c in librec.a.
5 CVE-2019-6458 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a.
6 CVE-2019-6457 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_aggregate_reg_new in rec-aggregate.c in librec.a.
7 CVE-2019-6456 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size() in the file rec-fex.c of librec.a.
8 CVE-2019-6455 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy() in the file rec-mset.c.
9 CVE-2019-6447 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.
10 CVE-2019-6446 Exec Code 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call.
11 CVE-2019-6445 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem.
12 CVE-2019-6444 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd.
13 CVE-2019-6443 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd.
14 CVE-2019-6442 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.
15 CVE-2019-6440 2019-01-15 2019-01-15
0.0
None ??? ??? ??? ??? ??? ???
Zemana AntiMalware before 3.0.658 Beta mishandles update logic.
16 CVE-2019-6439 Overflow 2019-01-15 2019-01-15
0.0
None ??? ??? ??? ??? ??? ???
examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow.
17 CVE-2019-6296 Sql 2019-01-15 2019-01-15
0.0
None ??? ??? ??? ??? ??? ???
Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id parameter.
18 CVE-2019-6295 Sql 2019-01-15 2019-01-15
0.0
None ??? ??? ??? ??? ??? ???
Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter.
19 CVE-2019-6294 352 CSRF 2019-01-15 2019-01-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI.
20 CVE-2019-6293 2019-01-14 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service.
21 CVE-2019-6292 2019-01-14 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file.
22 CVE-2019-6291 2019-01-14 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
23 CVE-2019-6290 2019-01-14 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
24 CVE-2019-6289 Exec Code 2019-01-15 2019-01-15
0.0
None ??? ??? ??? ??? ??? ???
uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename.
25 CVE-2019-6286 2019-01-14 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.
26 CVE-2019-6285 DoS 2019-01-14 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
27 CVE-2019-6284 2019-01-14 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.
28 CVE-2019-6283 2019-01-14 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.
29 CVE-2019-6278 XSS 2019-01-14 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option.
30 CVE-2019-6267 XSS 2019-01-14 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPress has XSS via a crafted GET request that is mishandled during log viewing at the templates/admin/redirect-log.php URI.
31 CVE-2019-6264 XSS 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability.
32 CVE-2019-6263 XSS 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS.
33 CVE-2019-6262 XSS 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS.
34 CVE-2019-6261 XSS 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability.
35 CVE-2019-6259 89 Sql 2019-01-14 2019-01-16
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.
36 CVE-2019-6257 2019-01-14 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in php/elFinder.class.php.
37 CVE-2019-6256 DoS 2019-01-14 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp.
38 CVE-2019-6251 2019-01-14 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
embed/ephy-web-view.c in GNOME Web (aka Epiphany) through 3.31.4 allows address bar spoofing because a page load triggered by JavaScript leads to updating an address as if it were triggered by a safer visit type (e.g., VISIT_LINK, VISIT_TYPED, VISIT_BOOKMARK, or VISIT_HOMEPAGE). This is similar to the CVE-2018-8383 issue in Microsoft Edge.
39 CVE-2019-6250 Exec Code Overflow 2019-01-13 2019-01-15
0.0
None ??? ??? ??? ??? ??? ???
A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer (i.e., it is not necessary to use a typical buffer-overflow exploitation technique that changes the flow of control).
40 CVE-2019-6249 352 CSRF 2019-01-13 2019-01-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add.
41 CVE-2019-6248 XSS 2019-01-12 2019-01-12
0.0
None ??? ??? ??? ??? ??? ???
PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 has Reflected XSS via the srch parameter, as demonstrated by restaurants-details.php.
42 CVE-2019-6247 Exec Code Overflow 2019-01-12 2019-01-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. A heap-based buffer overflow bug in svgpp_agg_render may lead to code execution. In the render_scanlines_aa_solid function, the blend_hline function is called repeatedly multiple times. blend_hline is equivalent to a loop containing write operations. Each call writes a piece of heap data, and multiple calls overwrite the data in the heap.
43 CVE-2019-6246 2019-01-12 2019-01-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the gil::get_color function in Generic Image Library in Boost, the return code is used as an address, leading to an Access Violation because of an out-of-bounds read.
44 CVE-2019-6245 2019-01-12 2019-01-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. In the function agg::cell_aa::not_equal, dx is assigned to (x2 - x1). If dx >= dx_limit, which is (16384 << poly_subpixel_shift), this function will call itself recursively. There can be a situation where (x2 - x1) is always bigger than dx_limit during the recursion, leading to continual stack consumption.
45 CVE-2019-6244 Exec Code CSRF 2019-01-11 2019-01-11
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file.
46 CVE-2019-6243 79 XSS 2019-01-11 2019-01-16
4.3
None Remote Medium Not required None Partial None
Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI).
47 CVE-2019-6138 2019-01-11 2019-01-11
0.0
None ??? ??? ??? ??? ??? ???
An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_memory.c have memory leaks when called from mms/iso_mms/common/mms_value.c, server/mms_mapping/mms_mapping.c, and server/mms_mapping/mms_sv.c (via common/string_utilities.c), as demonstrated by iec61850_9_2_LE_example.c.
48 CVE-2019-6137 2019-01-11 2019-01-11
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in link_layer/link_layer.c has a NULL pointer dereference.
49 CVE-2019-6136 2019-01-11 2019-01-11
0.0
None ??? ??? ??? ??? ??? ???
An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethernet_linux.c has a SEGV, as demonstrated by sv_subscriber_example.c and sv_subscriber.c.
50 CVE-2019-6135 2019-01-11 2019-01-11
0.0
None ??? ??? ??? ??? ??? ???
An issue has been found in libIEC61850 v1.3.1. Memory_malloc in hal/memory/lib_memory.c has a memory leak when called from Asn1PrimitiveValue_create in mms/asn1/asn1_ber_primitive_value.c, as demonstrated by goose_publisher_example.c and iec61850_9_2_LE_example.c.
Total number of vulnerabilities : 781   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.