CVE List for December 2019

CVE-2019-19469

In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with sh...

CVE-2019-18609

An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corrupti...

CVE-2019-19479

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing...

CVE-2019-19480

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_...

CVE-2019-19481

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.

CVE-2019-15631

Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute...

CVE-2019-19489

SMPlayer 19.5.0 has a buffer overflow via a long .m3u file.

CVE-2019-19490

LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe.

CVE-2019-19491

TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php...

CVE-2019-19492

FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.

CVE-2019-19362

An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fix...

CVE-2019-19493

Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.

CVE-2019-19496

Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document.

CVE-2019-19118

Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user h...

CVE-2019-19245

NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quote...

CVE-2019-15628

Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specifi...

CVE-2019-19502

Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP ...

CVE-2019-12388

Anviz access control devices perform cleartext transmission of sensitive information (passwords/pins and names) when replying to query on port tcp/501...

CVE-2019-12389

Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via p...

CVE-2019-12390

Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials...

CVE-2019-12391

The Anviz Management System for access control has insufficient logging for device events such as door open requests.

CVE-2019-12392

Anviz access control devices allow remote attackers to issue commands without a password.

CVE-2019-12393

Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests.

CVE-2019-12394

Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authent...

CVE-2019-12503

Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus,...

CVE-2019-12518

Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.

CVE-2019-19014

An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands a...

CVE-2019-19015

An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to the interna...

CVE-2019-19016

An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL...

CVE-2019-19017

An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utili...

CVE-2019-19018

An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administratio...

CVE-2019-19019

An issue was discovered in TitanHQ WebTitan before 5.18. It contains a Remote Code Execution issue through which an attacker can execute arbitrary cod...

CVE-2019-19020

An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enabl...

CVE-2019-19021

An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interf...

CVE-2019-19507

In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflic...

CVE-2012-4428

openslp: SLPIntersectStringList()' Function has a DoS vulnerability

CVE-2012-4480

mom creates world-writable pid files in /var/run

CVE-2012-4525

piwigo has XSS in password.php

CVE-2012-4526

piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)

CVE-2012-4576

FreeBSD: Input Validation Flaw allows local users to gain elevated privileges

CVE-2013-4410

ReviewBoard: has an access-control problem in REST API

CVE-2014-9356

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism vi...

CVE-2012-5562

rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite

CVE-2019-15689

Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug th...

CVE-2019-19316

When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using...

CVE-2019-19516

Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password.

CVE-2019-3665

Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the bro...

CVE-2019-3666

API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the b...

CVE-2013-2101

Katello has multiple XSS issues in various entities

CVE-2013-2103

OpenShift cartridge allows remote URL retrieval

CVE-2013-2106

webauth before 4.6.1 has authentication credential disclosure

CVE-2013-2228

SaltStack RSA Key Generation allows remote users to decrypt communications

CVE-2013-4235

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

CVE-2013-4411

Review Board: URL processing gives unauthorized users access to review lists

CVE-2013-4486

Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging

CVE-2019-4098

IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the ...

CVE-2019-4130

IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code...

CVE-2019-4226

IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the ...

CVE-2019-4465

IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774.

CVE-2019-4467

IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the ...

CVE-2019-4468

IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the ...

CVE-2019-19523

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, ...

CVE-2019-19524

In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver...

CVE-2019-19525

In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c dri...

CVE-2019-19526

In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, ak...

CVE-2019-19527

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c drive...

CVE-2019-19528

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c drive...

CVE-2019-19529

In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c dr...

CVE-2019-19530

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c drive...

CVE-2019-19531

In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, a...

CVE-2019-19532

In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID dri...

CVE-2019-19533

In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec....

CVE-2019-19534

In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb...

CVE-2019-19535

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_...

CVE-2019-19536

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_...

CVE-2019-19537

In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer...

CVE-2019-3990

A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrat...

CVE-2019-7365

DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious...

CVE-2019-7366

Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which m...

CVE-2019-19460

An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. ...

CVE-2019-10013

The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow that allows remote attackers to cause a denia...

CVE-2019-13456

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iteration...

CVE-2019-16885

In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This...

CVE-2019-18992

OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" a...

CVE-2019-18993

OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example,...

CVE-2019-19382

Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achie...

CVE-2019-19383

freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command (this is exploitable even if logging is disabled).

CVE-2019-19457

SALTO ProAccess SPACE 5.4.3.0 allows XSS.

CVE-2019-19458

SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature.

CVE-2019-19459

An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-1945...

CVE-2019-9689

process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with ...

CVE-2019-18574

RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious ...

CVE-2019-19543

In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.

CVE-2019-3749

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges p...

CVE-2019-3750

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges p...

CVE-2016-1000104

A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.

CVE-2019-5076

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG header-parser of the Accusoft ImageGear 19.3.0 library. A specially c...

CVE-2019-5083

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFdecodethunderscan function of Accusoft ImageGear 19.3.0 library. A spe...

CVE-2019-5096

An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application i...

CVE-2019-5097

A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5....

CVE-2019-5109

Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injecti...

CVE-2019-5110

Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injectio...

CVE-2019-5111

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_c...

CVE-2019-5112

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_s...

CVE-2019-5132

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll GEM Raster parser of the Accusoft ImageGear 19.3.0 library. A specially c...

CVE-2019-5133

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll BMP parser of the ImageGear 19.3.0 library. A specially crafted BMP file ...

CVE-2019-5163

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a l...

CVE-2019-5164

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-m...

CVE-2013-7325

An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.

CVE-2015-7542

A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates.

CVE-2019-18850

TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, als...

CVE-2019-14909

A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will ...

CVE-2019-15638

COPA-DATA zenone32 zenon Editor through 8.10 has an Uncontrolled Search Path Element.

CVE-2019-11923

In Mcrouter prior to v0.41.0, the deprecated ASCII parser would allocate a buffer to a user-specified length with no maximum length enforced, allowing...

CVE-2019-11937

In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could result in stack exhaustion and denial of service.

CVE-2018-0728

This improper access control vulnerability in Helpdesk allows attackers to access the system logs. To fix the vulnerability, QNAP recommend updating Q...

CVE-2018-0729

This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP reco...

CVE-2018-0730

This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recom...

CVE-2019-11930

An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions...

CVE-2019-11934

Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket. This issue affects folly prior to v2019.11.04.00.

CVE-2019-11935

Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior...

CVE-2019-11936

Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions prior to ...

CVE-2019-11940

In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table in...

CVE-2019-17554

The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Reque...

CVE-2019-17556

Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being d...

CVE-2019-19555

read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.

CVE-2019-7197

A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. If exploited, this vulnerability may allow an ...

CVE-2019-7201

An unquoted service path vulnerability is reported to affect the service QVssService in QNAP NetBak Replicator. This vulnerability could allow an auth...

CVE-2019-17555

The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0 reads the Retry-After header and passes it to the Thread.sleep() method wi...

CVE-2019-18346

A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary ...

CVE-2019-18347

A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged u...

CVE-2019-19576

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar ...

CVE-2019-19133

The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a csshero_action=edit_page request because it fails to suffic...

CVE-2019-19228

Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored...

CVE-2019-19229

admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=download&filename= Directory Traversal.

CVE-2019-19364

A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (ve...

CVE-2019-11216

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks...

CVE-2019-16752

An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. It is possible to force wallets to send HTTP requests to ...

CVE-2019-16753

An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. The content to be signed is composed of a representation ...

CVE-2013-2745

An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0

CVE-2019-19579

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has acces...

CVE-2019-19519

In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main func...

CVE-2019-19520

xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenoc...

CVE-2019-19521

libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/aut...

CVE-2019-19522

OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membersh...

CVE-2019-19587

In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor configuration from the source view in the Management Con...

CVE-2019-19553

In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c b...

CVE-2019-19588

The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. This is...

CVE-2019-19590

In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer o...

CVE-2019-19596

GitBook through 2.6.9 allows XSS via a local .md file.

CVE-2019-19589

The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Note: It has be...

CVE-2019-19597

D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an H...

CVE-2019-19598

D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. ...

CVE-2019-19601

OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of an incorrect sprintf.

CVE-2019-19317

lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a deni...

CVE-2019-19602

fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to ...

CVE-2013-0163

OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS

CVE-2019-14910

A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP...

CVE-2019-17437

An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate priv...

CVE-2019-18180

Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS...

CVE-2013-0243

haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections

CVE-2018-1002102

Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API...

CVE-2019-11255

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshott...

CVE-2019-15897

beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows Authentication Bypass via communication with a BeeGFS metadata server (which is typically not expo...

CVE-2019-19007

Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled, a related issue ...

CVE-2019-19594

reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute ...

CVE-2019-19595

reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers ...

CVE-2019-3690

The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional...

CVE-2013-0283

Katello: Username in Notification page has cross site scripting

CVE-2013-0326

OpenStack nova base images permissions are world readable

CVE-2019-19466

SCEditor 2.1.3 allows XSS.

CVE-2019-7183

This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recommend updating QTS to ...

CVE-2019-7184

This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator’s management...

CVE-2019-7185

This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management...

CVE-2019-7192

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recom...

CVE-2019-7193

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend ...

CVE-2019-7194

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP reco...

CVE-2019-7195

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP reco...

CVE-2012-1104

A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.

CVE-2019-17387

An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client through 2.2.10 allows an attacker to gain elevated privileges through arbitrary ...

CVE-2019-17388

Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute ...

CVE-2019-18381

Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that a...

CVE-2019-19545

Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that a...

CVE-2019-19546

Norton Password Manager, prior to 6.6.2.5, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an...

CVE-2019-5098

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cau...

CVE-2012-1105

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Servi...

CVE-2019-16769

The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe ch...

CVE-2019-16768

In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\...

CVE-2019-16770

In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of ser...

CVE-2019-19609

The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, ...

CVE-2012-1114

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_i...

CVE-2012-1115

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.

CVE-2012-1592

A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitr...

CVE-2019-19616

An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2...

CVE-2019-19617

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php...

CVE-2019-19619

domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML s...

CVE-2019-19624

An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_sc...

CVE-2012-1615

A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file.

CVE-2019-11554

The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of...

CVE-2019-19333

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits"...

CVE-2019-19334

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "ident...

CVE-2019-19551

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with acc...

CVE-2019-19552

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/conf...

CVE-2019-19620

In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM perm...

CVE-2019-19625

SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS ...

CVE-2019-19627

SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 pro...

CVE-2019-5544

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Criti...

CVE-2012-2092

A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signa...

CVE-2018-7282

The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi.

CVE-2019-12733

SiteVision 4 allows Remote Code Execution.

CVE-2019-12734

SiteVision 4 has Incorrect Access Control.

CVE-2012-2130

A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA...

CVE-2012-2148

An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies

CVE-2019-16670

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devi...

CVE-2019-16671

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devi...

CVE-2019-16672

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devi...

CVE-2019-16673

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devi...

CVE-2019-16674

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devi...

CVE-2019-18671

Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss ...

CVE-2019-18672

Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic...

CVE-2019-1551

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analys...

CVE-2019-16771

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary H...

CVE-2019-11293

Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter....

CVE-2019-18575

Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit...

CVE-2019-10769

safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Ar...

CVE-2019-2217

In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege wi...

CVE-2019-2218

In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could ...

CVE-2019-2219

In several functions of NotificationManagerService.java and related files, there is a possible way to record audio from the background without notific...

CVE-2019-2220

In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This coul...

CVE-2019-2221

In hasActivityInVisibleTask of WindowProcessController.java there’s a possible bypass of user interaction requirements due to incorrect handling of to...

CVE-2019-2222

n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote co...

CVE-2019-2223

In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code executi...

CVE-2019-2225

When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be abl...

CVE-2019-2226

In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclo...

CVE-2019-2227

In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluet...

CVE-2019-2228

In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in ...

CVE-2019-2229

In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local informat...

CVE-2019-2230

In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to r...

CVE-2019-2231

In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosur...

CVE-2019-2232

In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service whe...

CVE-2019-9464

In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicatin...

CVE-2019-16772

The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe charact...

CVE-2019-19447

In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_...

CVE-2019-19448

In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can...

CVE-2019-19449

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2...

CVE-2019-19630

HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a cra...

CVE-2019-19635

An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c.

CVE-2019-19636

An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c.

CVE-2019-19637

An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.

CVE-2019-19638

An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.

CVE-2019-19642

On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated atta...

CVE-2019-19647

radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitra...

CVE-2019-19648

In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO ...

CVE-2019-19645

alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER ...

CVE-2019-19678

In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Gener...

CVE-2019-19679

In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via t...

CVE-2019-14251

An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once succes...

CVE-2019-19682

nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Pr...

CVE-2019-19683

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Librari...

CVE-2019-19684

nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookA...

CVE-2019-19685

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions.

CVE-2019-18380

Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow ...

CVE-2019-19687

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any cr...

CVE-2015-0841

Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of serv...

CVE-2015-1853

chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowled...

CVE-2019-18190

Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of applicatio...

CVE-2019-19603

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.

CVE-2019-19646

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.

CVE-2014-0242

mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type h...

CVE-2015-3424

SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary ...

CVE-2015-3425

Cross-site scripting (XSS) vulnerability in Accentis Content Resource Management System before October 2015 patch allows remote attackers to inject ar...

CVE-2015-7892

Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local...

CVE-2013-0342

The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by pred...

CVE-2019-19230

An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker...

CVE-2019-4428

IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed ar...

CVE-2019-4611

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thu...

CVE-2019-4612

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicio...

CVE-2019-4621

IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN c...

CVE-2019-19698

marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c.

CVE-2013-0293

oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation

CVE-2013-1793

openstack-utils openstack-db has insecure password creation

CVE-2013-2095

rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection

CVE-2014-3656

JBoss KeyCloak: XSS in login-status-iframe.html

CVE-2013-2159

Monkey HTTP Daemon: broken user name authentication

CVE-2013-2166

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass

CVE-2013-2167

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass

CVE-2013-2183

Monkey HTTP Daemon has local security bypass

CVE-2013-4120

Katello has a Denial of Service vulnerability in API OAuth authentication

CVE-2013-4133

kde-workspace before 4.10.5 has a memory leak in plasma desktop

CVE-2013-4184

Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks

CVE-2016-1000108

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the pre...

CVE-2019-19251

The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although t...

CVE-2019-4095

IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions trans...

CVE-2019-4244

IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper in...

CVE-2019-4521

Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on ...

CVE-2019-4663

IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code i...

CVE-2013-1689

Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames.

CVE-2016-1000107

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted c...

CVE-2019-6183

A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause sy...

CVE-2019-6192

A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could ca...

CVE-2012-1577

lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.

CVE-2019-19702

The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker ...

CVE-2019-19703

In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.

CVE-2019-13672

Incorrect security UI in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially spoof the contents of the Omnibox (UR...

CVE-2019-17270

Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?c...

CVE-2019-5841

Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via ...

CVE-2019-5843

Out of bounds memory access in JavaScript in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via...

CVE-2019-13725

Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

CVE-2019-13726

Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

CVE-2019-13727

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a craf...

CVE-2019-13728

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafte...

CVE-2019-13729

Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTM...

CVE-2019-13730

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTM...

CVE-2019-13732

Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML ...

CVE-2019-13734

Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HT...

CVE-2019-13735

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a cr...

CVE-2019-13736

Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF f...

CVE-2019-13737

Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive infor...

CVE-2019-13738

Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted ...

CVE-2019-13739

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homogra...

CVE-2019-13740

Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVE-2019-13741

Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via c...

CVE-2019-13742

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar...

CVE-2019-13743

Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafte...

CVE-2019-13744

Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HT...

CVE-2019-13745

Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML...

CVE-2019-13746

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL ...

CVE-2019-13747

Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via...

CVE-2019-13748

Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive inf...

CVE-2019-13749

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar...

CVE-2019-13750

Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a craf...

CVE-2019-13751

Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process...

CVE-2019-13752

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process...

CVE-2019-13753

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process...

CVE-2019-13754

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a...

CVE-2019-13755

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTM...

CVE-2019-13756

Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVE-2019-13757

Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a ...

CVE-2019-13758

Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restric...

CVE-2019-13759

Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML ...

CVE-2019-13761

Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a ...

CVE-2019-13762

Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via ...

CVE-2019-13763

Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process ...

CVE-2019-13764

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTM...

CVE-2019-1332

A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted w...

CVE-2019-1400

An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microso...

CVE-2019-1453

A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially...

CVE-2019-1458

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation ...

CVE-2019-1461

A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory, aka 'Microsoft Word ...

CVE-2019-1462

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka 'Micro...

CVE-2019-1463

An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microso...

CVE-2019-1464

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information ...

CVE-2019-1465

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Inform...

CVE-2019-1466

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Inform...

CVE-2019-1467

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Inform...

CVE-2019-1468

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics R...

CVE-2019-1469

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vu...

CVE-2019-1470

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated ...

CVE-2019-1471

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a gu...

CVE-2019-1472

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosur...

CVE-2019-1474

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosur...

CVE-2019-1476

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of...

CVE-2019-1477

An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Wi...

CVE-2019-1478

An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vul...

CVE-2019-1480

An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player I...

CVE-2019-1481

An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player I...

CVE-2019-1483

An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an ...

CVE-2019-1484

A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution ...

CVE-2019-1485

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulner...

CVE-2019-1486

A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified...

CVE-2019-1487

An information disclosure vulnerability in Android Apps using Microsoft Authentication Library (MSAL) 0.3.1-Alpha or later exists under specific condi...

CVE-2019-1488

A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers, aka 'Microsoft Defender Security Feature B...

CVE-2019-1489

An information disclosure vulnerability exists when the Windows Remote Desktop Protocol (RDP) fails to properly handle objects in memory, aka 'Remote ...

CVE-2019-1490

A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Serve...

CVE-2019-14861

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe prov...

CVE-2019-14870

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model...

CVE-2019-14889

A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server...

CVE-2019-19604

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24...

CVE-2019-5815

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XM...

CVE-2019-19707

On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery p...

CVE-2019-19708

The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute.

CVE-2019-19709

MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-r...

CVE-2019-19719

Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page.

CVE-2019-19720

Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file.

CVE-2019-3667

DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbit...

CVE-2013-4158

smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790)

CVE-2019-18935

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploit...

CVE-2019-18960

Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes.

CVE-2013-4245

Orca has arbitrary code execution due to insecure Python module load

CVE-2013-4593

RubyGem omniauth-facebook has an access token security vulnerability

CVE-2013-6495

JBossWeb Bayeux has reflected XSS

CVE-2013-7370

node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware

CVE-2013-7371

node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)

CVE-2014-0026

katello-headpin is vulnerable to CSRF in REST API

CVE-2014-0091

Foreman has improper input validation which could lead to partial Denial of Service

CVE-2019-14899

A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to deter...

CVE-2019-15007

The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross ...

CVE-2019-15008

The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or ...

CVE-2019-15009

The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's f...

CVE-2019-4665

IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI...

CVE-2019-4715

IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted...

CVE-2014-0163

Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.

CVE-2019-10772

It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the saniti...

CVE-2019-18377

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker ...

CVE-2019-18378

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable atta...

CVE-2019-18379

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let...

CVE-2013-4968

Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) con...

CVE-2019-14317

wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term ...

CVE-2019-19577

An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggeri...

CVE-2019-19578

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, ...

CVE-2019-19580

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable pro...

CVE-2019-19581

An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain b...

CVE-2019-19582

An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration i...

CVE-2019-19583

An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry ch...

CVE-2019-19649

Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the Sy...

CVE-2019-19650

Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.j...

CVE-2019-19725

sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.

CVE-2013-3542

Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera...

CVE-2013-3691

AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL.

CVE-2013-4303

includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not prope...

CVE-2013-5743

Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.

CVE-2013-5978

Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to ...

CVE-2014-7257

SQL injection vulnerability in DBD::PgPP 0.05 and earlier

CVE-2019-19373

An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a...

CVE-2019-19374

An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS ...

CVE-2019-19729

An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed obje...

CVE-2019-0395

SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text module in Fiori ...

CVE-2019-0398

Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, ma...

CVE-2019-0399

SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user t...

CVE-2019-0402

SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to In...

CVE-2019-0403

SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Comma...

CVE-2019-0404

SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure.

CVE-2019-0405

SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leadin...

CVE-2019-17087

Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and down...

CVE-2019-18232

SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a ser...

CVE-2019-18245

Reliable Controls LicenseManager versions 3.4 and prior may allow an authenticated user to insert malicious code into the system root path, which may ...

CVE-2019-3983

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART ...

CVE-2019-3985

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input ...

CVE-2019-3986

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input ...

CVE-2019-3987

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input ...

CVE-2019-3988

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input ...

CVE-2019-3989

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input ...

CVE-2019-10694

The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password...

CVE-2019-10695

When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user’s username and password were expos...

CVE-2019-5085

An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A speci...

CVE-2019-5090

An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15....

CVE-2019-5091

An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A spe...

CVE-2019-5092

An exploitable heap out of bounds write vulnerability exists in the UI tag parsing functionality of the DICOM image format of LEADTOOLS 20.0.2019.3.15...

CVE-2019-5093

An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A spec...

CVE-2019-5154

An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image fil...

CVE-2019-7004

A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentia...

CVE-2019-19726

OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very sm...

CVE-2017-18640

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

CVE-2019-19740

Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.

CVE-2019-19746

make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type...

CVE-2019-19748

The Work Time Calendar app before 4.7.1 for Jira allows XSS.

CVE-2019-10484

Use after free issue occurs when command destructors access dynamically allocated response buffer which is already deallocated during previous command...

CVE-2019-10485

Infinite loop while decoding compressed data can lead to overrun condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon...

CVE-2019-10493

Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Sn...

CVE-2019-10494

Race condition between the camera functions due to lack of resource lock which will lead to memory corruption and UAF issue in Snapdragon Auto, Snapdr...

CVE-2019-10511

Possibility of memory overflow while decoding GSNDCP compressed mode PDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon I...

CVE-2019-10520

An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of...

CVE-2019-10530

Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Indu...

CVE-2019-10545

Null pointer dereference issue in kernel due to missing check related to LLC support in GPU in Snapdragon Auto, Snapdragon Consumer Electronics Connec...

CVE-2019-10555

Buffer overflow can occur due to usage of wrong datatype and missing length check before copying into buffer in Snapdragon Auto, Snapdragon Compute, S...

CVE-2019-10559

Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon A...

CVE-2019-10571

Snapshot of IB can lead to invalid address access due to missing check for size in the related function in Snapdragon Auto, Snapdragon Compute, Snapdr...

CVE-2019-10592

Possible integer overflow while multiplying two integers of 32 bit in QDCM API of get display modes as there is no check on the maximum mode count in ...

CVE-2019-10618

Driver may access an invalid address while processing IO control due to lack of check of address validation in Snapdragon Connectivity in QCA6390

CVE-2019-2288

Out of bound write in TZ while copying the secure dump structure on HLOS provided buffer as a part of memory dump in Snapdragon Auto, Snapdragon Compu...

CVE-2019-2310

Out of bound read would occur while trying to read action category and action ID without validating the action length of the Rx Frame body in Snapdrag...

CVE-2019-2319

HLOS could corrupt CPZ page table memory for S1 managed VMs in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, ...

CVE-2019-2320

Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Cons...

CVE-2019-2321

Incorrect length used while validating the qsee log buffer sent from HLOS which could then lead to remap conflict in Snapdragon Auto, Snapdragon Compu...

CVE-2019-2337

While Skipping unknown IES, EMM is reading the buffer even if the no of bytes to read are more than message length which may cause device to shutdown ...

CVE-2019-2338

Crafted image that has a valid signature from a non-QC entity can be loaded which can read/write memory that belongs to the secure world in Snapdragon...

CVE-2019-13927

A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-...

CVE-2019-13945

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIP...

CVE-2019-14849

A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to c...

CVE-2019-15930

Intesync Solismed 3.3sp allows Clickjacking.

CVE-2019-15931

Intesync Solismed 3.3sp allows Directory Traversal, a different vulnerability than CVE-2019-16246.

CVE-2019-15932

Intesync Solismed 3.3sp has Incorrect Access Control.

CVE-2019-15933

Intesync Solismed 3.3sp has SQL Injection.

CVE-2019-15934

Intesync Solismed 3.3sp has CSRF.

CVE-2019-15935

Intesync Solismed 3.3sp has XSS.

CVE-2019-15936

Intesync Solismed 3.3sp allows Insecure File Upload.

CVE-2019-16246

Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code executio...

CVE-2019-17358

Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authe...

CVE-2019-17428

An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within th...

CVE-2019-18345

A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied ...

CVE-2019-19198

The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS.

CVE-2019-19247

Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 1 of 2).

CVE-2019-19248

Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 2 of 2).

CVE-2019-4606

IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted ...

CVE-2019-19750

minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product.

CVE-2019-13930

A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an u...

CVE-2019-13931

A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow for an an attacker to craft the input in a form th...

CVE-2019-13932

A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web application requests could be manipulated, causing the the application t...

CVE-2019-13942

A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.3...

CVE-2019-13943

A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.3...

CVE-2019-13944

A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.3...

CVE-2019-13947

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the Co...

CVE-2019-18283

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without aut...

CVE-2019-18284

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without aut...

CVE-2019-18285

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The RMI communication between the client ...

CVE-2019-18286

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory ...

CVE-2019-18287

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory ...

CVE-2019-18288

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with valid authentication at ...

CVE-2019-18289

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could t...

CVE-2019-18290

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could t...

CVE-2019-18291

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could t...

CVE-2019-18292

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could t...

CVE-2019-18293

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could t...

CVE-2019-18294

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could t...

CVE-2019-18295

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could t...

CVE-2019-18296

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could t...

CVE-2019-18297

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and low p...

CVE-2019-18298

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could t...

CVE-2019-18299

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can tri...

CVE-2019-18300

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can tri...

CVE-2019-18301

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can tri...

CVE-2019-18302

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can tri...

CVE-2019-18303

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can tri...

CVE-2019-18304

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can tri...

CVE-2019-18305

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could t...

CVE-2019-18306

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could t...

CVE-2019-18307

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could t...

CVE-2019-18308

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low...

CVE-2019-18309

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low...

CVE-2019-18310

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could t...

CVE-2019-18311

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could t...

CVE-2019-18312

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could b...

CVE-2019-18313

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could g...

CVE-2019-18314

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Ap...

CVE-2019-18315

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Ap...

CVE-2019-18316

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Ap...

CVE-2019-18317

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Ap...

CVE-2019-18318

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Ap...

CVE-2019-18319

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Ap...

CVE-2019-18320

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Ap...

CVE-2019-18321

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could b...

CVE-2019-18322

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could b...

CVE-2019-18323

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could c...

CVE-2019-18324

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cau...

CVE-2019-18325

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cau...

CVE-2019-18326

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cau...

CVE-2019-18327

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cau...

CVE-2019-18328

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cau...

CVE-2019-18329

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cau...

CVE-2019-18330

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could c...

CVE-2019-18331

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Ap...

CVE-2019-18332

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Ap...

CVE-2019-18333

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Ap...

CVE-2019-18334

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Ap...

CVE-2019-18335

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Ap...

CVE-2019-18337

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication...

CVE-2019-18338

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory trave...

CVE-2019-18339

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR V...

CVE-2019-18340

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNV...

CVE-2019-18341

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Cent...

CVE-2019-18342

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Cent...

CVE-2019-19766

The Bitwarden server through 1.32.0 has a potentially unwanted KDF.

CVE-2019-19767

The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr...

CVE-2019-19768

In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out ...

CVE-2019-19769

In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).

CVE-2019-19770

In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or ...

CVE-2019-19771

The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, th...

CVE-2019-3951

Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) du...

CVE-2019-5061

An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for station...

CVE-2019-5062

An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sess...

CVE-2019-5144

An exploitable heap underflow vulnerability exists in the derive_taps_and_gains function in kdu_v7ar.dll of Kakadu Software SDK 7.10.2. A specially cr...

CVE-2018-11805

In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can...

CVE-2019-12420

In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the re...

CVE-2019-16774

In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver.

CVE-2019-16775

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of ...

CVE-2019-16776

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_...

CVE-2019-16777

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be ...

CVE-2019-19777

stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.

CVE-2019-19778

An issue was discovered in libsixel 1.8.2. There is a heap-based buffer over-read in the function load_sixel at loader.c.

CVE-2019-19782

The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server.

CVE-2014-0175

mcollective has a default password set at install

CVE-2014-0197

CFME: CSRF protection vulnerability via permissive check of the referrer header

CVE-2014-0212

qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors

CVE-2014-0241

rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable

CVE-2019-13347

An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Con...

CVE-2019-18801

An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers whe...

CVE-2019-18802

An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. E...

CVE-2019-18838

An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid req...

CVE-2019-19501

VeraCrypt 1.24 allows Local Privilege Escalation during execution of VeraCryptExpander.exe.

CVE-2014-1867

suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution

CVE-2014-2387

Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities

CVE-2014-3495

duplicity 0.6.24 has improper verification of SSL certificates

CVE-2019-17599

The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows ...

CVE-2019-19397

There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulne...

CVE-2019-5248

CloudEngine 12800 has a DoS vulnerability. An attacker of a neighboring device sends a large number of specific packets. As a result, a memory leak oc...

CVE-2019-5250

Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. The software does not properly...

CVE-2019-5251

There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the applicatio...

CVE-2019-5290

Huawei S5700 and S6700 have a DoS security vulnerability. Attackers with certain permissions perform specific operations on affected devices. Because ...

CVE-2019-5291

Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specifi...

CVE-2019-14344

TemaTres 3.0 has reflected XSS via the replace_string or search_string parameter to the vocab/admin.php?doAdmin=bulkReplace URI.

CVE-2019-19785

ATasm 1.06 has a stack-based buffer overflow in the to_comma() function in asm.c via a crafted .m65 file.

CVE-2019-19786

ATasm 1.06 has a stack-based buffer overflow in the parse_expr() function in setparse.c via a crafted .m65 file.

CVE-2019-19787

ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c via a crafted .m65 file.

CVE-2019-4426

The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and IBM Case Manager 5.1.1 through 5.3 is vulnerable to cross-site scripting. This v...

CVE-2019-19722

In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL P...

CVE-2019-17123

The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrat...

CVE-2019-19774

An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /e...

CVE-2019-19790

Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON...

CVE-2019-19793

In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Windows, a local or remote user from the same domain can gain privileges.

CVE-2019-16730

processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary syste...

CVE-2019-16731

The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter d...

CVE-2019-16732

Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user...

CVE-2019-16733

processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system...

CVE-2019-16734

Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitra...

CVE-2019-16735

A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote att...

CVE-2019-16736

A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remot...

CVE-2019-16737

The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arb...

CVE-2019-17364

The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute ...

CVE-2019-19794

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is u...

CVE-2019-19795

samurai 0.7 has a heap-based buffer overflow in canonpath in util.c via a crafted build file.

CVE-2019-19796

Yabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source file.

CVE-2019-5253

E5572-855 with versions earlier than 8.0.1.3(H335SP1C233) has an improper authentication vulnerability. The device does not perform a sufficient authe...

CVE-2019-5260

Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value whe...

CVE-2019-5278

There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200....

CVE-2019-5254

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospa...

CVE-2019-5255

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospa...

CVE-2019-5256

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospa...

CVE-2019-5257

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace) have a resource man...

CVE-2019-5258

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospa...

CVE-2019-5264

There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;...

CVE-2019-5277

Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information ...

CVE-2019-5235

Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to explo...

CVE-2019-5252

There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a...

CVE-2019-19797

read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.

CVE-2014-3536

CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration

CVE-2014-3643

jersey: XXE via parameter entities not disabled by the jersey SAX parser

CVE-2014-3652

JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.

CVE-2014-3699

eDeploy has RCE via cPickle deserialization of untrusted data

CVE-2014-3701

eDeploy has tmp file race condition flaws

CVE-2014-4913

ZF2014-03 has a potential cross site scripting vector in multiple view helpers

CVE-2014-8561

imagemagick 6.8.9.6 has remote DOS via infinite loop

CVE-2014-8650

python-requests-Kerberos through 0.5 does not handle mutual authentication

CVE-2019-19807

In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related...

CVE-2019-19783

An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certa...

CVE-2019-19331

knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might ...

CVE-2019-19368

A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a craf...

CVE-2019-4444

IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to...

CVE-2019-4560

IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatt...

CVE-2019-18826

Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust. The embedded 'dongle_bridge' progr...

CVE-2019-18827

On Barco ClickShare Button R9861500D01 devices (before firmware version 1.9.0) JTAG access is disabled after ROM code execution. This means that JTAG ...

CVE-2019-18828

Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug int...

CVE-2019-18830

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functiona...

CVE-2019-18831

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Exposure. The encrypted ClickShare Button firmware contains the private key...

CVE-2019-19731

Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE acti...

CVE-2019-19743

On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal.

CVE-2019-0134

Improper permissions in the Intel(R) Dynamic Platform and Thermal Framework v8.3.10208.5643 and before may allow an authenticated user to potentially ...

CVE-2019-0159

Insufficient memory protection in the Linux Administrative Tools for Intel(R) Network Adapters before version 24.3 may allow an authenticated user to ...

CVE-2019-10773

In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafte...

CVE-2019-11096

Insufficient memory protection for Intel(R) Ethernet I218 Adapter driver for Windows* 10 before version 24.1 may allow an authenticated user to potent...

CVE-2019-11157

Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege a...

CVE-2019-11165

Improper conditions check in the Linux kernel driver for the Intel(R) FPGA SDK for OpenCL(TM) Pro Edition before version 19.4 may allow an authenticat...

CVE-2019-13533

In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and ...

CVE-2019-14568

Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of...

CVE-2019-14599

Unquoted service path in Control Center-I version 2.1.0.0 and earlier may allow an authenticated user to potentially enable escalation of privilege vi...

CVE-2019-14603

Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may allow an authentic...

CVE-2019-14604

Null pointer dereference in the FPGA kernel driver for Intel(R) Quartus(R) Prime Pro Edition before version 19.3 may allow an authenticated user to po...

CVE-2019-14605

Improper permissions in the installer for the Intel(R) SCS Platform Discovery Utility, all versions, may allow an authenticated user to potentially en...

CVE-2019-14607

Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial ...

CVE-2019-14608

Improper buffer restrictions in firmware for Intel(R) NUC(R) may allow an authenticated user to potentially enable escalation of privilege via local a...

CVE-2019-14609

Improper input validation in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2019-14610

Improper access control in firmware for Intel(R) NUC(R) may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2019-14611

Integer overflow in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2019-14612

Out of bounds write in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2019-16779

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeou...

CVE-2019-18259

In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary messages or execute commands.

CVE-2019-18261

In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement suffic...

CVE-2019-18269

Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability.

CVE-2019-18579

Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable ...

CVE-2019-13181

A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.

CVE-2019-13182

A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7.

CVE-2019-16778

In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_s...

CVE-2019-18191

A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated e...

CVE-2019-19818

The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0xa08a Out-of-Bounds ...

CVE-2018-11751

Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6....

CVE-2019-12413

In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially craf...

CVE-2019-12414

In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab

CVE-2019-5259

There is an information leakage vulnerability on some Huawei products(AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200...

CVE-2019-19826

The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc...

CVE-2017-18107

Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users ...

CVE-2019-15011

The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before ve...

CVE-2019-19830

_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.

CVE-2019-19813

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a ...

CVE-2019-19814

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array...

CVE-2019-19816

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __bt...

CVE-2019-19815

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fs_recover_fsync_data in fs/f2fs/recove...

CVE-2014-8178

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier ...

CVE-2019-18824

Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The ClickShare Button does not verify the integ...

CVE-2019-18825

Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Base Unit i...

CVE-2019-18829

Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The Barco signed 'Clickshare_For_Windows.exe' b...

CVE-2019-18832

Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest wh...

CVE-2019-18833

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information exposure (issue 2 of 2).. The encryption key of the media content which is ...

CVE-2019-19264

In Simplifile RecordFusion through 2019-11-25, the logs and hist parameters allow remote attackers to access local files via a logger/logs?/../ or log...

CVE-2019-19712

Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been en...

CVE-2019-16549

Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-mi...

CVE-2019-16550

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to hav...

CVE-2019-16551

A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HT...

CVE-2019-16552

A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker...

CVE-2019-16553

A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a com...

CVE-2019-16554

A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins e...

CVE-2019-16555

A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allow...

CVE-2019-16556

Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins ma...

CVE-2019-16557

Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they...

CVE-2019-16558

Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM.

CVE-2019-16559

A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection ...

CVE-2019-16560

A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and det...

CVE-2019-16561

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for t...

CVE-2019-16562

Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the description of builds shown in its view, resulting in a stored XSS vulnerability ex...

CVE-2019-16563

Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulne...

CVE-2019-16564

Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploit...

CVE-2019-16565

A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL u...

CVE-2019-16566

A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-sp...

CVE-2019-16567

A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods allowed users with Overall/Read access to enumerat...

CVE-2019-16568

Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configuration, as ...

CVE-2019-16569

A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0.26 and earlier allows attackers to connect to an attacker-specified web server u...

CVE-2019-16570

A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web serv...

CVE-2019-16571

A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-speci...

CVE-2019-16572

Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed ...

CVE-2019-16573

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-speci...

CVE-2019-16574

A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an a...

CVE-2019-16575

A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-spe...

CVE-2019-16576

A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an...

CVE-2019-19315

NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitro PDF and other products, allows Elevation of Privilege via the \\.\mailslot\nls...

CVE-2019-19675

In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging ...

CVE-2019-19714

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced ...

CVE-2019-19745

Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute the...

CVE-2019-14782

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp direct...

CVE-2019-15235

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNAME]/tmp/session/sess...

CVE-2019-18670

In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can...

CVE-2019-18956

Divisa Proxia Suite 9 < 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 and 9.7.10, 10.0 < 10.0.32, and 10.1 < 10.1.5, SparkSpace 1.0 < 1.0.30, 1.1 < 1.1.2, ...

CVE-2019-19847

Libspiro through 20190731 has a stack-based buffer overflow in the spiro_to_bpath0() function in spiro.c.

CVE-2019-19848

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uplo...

CVE-2019-19849

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and ...

CVE-2019-19850

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, t...

CVE-2012-2237

Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web...

CVE-2013-0202

Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the...

CVE-2014-8179

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representati...

CVE-2019-19634

class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht...

CVE-2019-19497

MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message.

CVE-2019-0383

Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.0...

CVE-2019-0384

Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.0...

CVE-2019-19241

In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. Th...

CVE-2019-17334

The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire De...

CVE-2019-17335

The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains mult...

CVE-2019-17336

The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains mult...

CVE-2019-17337

The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vul...

CVE-2019-3992

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can access the server's configu...

CVE-2019-3993

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can recover a user's password h...

CVE-2019-3994

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the...

CVE-2019-3995

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. A remote unauthenticated attacker can...

CVE-2019-3996

ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests.

CVE-2019-11657

Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could ...

CVE-2019-18257

In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service ...

CVE-2019-7481

Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 ver...

CVE-2019-15013

The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before ...

CVE-2019-19775

The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users.

CVE-2019-19845

In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.

CVE-2019-19846

In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.

CVE-2018-11980

When a fake broadcast/multicast 11w rmf without mmie received, since no proper length check in wma_process_bip, buffer overflow will happen in both cd...

CVE-2019-10480

Out of bound write can happen in WMI firmware event handler due to lack of validation of data received from WLAN firmware in Snapdragon Auto, Snapdrag...

CVE-2019-10481

Out of bound access occurs while handling the WMI FW event due to lack of check of buffer argument which comes directly from the WLAN FW in Snapdragon...

CVE-2019-10482

Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI ...

CVE-2019-10487

Buffer over read can happen while parsing SMS OTA messages at transport layer if network sends un-intended values in Snapdragon Auto, Snapdragon Compu...

CVE-2019-10500

While processing MT Secondary PDP request, Buffer overflow will happen due to incorrect calculation of buffer size in Snapdragon Auto, Snapdragon Comp...

CVE-2019-10513

Possibility of Null pointer access if the SPDM commands are executed in the non-standard way in Trustzone in Snapdragon Auto, Snapdragon Compute, Snap...

CVE-2019-10516

Multiple read overflows in MM while decoding service accept,service reject,attach reject and MT detach in Snapdragon Auto, Snapdragon Compute, Snapdra...

CVE-2019-10517

Memory is being freed up twice when two concurrent threads are executing in parallel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, ...

CVE-2019-10518

Use after free of a pointer in iWLAN scenario during netmgr state transition to CONNECT in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IO...

CVE-2019-10525

Buffer overflow during SIB read when network configures complete sib list along with first and last segment of other SIB in Snapdragon Auto, Snapdrago...

CVE-2019-10536

Potential double free scenario if driver receives another DIAG_EVENT_LOG_SUPPORTED event from firmware as the pointer is not set to NULL on first call...

CVE-2019-10537

Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eventually ...

CVE-2019-10544

Improper length check on source buffer to handle userspace data received can lead to out-of-bound access in diag handlers in Snapdragon Auto, Snapdrag...

CVE-2019-10557

Out-of-bound read in the wireless driver in the Linux kernel due to lack of check of buffer length. in Snapdragon Auto, Snapdragon Consumer Electronic...

CVE-2019-10564

Possible OOB issue in EEPROM due to lack of check while accessing memory map array at the time of reading operation in Snapdragon Auto, Snapdragon Com...

CVE-2019-10572

Improper check in video driver while processing data from video firmware can lead to integer overflow and then buffer overflow in Snapdragon Auto, Sna...

CVE-2019-10584

Possibility of out of bound access in debug queue, if packet size field is corrupted in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, ...

CVE-2019-10595

Possible buffer overwrite in message handler due to lack of validation of tid value calculated from packets received from firmware in Snapdragon Auto,...

CVE-2019-10598

Out of bound access can occur while processing peer info in IBSS connection mode due to lack of upper bounds check to ensure that for loop further wil...

CVE-2019-10600

Use of local variable as argument to netlink CB callback goes out of it scope when callback triggered lead to invalid stack memory in Snapdragon Auto,...

CVE-2019-10601

Out of bound access can occur while processing firmware event due to lack of validation of WMI message received from firmware in Snapdragon Auto, Snap...

CVE-2019-10605

Buffer overwrite can occur in IEEE80211 header filling function due to lack of range check of array index received from firmware in Snapdragon Auto, S...

CVE-2019-10607

Out of bounds memcpy can occur by providing the embedded NULL character string and length greater than the actual string length in Snapdragon Auto, Sn...

CVE-2019-10614

Out of boundary access is possible as there is no validation of data accessed against the received size of the packet in case of malicious firmware in...

CVE-2019-19880

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY...

CVE-2019-2242

Device memory may get corrupted because of buffer overflow/underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connecti...

CVE-2019-2274

Improper Access Control for RPU write access from secure processor in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivit...

CVE-2019-2304

Integer overflow to buffer overflow due to lack of validation of event arguments received from firmware. in Snapdragon Auto, Snapdragon Consumer Elect...

CVE-2019-19742

On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.

CVE-2019-4388

HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in t...

CVE-2019-19235

AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. Th...

CVE-2019-11399

An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_...

CVE-2019-11400

An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. A buffer overflow occurs through the get_set...

CVE-2019-5152

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a S...

CVE-2019-11992

A security vulnerability in HPE OneView for VMware vCenter 9.5 could be exploited remotely to allow Cross-Site Scripting.

CVE-2019-19882

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid pr...

CVE-2019-4609

IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IB...

CVE-2019-4716

IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and the...

CVE-2012-2312

An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat g...

CVE-2019-19829

A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-20...

CVE-2019-19832

Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName...

CVE-2019-19833

In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in appli...

CVE-2019-6201

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4...

CVE-2019-6204

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciousl...

CVE-2019-6207

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixe...

CVE-2019-6222

A consistency issue was addressed with improved state handling. This issue is fixed in iOS 12.2. A website may be able to access the microphone withou...

CVE-2019-6232

A race condition existed during the installation of iTunes for Windows. This was addressed with improved state handling. This issue is fixed in iCloud...

CVE-2019-6236

A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud...

CVE-2019-6237

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safa...

CVE-2019-6239

This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Mojave 10.14.4. A malicious application may bypass Gate...

CVE-2019-7284

This issue was addressed with improved checks. This issue is fixed in iOS 12.2. Processing a maliciously crafted mail message may lead to S/MIME signa...

CVE-2019-7285

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windo...

CVE-2019-7286

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. A...

CVE-2019-7287

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4. An application may be able to execute arbit...

CVE-2019-7289

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A loca...

CVE-2019-7290

An access issue was addressed with additional sandbox restrictions. This issue is fixed in Shortcuts 2.1.3 for iOS. A sandboxed process may be able to...

CVE-2019-7292

A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows,...

CVE-2019-7293

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. ...

CVE-2019-8502

An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS ...

CVE-2019-8503

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for W...

CVE-2019-8504

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A local user may be ...

CVE-2019-8505

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciousl...

CVE-2019-8506

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9....

CVE-2019-8507

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.4. Processing malicious dat...

CVE-2019-8508

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. Mounting a maliciously crafted NFS network...

CVE-2019-8510

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixe...

CVE-2019-8511

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A malicious a...

CVE-2019-8512

This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may authorize an enterprise administrator to remotely wip...

CVE-2019-8513

This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to execute arbitrary shell comman...

CVE-2019-8514

A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. An applicat...

CVE-2019-8515

A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari...

CVE-2019-8516

A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a mali...

CVE-2019-8517

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Proc...

CVE-2019-8518

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, ...

CVE-2019-8519

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. An application may be able to read res...

CVE-2019-8520

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to...

CVE-2019-8521

This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to overwrite...

CVE-2019-8522

A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4. An encrypted volume may be unmounted and remo...

CVE-2019-8523

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4...

CVE-2019-8524

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4...

CVE-2019-8526

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain ...

CVE-2019-8527

A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A remote...

CVE-2019-8529

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. An application may be a...

CVE-2019-8530

This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. A malicious application may be able t...

CVE-2019-8533

A lock handling issue was addressed with improved lock handling. This issue is fixed in macOS Mojave 10.14.4. A Mac may not lock when disconnecting fr...

CVE-2019-8535

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Win...

CVE-2019-8536

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12...

CVE-2019-8537

An access issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to view a user’s ...

CVE-2019-8540

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5...

CVE-2019-8541

A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2...

CVE-2019-8542

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2, iTunes 1...

CVE-2019-8544

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12...

CVE-2019-8545

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2....

CVE-2019-8546

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A local user m...

CVE-2019-8548

An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when...

CVE-2019-8549

Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. This issue is fixed in iOS 12.2,...

CVE-2019-8550

An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, ...

CVE-2019-8551

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for W...

CVE-2019-8552

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5...

CVE-2019-8553

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2. Clicking a malicious SMS li...

CVE-2019-8554

A permissions issue existed in the handling of motion and orientation data. This issue was addressed with improved restrictions. This issue is fixed i...

CVE-2019-8555

A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to exe...

CVE-2019-8556

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windo...

CVE-2019-8558

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, ...

CVE-2019-8559

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, ...

CVE-2019-8560

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A ...

CVE-2019-8561

A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to elevate priv...

CVE-2019-8562

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows. ...

CVE-2019-8563

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, ...

CVE-2019-8565

A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able ...

CVE-2019-8566

An API issue existed in the handling of microphone data. This issue was addressed with improved validation. This issue is fixed in iOS 12.2. A malicio...

CVE-2019-8567

A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.2. A device may be passively tracked by its Wi...

CVE-2019-8568

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 12.3...

CVE-2019-8571

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safa...

CVE-2019-8574

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1...

CVE-2019-8576

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A ...

CVE-2019-8577

An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1...

CVE-2019-8583

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watc...

CVE-2019-8584

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safa...

CVE-2019-8585

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. P...

CVE-2019-8586

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safa...

CVE-2019-8587

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safa...

CVE-2019-8589

This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.5. A malicious application may bypass Gatekeeper checks.

CVE-2019-8590

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary c...

CVE-2019-8591

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A...

CVE-2019-8593

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. An application may b...

CVE-2019-8594

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safa...

CVE-2019-8595

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safa...

CVE-2019-8596

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safa...

CVE-2019-8597

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safa...

CVE-2019-8598

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2....

CVE-2019-8599

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 12.3. A person with physical access to an iOS device may be able to...

CVE-2019-8600

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2....

CVE-2019-8601

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watc...

CVE-2019-8602

A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2...

CVE-2019-8603

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5. An application may be able to read res...

CVE-2019-8604

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to exec...

CVE-2019-8605

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1....

CVE-2019-8606

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Mo...

CVE-2019-8607

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, S...

CVE-2019-8608

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safa...

CVE-2019-8609

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safa...

CVE-2019-8610

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safa...

CVE-2019-8611

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safa...

CVE-2019-8613

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A remote attacker may...

CVE-2019-8615

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safa...

CVE-2019-8616

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to exec...

CVE-2019-8617

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.3. A sandboxed process may be able to circumvent san...

CVE-2019-8619

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safa...

CVE-2019-8620

A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A device may be p...

CVE-2019-8622

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watc...

CVE-2019-8623

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watc...

CVE-2019-8624

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 5.3. A remote attacker may be able to leak memory.

CVE-2019-8625

A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iClou...

CVE-2019-8626

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, watchOS 5.2.1. Processing a maliciously craft...

CVE-2019-8628

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safa...

CVE-2019-8629

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to ...

CVE-2019-8630

The issue was addressed with improved UI handling. This issue is fixed in iOS 12.3. The lock screen may show a locked icon after unlocking.

CVE-2019-8632

Some analytics data was sent using HTTP rather than HTTPS. This was addressed by no longer sending this analytics data. This issue is fixed in Texture...

CVE-2019-8634

An authentication issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5. A user may be unexpectedly logged i...

CVE-2019-8635

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to exec...

CVE-2019-8637

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A malicious applica...

CVE-2019-8641

An out-of-bounds read was addressed with improved input validation.

CVE-2019-8644

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safa...

CVE-2019-8646

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A r...

CVE-2019-8647

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. A remote attacker may b...

CVE-2019-8648

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3....

CVE-2019-8649

A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 1...

CVE-2019-8654

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.1. Visiting a malicious website ...

CVE-2019-8657

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. Par...

CVE-2019-8658

A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1...

CVE-2019-8659

This issue was addressed with improved checks. This issue is fixed in watchOS 5.3. Users removed from an iMessage conversation may still be able to al...

CVE-2019-8660

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3....

CVE-2019-8661

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.6. A remote attacker may be able to ca...

CVE-2019-8662

This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able ...

CVE-2019-8663

This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6. A remote attacker may be able to leak memory.

CVE-2019-8665

A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, watchOS 5.3. A remote attacker may cause an unexpec...

CVE-2019-8666

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safa...

CVE-2019-8667

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6. The encryption status ...

CVE-2019-8669

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watc...

CVE-2019-8670

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6, Safari 12.1.2. Visitin...

CVE-2019-8671

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safa...

CVE-2019-8672

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watc...

CVE-2019-8673

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safa...

CVE-2019-8674

A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may l...

CVE-2019-8676

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watc...

CVE-2019-8677

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safa...

CVE-2019-8678

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safa...

CVE-2019-8679

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safa...

CVE-2019-8680

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safa...

CVE-2019-8681

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safa...

CVE-2019-8682

The issue was addressed with improved UI handling. This issue is fixed in iOS 12.4, watchOS 5.3. A user may inadvertently complete an in-app purchase ...

CVE-2019-8683

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watc...

CVE-2019-8684

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watc...

CVE-2019-8685

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watc...

CVE-2019-8686

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safa...

CVE-2019-8687

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safa...

CVE-2019-8688

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watc...

CVE-2019-8689

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watc...

CVE-2019-8690

A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, mac...

CVE-2019-8691

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read res...

CVE-2019-8692

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read res...

CVE-2019-8693

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read res...

CVE-2019-8694

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to exec...

CVE-2019-8695

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to exec...

CVE-2019-8697

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to exec...

CVE-2019-8698

A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue i...

CVE-2019-8699

A logic issue existed in the handling of answering phone calls. The issue was addressed with improved state management. This issue is fixed in iOS 12....

CVE-2019-8701

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to exec...

CVE-2019-8704

An authentication issue was addressed with improved state management. This issue is fixed in tvOS 13. A local user may be able to leak sensitive user ...

CVE-2019-8705

A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15, tvOS 13. Processing a maliciously craft...

CVE-2019-8707

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for...

CVE-2019-8710

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously...

CVE-2019-8711

A logic issue existed with the display of notification previews. This issue was addressed with improved validation. This issue is fixed in iOS 13. Not...

CVE-2019-8717

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, tvOS 13. An application may be abl...

CVE-2019-8719

A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iClou...

CVE-2019-8721

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code wi...

CVE-2019-8722

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code wi...

CVE-2019-8723

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code wi...

CVE-2019-8724

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code wi...

CVE-2019-8725

The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private brow...

CVE-2019-8726

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for...

CVE-2019-8727

A logic issue was addressed with improved state management. This issue is fixed in iOS 13. Visiting a malicious website may lead to address bar spoofi...

CVE-2019-8730

The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS C...

CVE-2019-8731

A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This is...

CVE-2019-8733

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for...

CVE-2019-8735

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for...

CVE-2019-8738

A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may l...

CVE-2019-8739

A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may l...

CVE-2019-8742

The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13. A person with physical access to an iOS devi...

CVE-2019-8743

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web...

CVE-2019-8745

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15, tvOS 13, iTunes for Windows 12.10.1, iClou...

CVE-2019-8747

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in watchOS 6.1. An application may be able to execute arbit...

CVE-2019-8748

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to exec...

CVE-2019-8750

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Multiple...

CVE-2019-8755

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to determine ...

CVE-2019-8757

A race condition existed when reading and writing user preferences. This was addressed with improved state handling. This issue is fixed in macOS Cata...

CVE-2019-8758

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to exec...

CVE-2019-8760

This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled...

CVE-2019-8763

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13, Safari 13.0....

CVE-2019-8764

A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to...

CVE-2019-8765

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web...

CVE-2019-8766

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processin...

CVE-2019-8768

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina...

CVE-2019-8769

An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, ma...

CVE-2019-8770

The issue was addressed with improved permissions logic. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to access re...

CVE-2019-8772

An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Ca...

CVE-2019-8775

The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical acc...

CVE-2019-8779

A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixe...

CVE-2019-8781

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15. An application may be able to exe...

CVE-2019-8782

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13....

CVE-2019-8783

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13....

CVE-2019-8784

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, iTunes...

CVE-2019-8785

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 1...

CVE-2019-8786

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 1...

CVE-2019-8787

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2...

CVE-2019-8788

An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, mac...

CVE-2019-8789

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2...

CVE-2019-8791

An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Versi...

CVE-2019-8792

An injection issue was addressed with improved validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. P...

CVE-2019-8793

A consistency issue existed in deciding when to show the screen recording indicator. The issue was resolved with improved state management. This issue...

CVE-2019-8794

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2,...

CVE-2019-8795

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2. An application may ...

CVE-2019-8797

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 1...

CVE-2019-8798

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 1...

CVE-2019-8800

A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to...

CVE-2019-8801

A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15....

CVE-2019-8802

A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15.1. A malicious application may be able to gain root ...

CVE-2019-8803

An authentication issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13...

CVE-2019-8804

An inconsistency in Wi-Fi network configuration settings was addressed. This issue is fixed in iOS 13.2 and iPadOS 13.2. An attacker in physical proxi...

CVE-2019-8805

A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue i...

CVE-2019-8806

A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to...

CVE-2019-8807

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1. An application may be able to ex...

CVE-2019-8808

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6....

CVE-2019-8811

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6....

CVE-2019-8812

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6....

CVE-2019-8813

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Wind...

CVE-2019-8814

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13....

CVE-2019-8815

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13....

CVE-2019-8816

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6....

CVE-2019-8817

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.1. An application may be able to read r...

CVE-2019-8819

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13....

CVE-2019-8820

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6....

CVE-2019-8821

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13....

CVE-2019-8822

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13....

CVE-2019-8823

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13....

CVE-2019-8849

The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO application using...

CVE-2012-2656

An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive informat...

CVE-2019-19844

Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing ...

CVE-2019-19887

bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a NULL pointer dereference related to jfif_encode.

CVE-2019-19888

jfif_decode in jfif.c in ffjpeg through 2019-08-21 has a divide-by-zero error.

CVE-2019-19889

An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. The attacker can discover admin credentials in the backup file...

CVE-2019-19890

An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. Admin credentials are sent over cleartext HTTP.

CVE-2018-1311

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been a...

CVE-2019-11995

Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue...

CVE-2019-16782

There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8....

CVE-2019-18267

An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Jav...

CVE-2019-19688

A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to...

CVE-2019-19689

Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that ...

CVE-2019-19690

Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the produc...

CVE-2019-5074

An exploitable stack buffer overflow vulnerability exists in the iocheckd service ''I/O-Check'' functionality of WAGO PFC200 Firmware version 03.01.07...

CVE-2019-5077

An exploitable denial-of-service vulnerability exists in the iocheckd service ‘’I/O-Chec’’ functionality of WAGO PFC 200 Firmware versions 03.01.07(13...

CVE-2019-5081

An exploitable heap buffer overflow vulnerability exists in the iocheckd service ''I/O-Chec'' functionality of WAGO PFC 200 Firmware version 03.01.07(...

CVE-2019-7621

Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. An attacker with the...

CVE-2019-15575

A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs...

CVE-2019-15576

An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes...

CVE-2019-15577

An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via g...

CVE-2019-15580

An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was pos...

CVE-2019-15589

An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clon...

CVE-2019-15591

An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through ...

CVE-2019-15596

A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working...

CVE-2019-15597

A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input.

CVE-2019-15598

A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command.

CVE-2019-15599

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command.

CVE-2019-15600

A Path traversal exists in http_server which allows an attacker to read arbitrary system files.

CVE-2019-18571

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a reflected cross-site scripting vu...

CVE-2019-18572

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerab...

CVE-2019-18573

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. A...

CVE-2019-18994

Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load ...

CVE-2019-18995

The HMISimulator component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier fails to validate the content-length field for HTTP requests,...

CVE-2019-18996

Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, poten...

CVE-2019-18997

The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB6...

CVE-2019-19724

Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an...

CVE-2019-1387

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clon...

CVE-2019-5073

An exploitable information exposure vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(1...

CVE-2019-5075

An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of WAGO PFC200 Firmware versions 03.01.07(13) ...

CVE-2019-5078

An exploitable denial of service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) ...

CVE-2019-5079

An exploitable heap buffer overflow vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(1...

CVE-2019-5080

An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 03.01.07(13)...

CVE-2019-5469

An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users file...

CVE-2019-5486

A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used ...

CVE-2019-5487

An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch ...

CVE-2019-0131

Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user t...

CVE-2019-0165

Insufficient Input validation in the subsystem for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow a privileged user to potentiall...

CVE-2019-0166

Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated u...

CVE-2019-0168

Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45 and 13.0.10; Intel(R) TXE before versions 3.1.70 and...

CVE-2019-0169

Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may a...

CVE-2019-11086

Insufficient input validation in subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation ...

CVE-2019-11087

Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) T...

CVE-2019-11088

Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user t...

CVE-2019-11090

Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) T...

CVE-2019-11097

Improper directory permissions in the installer for Intel(R) Management Engine Consumer Driver for Windows before versions 11.8.70, 11.11.70, 11.22.70...

CVE-2019-11100

Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated u...

CVE-2019-11101

Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) T...

CVE-2019-11102

Insufficient input validation in Intel(R) DAL software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; In...

CVE-2019-11103

Insufficient input validation in firmware update software for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow an authenticated use...

CVE-2019-11104

Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R)...

CVE-2019-11105

Logic issue in subsystem for Intel(R) CSME before versions 12.0.45, 13.0.10 and 14.0.10 may allow a privileged user to potentially enable escalation o...

CVE-2019-11106

Insufficient session validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions...

CVE-2019-11107

Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalat...

CVE-2019-11108

Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.10 may allow a privileged user to potentially enable esc...

CVE-2019-11109

Logic issue in the subsystem for Intel(R) SPS before versions SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00.04.100.0 and SPS_SoC-A_04.00.04.191.0 may allow a...

CVE-2019-11110

Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE befor...

CVE-2019-11131

Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enab...

CVE-2019-11132

Cross site scripting in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow a privileged user to potentially e...

CVE-2019-11147

Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45,...

CVE-2019-18781

An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click o...

CVE-2019-19788

Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed...

CVE-2019-17390

An issue was discovered in the Outlook add-in in Pronestor Planner before 8.1.77. There is local privilege escalation in the Health Monitor service be...

CVE-2019-19899

Pebble Templates 3.1.2 allows attackers to bypass a protection mechanism (intended to block access to instances of java.lang.Class) because getClass i...

CVE-2019-15006

There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plu...

CVE-2019-7482

Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability imp...

CVE-2019-7483

In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a f...

CVE-2019-7484

Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulner...

CVE-2019-7485

Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. This vulnerability impacted SMA1...

CVE-2019-7486

Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100...

CVE-2019-7487

Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a ...

CVE-2019-19900

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying content t...

CVE-2019-19901

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying certain b...

CVE-2019-19902

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It allows the upload of entire-site configuration archives thro...

CVE-2019-19903

An issue was discovered in Backdrop CMS 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying file type descriptions created by ...

CVE-2019-16444