CVE List - 2019 / October
Showing 901 - 1000 of 1566 CVEs for October 2019 (Page 10 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-3023 | 2019-10-16 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Stylesheet). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access... |
| CVE-2019-3024 | 2019-10-16 | Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2019-3025 | 2019-10-16 | Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. The supported version that is affected is 5.7. Difficult to exploit vulnerability allows unauthenticated attacker with... |
| CVE-2019-3026 | 2019-10-16 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows low... |
| CVE-2019-3027 | 2019-10-16 | Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login Help). Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2019-3028 | 2019-10-16 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows low... |
| CVE-2019-3010 | 2019-10-16 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the... |
| CVE-2019-3031 | 2019-10-16 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high... |
| CVE-2019-17576 | 2019-10-16 | An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to (instead of real recipients,... |
| CVE-2019-17663 | 2019-10-16 | D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in the device common gateway interface, leading to common injection. |
| CVE-2019-17436 | 2019-10-16 | A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to... |
| CVE-2019-17435 | 2019-10-16 | A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow... |
| CVE-2019-17512 | 2019-10-16 | There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can clear the router's log file via act=clear&logtype=sysact to log_clear.php, which could be used to... |
| CVE-2019-12636 | 2019-10-16 | Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability |
| CVE-2019-12637 | 2019-10-16 | Cisco Identity Services Engine Multiple Stored Cross-Site Scripting Vulnerabilities |
| CVE-2019-12638 | 2019-10-16 | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability |
| CVE-2019-12702 | 2019-10-16 | Cisco SPA100 Series Analog Telephone Adapters Reflected Cross-Site Scripting Vulnerability |
| CVE-2019-12703 | 2019-10-16 | Cisco SPA122 ATA with Router Devices DHCP Services Cross-Site Scripting Vulnerability |
| CVE-2019-12704 | 2019-10-16 | Cisco SPA100 Series Analog Telephone Adapters Web-Based Management Interface File Disclosure Vulnerability |
| CVE-2019-12705 | 2019-10-16 | Cisco Expressway Series and TelePresence Video Communication Server Cross-Site Scripting Vulnerability |
| CVE-2019-12708 | 2019-10-16 | Cisco SPA100 Series Analog Telephone Adapters Administrative Credentials Information Disclosure Vulnerability |
| CVE-2019-12718 | 2019-10-16 | Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability |
| CVE-2019-15240 | 2019-10-16 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities |
| CVE-2019-15241 | 2019-10-16 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities |
| CVE-2019-15242 | 2019-10-16 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities |
| CVE-2019-15243 | 2019-10-16 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities |
| CVE-2019-15244 | 2019-10-16 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities |
| CVE-2019-15245 | 2019-10-16 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities |
| CVE-2019-15246 | 2019-10-16 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities |
| CVE-2019-15247 | 2019-10-16 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities |
| CVE-2019-15248 | 2019-10-16 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities |
| CVE-2019-15249 | 2019-10-16 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities |
| CVE-2019-15250 | 2019-10-16 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities |
| CVE-2019-15251 | 2019-10-16 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities |
| CVE-2019-15252 | 2019-10-16 | Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities |
| CVE-2019-15257 | 2019-10-16 | Cisco SPA100 Series Analog Telephone Adapters Running Configuration Information Disclosure Vulnerability |
| CVE-2019-15258 | 2019-10-16 | Cisco SPA100 Series Analog Telephone Adapters Web Management Interface Denial of Service Vulnerability |
| CVE-2019-15260 | 2019-10-16 | Cisco Aironet Access Points Unauthorized Access Vulnerability |
| CVE-2019-15261 | 2019-10-16 | Cisco Aironet Access Points Point-to-Point Tunneling Protocol Denial of Service Vulnerability |
| CVE-2019-15262 | 2019-10-16 | Cisco Wireless LAN Controller Secure Shell Denial of Service Vulnerability |
| CVE-2019-15264 | 2019-10-16 | Cisco Aironet Access Points and Catalyst 9100 Access Points CAPWAP Denial of Service Vulnerability |
| CVE-2019-15265 | 2019-10-16 | Cisco Aironet Access Points Bridge Protocol Data Unit Port Disable Denial of Service Vulnerability |
| CVE-2019-15266 | 2019-10-16 | Cisco Wireless LAN Controller Path Traversal Vulnerability |
| CVE-2019-15268 | 2019-10-16 | Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities |
| CVE-2019-15269 | 2019-10-16 | Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities |
| CVE-2019-15270 | 2019-10-16 | Cisco Firepower Management Center Stored Cross-Site Scripting Vulnerability |
| CVE-2019-15273 | 2019-10-16 | Cisco TelePresence Collaboration Endpoint Software Arbitrary File Overwrite Vulnerabilities |
| CVE-2019-15274 | 2019-10-16 | Cisco TelePresence Collaboration Endpoint Software Command Injection Vulnerability |
| CVE-2019-15275 | 2019-10-16 | Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability |
| CVE-2019-15277 | 2019-10-16 | Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability |
| CVE-2019-15280 | 2019-10-16 | Cisco Firepower Management Center Software Stored Cross-Site Scripting Vulnerability |
| CVE-2019-15281 | 2019-10-16 | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability |
| CVE-2019-15282 | 2019-10-16 | Cisco Identity Services Engine Information Disclosure Vulnerability |
| CVE-2019-15962 | 2019-10-16 | Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write Vulnerability |
| CVE-2019-16700 | 2019-10-16 | The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution.... |
| CVE-2019-16699 | 2019-10-16 | The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote... |
| CVE-2019-16698 | 2019-10-16 | The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 has a missing access check in the backend module, allowing a user (with restricted permissions to the fe_users table) to... |
| CVE-2019-16682 | 2019-10-16 | The url_redirect (aka URL redirect) extension through 1.2.1 for TYPO3 fails to properly sanitize user input and is susceptible to SQL Injection. |
| CVE-2019-13116 | 2019-10-16 | The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections |
| CVE-2019-17665 | 2019-10-16 | NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory. |
| CVE-2019-17664 | 2019-10-16 | NSA Ghidra through 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching... |
| CVE-2019-17607 | 2019-10-16 | HongCMS 3.0.0 has XSS via the install/index.php servername parameter. |
| CVE-2019-17608 | 2019-10-16 | HongCMS 3.0.0 has XSS via the install/index.php dbname parameter. |
| CVE-2019-17609 | 2019-10-16 | HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter. |
| CVE-2019-17610 | 2019-10-16 | HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter. |
| CVE-2019-17611 | 2019-10-16 | HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter. |
| CVE-2019-17670 | 2019-10-17 | WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs. |
| CVE-2019-17666 | 2019-10-17 | rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. |
| CVE-2019-17667 | 2019-10-17 | Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name (aka SiteName) field. |
| CVE-2019-17668 | 2019-10-17 | Samsung Galaxy S10 and Note10 devices allow unlock operations via unregistered fingerprints in certain situations involving a third-party screen protector. |
| CVE-2019-17669 | 2019-10-17 | WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters. |
| CVE-2019-17674 | 2019-10-17 | WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. |
| CVE-2019-17675 | 2019-10-17 | WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF. |
| CVE-2019-17673 | 2019-10-17 | WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header. |
| CVE-2019-17672 | 2019-10-17 | WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements. |
| CVE-2019-17671 | 2019-10-17 | In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. |
| CVE-2019-17676 | 2019-10-17 | app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI. |
| CVE-2019-14424 | 2019-10-17 | A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple... |
| CVE-2019-14423 | 2019-10-17 | A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely... |
| CVE-2019-15849 | 2019-10-17 | eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs and send them to the victim. After the victim logs in to the session, the attacker... |
| CVE-2019-15850 | 2019-10-17 | eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execution in the ReGa.runScript method. An authenticated attacker can easily execute code and compromise the system. |
| CVE-2019-11253 | 2019-10-17 | Kubernetes API Server JSON/YAML parsing vulnerable to resource exhaustion attack |
| CVE-2019-16330 | 2019-10-17 | In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject... |
| CVE-2019-14287 | 2019-10-17 | In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking... |
| CVE-2019-17631 | 2019-10-17 | From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks. |
| CVE-2019-11284 | 2019-10-17 | Reactor Netty authentication leak in redirects |
| CVE-2019-13411 | 2019-10-17 | A remote command execution vulnerability was discovered in HiNet GPON firmware < I040GWR190731 port 3097 |
| CVE-2019-16917 | 2019-10-17 | WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL... |
| CVE-2019-17114 | 2019-10-17 | A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter... |
| CVE-2019-17115 | 2019-10-17 | Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The... |
| CVE-2019-17116 | 2019-10-17 | A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter... |
| CVE-2019-17117 | 2019-10-17 | A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter. |
| CVE-2019-17118 | 2019-10-17 | A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as (1) create or delete admin... |
| CVE-2019-8071 | 2019-10-17 | Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation. |
| CVE-2019-17119 | 2019-10-17 | Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter. |
| CVE-2019-17120 | 2019-10-17 | A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/adm_usrs.jsp. The usr parameter... |
| CVE-2019-10752 | 2019-10-17 | Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries... |
| CVE-2019-13657 | 2019-10-17 | CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. |
| CVE-2019-12611 | 2019-10-17 | An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in... |
| CVE-2019-18192 | 2019-10-17 | GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365. |