CVE List - 2019 / October
Showing 1301 - 1400 of 1566 CVEs for October 2019 (Page 14 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-8084 | 2019-10-25 | Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. |
| CVE-2019-8085 | 2019-10-25 | Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. |
| CVE-2019-8086 | 2019-10-25 | Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. |
| CVE-2019-8087 | 2019-10-25 | Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. |
| CVE-2019-8088 | 2019-10-25 | Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2019-8234 | 2019-10-25 | Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site request forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. |
| CVE-2013-4857 | 2019-10-25 | D-Link DIR-865L has PHP File Inclusion in the router xml file. |
| CVE-2013-4856 | 2019-10-25 | D-Link DIR-865L has Information Disclosure. |
| CVE-2013-4855 | 2019-10-25 | D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. |
| CVE-2013-4848 | 2019-10-25 | TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. |
| CVE-2013-4658 | 2019-10-25 | Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share. |
| CVE-2019-14451 | 2019-10-25 | RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can... |
| CVE-2019-4036 | 2019-10-25 | IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159. |
| CVE-2019-4394 | 2019-10-25 | IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232. |
| CVE-2019-4395 | 2019-10-25 | IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333. |
| CVE-2019-4396 | 2019-10-25 | IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this... |
| CVE-2019-4399 | 2019-10-25 | IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 162260. |
| CVE-2019-4400 | 2019-10-25 | IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing... |
| CVE-2019-4461 | 2019-10-25 | IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further... |
| CVE-2019-16265 | 2019-10-25 | CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow. |
| CVE-2019-5127 | 2019-10-25 | A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a... |
| CVE-2019-5128 | 2019-10-25 | A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a... |
| CVE-2019-5129 | 2019-10-25 | A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a... |
| CVE-2019-5116 | 2019-10-25 | An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause a SQL injection. An attacker can send a web request with... |
| CVE-2019-5117 | 2019-10-25 | Exploitable SQL injection vulnerabilities exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing... |
| CVE-2019-5121 | 2019-10-25 | SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter uuid in... |
| CVE-2019-5122 | 2019-10-25 | SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter name in... |
| CVE-2019-5123 | 2019-10-25 | Specially crafted web requests can cause SQL injections in YouPHPTube 7.6. An attacker can send a web request with Parameter dir in /objects/pluginSwitch.json.php. |
| CVE-2019-5114 | 2019-10-25 | An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters... |
| CVE-2019-5120 | 2019-10-25 | An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters... |
| CVE-2019-5119 | 2019-10-25 | An exploitable SQL injection vulnerability exist in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters... |
| CVE-2019-13549 | 2019-10-25 | Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against... |
| CVE-2019-13553 | 2019-10-25 | Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow... |
| CVE-2019-13546 | 2019-10-25 | In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an... |
| CVE-2019-13525 | 2019-10-25 | In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed... |
| CVE-2019-5508 | 2019-10-25 | Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS). |
| CVE-2019-17138 | 2019-10-25 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2019-17139 | 2019-10-25 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-17140 | 2019-10-25 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-17141 | 2019-10-25 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-17142 | 2019-10-25 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-17143 | 2019-10-25 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-17144 | 2019-10-25 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2019-17145 | 2019-10-25 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2017-14742 | 2019-10-25 | Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely. |
| CVE-2019-18221 | 2019-10-25 | CoreHR Core Portal before 27.0.7 allows stored XSS. |
| CVE-2019-16662 | 2019-10-28 | An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec... |
| CVE-2019-16663 | 2019-10-28 | An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec... |
| CVE-2019-14931 | 2019-10-28 | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to... |
| CVE-2019-14927 | 2019-10-28 | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download... |
| CVE-2019-14928 | 2019-10-28 | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker... |
| CVE-2019-14926 | 2019-10-28 | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or... |
| CVE-2019-14930 | 2019-10-28 | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could... |
| CVE-2019-14929 | 2019-10-28 | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured... |
| CVE-2019-14925 | 2019-10-28 | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an... |
| CVE-2019-18466 | 2019-10-28 | An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an... |
| CVE-2002-2444 | 2019-10-28 | Snoopy before 2.0.0 has a security hole in exec cURL |
| CVE-2005-2349 | 2019-10-28 | Zoo 2.10 has Directory traversal |
| CVE-2019-18195 | 2019-10-28 | An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation. |
| CVE-2010-3293 | 2019-10-28 | mailscanner can allow local users to prevent virus signatures from being updated |
| CVE-2009-4899 | 2019-10-28 | pixelpost 1.7.1 has SQL injection |
| CVE-2009-4900 | 2019-10-28 | pixelpost 1.7.1 has XSS |
| CVE-2019-11043 | 2019-10-28 | Underflow in PHP-FPM can lead to RCE |
| CVE-2019-3636 | 2019-10-28 | File masquerade attack vulnerability in McAfee Total Protection |
| CVE-2019-17224 | 2019-10-28 | The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence... |
| CVE-2010-4245 | 2019-10-28 | pootle 2.0.5 has XSS via 'match_names' parameter |
| CVE-2010-4241 | 2019-10-28 | Tiki Wiki CMS Groupware 5.2 has CSRF |
| CVE-2010-4240 | 2019-10-28 | Tiki Wiki CMS Groupware 5.2 has XSS |
| CVE-2017-5731 | 2019-10-28 | Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access. |
| CVE-2010-4239 | 2019-10-28 | Tiki Wiki CMS Groupware 5.2 has Local File Inclusion |
| CVE-2019-16897 | 2019-10-28 | In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the administrative privileges of the... |
| CVE-2019-5537 | 2019-10-28 | Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d)... |
| CVE-2019-5538 | 2019-10-28 | Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d)... |
| CVE-2019-5536 | 2019-10-28 | VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this... |
| CVE-2012-5577 | 2019-10-28 | Python keyring lib before 0.10 created keyring files with world-readable permissions. |
| CVE-2019-17181 | 2019-10-28 | A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007-06-03). An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of... |
| CVE-2019-14450 | 2019-10-28 | A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 through 0.91 that allows for the creation of a user controlled XML file at an unintended location. When this... |
| CVE-2017-15725 | 2019-10-28 | An XML External Entity Injection vulnerability exists in Dzone AnswerHub. |
| CVE-2019-18188 | 2019-10-28 | Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex... |
| CVE-2019-18189 | 2019-10-28 | A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an... |
| CVE-2019-18187 | 2019-10-28 | Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific... |
| CVE-2011-2538 | 2019-10-28 | Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands. |
| CVE-2012-2945 | 2019-10-28 | Hadoop 1.0.3 contains a symlink vulnerability. |
| CVE-2019-3976 | 2019-10-28 | RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package... |
| CVE-2019-3978 | 2019-10-28 | RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of... |
| CVE-2019-3979 | 2019-10-28 | RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records... |
| CVE-2019-3977 | 2019-10-28 | RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into... |
| CVE-2019-10748 | 2019-10-28 | Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects. |
| CVE-2019-10743 | 2019-10-28 | All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames.... |
| CVE-2019-5533 | 2019-10-28 | In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the... |
| CVE-2019-0210 | 2019-10-28 | In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. |
| CVE-2019-0205 | 2019-10-28 | In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had... |
| CVE-2019-4306 | 2019-10-28 | IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by... |
| CVE-2019-4307 | 2019-10-28 | IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 160987. |
| CVE-2019-4309 | 2019-10-28 | IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035. |
| CVE-2019-4311 | 2019-10-28 | IBM Security Guardium Big Data Intelligence (SonarG) 4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 161037. |
| CVE-2019-4314 | 2019-10-28 | IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. IBM X-Force ID: 1610141. |
| CVE-2019-4329 | 2019-10-28 | IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data... |
| CVE-2019-4330 | 2019-10-28 | IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in... |
| CVE-2019-4339 | 2019-10-28 | IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 161418. |