CVE List - 2019 / January
Showing 401 - 500 of 1212 CVEs for January 2019 (Page 5 of 13)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-0482 | 2019-01-10 | Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability |
| CVE-2018-0483 | 2019-01-10 | Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability |
| CVE-2018-16803 | 2019-01-10 | In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code. |
| CVE-2018-0484 | 2019-01-10 | Cisco IOS and IOS XE Software Secure Shell Connection on VRF Vulnerability |
| CVE-2018-15453 | 2019-01-10 | Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability |
| CVE-2018-15456 | 2019-01-10 | Cisco Identity Services Engine Password Recovery Vulnerability |
| CVE-2018-15457 | 2019-01-10 | Cisco Prime Infrastructure Cross-Site Scripting Vulnerability |
| CVE-2018-15458 | 2019-01-10 | Cisco Firepower Management Center Disk Utilization Denial of Service Vulnerability |
| CVE-2017-3718 | 2019-01-10 | Improper setting of device configuration in system firmware for Intel(R) NUC kits may allow a privileged user to potentially enable escalation of privilege via physical access. |
| CVE-2018-12166 | 2019-01-10 | Insufficient write protection in firmware for Intel(R) Optane(TM) SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access. |
| CVE-2018-12167 | 2019-01-10 | Firmware update routine in bootloader for Intel(R) Optane(TM) SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access. |
| CVE-2018-12177 | 2019-01-10 | Improper directory permissions in the ZeroConfig service in Intel(R) PROSet/Wireless WiFi Software before version 20.90.0.7 may allow an authorized user to potentially enable escalation of privilege via local access. |
| CVE-2018-18098 | 2019-01-10 | Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows before 2.2.100 may allow an escalation of privilege via local access. |
| CVE-2018-3703 | 2019-01-10 | Improper directory permissions in the installer for the Intel(R) SSD Data Center Tool for Windows before v3.0.17 may allow authenticated users to potentially enable an escalation of privilege via local... |
| CVE-2019-0088 | 2019-01-10 | Insufficient path checking in Intel(R) System Support Utility for Windows before 2.5.0.15 may allow an authenticated user to potentially enable an escalation of privilege via local access. |
| CVE-2018-20684 | 2019-01-10 | In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp. |
| CVE-2017-1002152 | 2019-01-10 | Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles. |
| CVE-2017-1002157 | 2019-01-10 | modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution. |
| CVE-2018-5403 | 2019-01-10 | Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to... |
| CVE-2018-5412 | 2019-01-10 | Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode. |
| CVE-2018-5413 | 2019-01-10 | Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation. |
| CVE-2018-15460 | 2019-01-10 | Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability |
| CVE-2018-15461 | 2019-01-10 | Cisco Webex Business Suite Cross-Site Scripting Vulnerability |
| CVE-2019-6126 | 2019-01-11 | The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers to bypass intended access restrictions by directly navigating to admin/dashboard.php or admin/user.php, as... |
| CVE-2019-6128 | 2019-01-11 | The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. |
| CVE-2019-6129 | 2019-01-11 | png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this... |
| CVE-2019-6130 | 2019-01-11 | Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c. |
| CVE-2019-6131 | 2019-01-11 | svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool. |
| CVE-2019-6127 | 2019-01-11 | An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table[] SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename. |
| CVE-2019-6132 | 2019-01-11 | An issue was discovered in Bento4 v1.5.1-627. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp when called from the AP4_EsdsAtom class in Core/Ap4EsdsAtom.cpp, as demonstrated by mp42aac. |
| CVE-2019-6133 | 2019-01-11 | In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack... |
| CVE-2018-15464 | 2019-01-11 | Cisco ASR 900 Series Aggregation Services Router Software Denial of Service Vulnerability |
| CVE-2018-15466 | 2019-01-11 | Cisco Policy Suite Graphite Unauthenticated Read-Only Access Vulnerability |
| CVE-2018-15467 | 2019-01-11 | Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability |
| CVE-2019-6135 | 2019-01-11 | An issue has been found in libIEC61850 v1.3.1. Memory_malloc in hal/memory/lib_memory.c has a memory leak when called from Asn1PrimitiveValue_create in mms/asn1/asn1_ber_primitive_value.c, as demonstrated by goose_publisher_example.c and iec61850_9_2_LE_example.c. |
| CVE-2019-6136 | 2019-01-11 | An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethernet_linux.c has a SEGV, as demonstrated by sv_subscriber_example.c and sv_subscriber.c. |
| CVE-2019-6137 | 2019-01-11 | An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in link_layer/link_layer.c has a NULL pointer dereference. |
| CVE-2019-6138 | 2019-01-11 | An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_memory.c have memory leaks when called from mms/iso_mms/common/mms_value.c, server/mms_mapping/mms_mapping.c, and server/mms_mapping/mms_sv.c (via common/string_utilities.c), as demonstrated by iec61850_9_2_LE_example.c. |
| CVE-2016-4642 | 2019-01-11 | In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was... |
| CVE-2016-4643 | 2019-01-11 | In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue... |
| CVE-2016-4644 | 2019-01-11 | In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This... |
| CVE-2016-7576 | 2019-01-11 | In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. |
| CVE-2017-13886 | 2019-01-11 | In macOS High Sierra before 10.13.2, an access issue existed with privileged WiFi system configuration. This issue was addressed with additional restrictions. |
| CVE-2017-13887 | 2019-01-11 | In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management. |
| CVE-2017-13888 | 2019-01-11 | In iOS before 11.2, a type confusion issue was addressed with improved memory handling. |
| CVE-2017-13889 | 2019-01-11 | In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a logic error existed in the validation of credentials. This was addressed with improved... |
| CVE-2017-13891 | 2019-01-11 | In iOS before 11.2, an inconsistent user interface issue was addressed through improved state management. |
| CVE-2017-2411 | 2019-01-11 | In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates. |
| CVE-2018-4147 | 2019-01-11 | In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling. |
| CVE-2018-4169 | 2019-01-11 | In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, an out-of-bounds read was addressed with improved input validation. |
| CVE-2018-4179 | 2019-01-11 | In macOS High Sierra before 10.13.4, there was an issue with the handling of smartcard PINs. This issue was addressed with additional logic. |
| CVE-2018-4180 | 2019-01-11 | In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. |
| CVE-2018-4181 | 2019-01-11 | In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. |
| CVE-2018-4182 | 2019-01-11 | In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS. |
| CVE-2018-4183 | 2019-01-11 | In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions. |
| CVE-2018-4185 | 2019-01-11 | In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was... |
| CVE-2018-4186 | 2019-01-11 | In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation. |
| CVE-2018-4189 | 2019-01-11 | In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue... |
| CVE-2018-4194 | 2019-01-11 | In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Windows, and macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved... |
| CVE-2018-4207 | 2019-01-11 | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This... |
| CVE-2018-4208 | 2019-01-11 | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This... |
| CVE-2018-4209 | 2019-01-11 | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This... |
| CVE-2018-4210 | 2019-01-11 | In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in... |
| CVE-2018-4212 | 2019-01-11 | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This... |
| CVE-2018-4213 | 2019-01-11 | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This... |
| CVE-2018-4217 | 2019-01-11 | In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing. |
| CVE-2018-4254 | 2019-01-11 | In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation. |
| CVE-2018-4255 | 2019-01-11 | In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. |
| CVE-2018-4256 | 2019-01-11 | In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. |
| CVE-2018-4257 | 2019-01-11 | In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved size validation. |
| CVE-2018-4258 | 2019-01-11 | In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking. |
| CVE-2018-4262 | 2019-01-11 | In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling. |
| CVE-2018-4277 | 2019-01-11 | In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was... |
| CVE-2018-4278 | 2019-01-11 | In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This... |
| CVE-2018-4281 | 2019-01-11 | In SwiftNIO before 1.8.0, a buffer overflow was addressed with improved size validation. |
| CVE-2018-4298 | 2019-01-11 | In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a permissions issue existed in Remote Management. This issue was addressed through improved permission... |
| CVE-2018-4330 | 2019-01-11 | In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling. |
| CVE-2018-4404 | 2019-01-11 | In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling. |
| CVE-2018-16866 | 2019-01-11 | An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to... |
| CVE-2018-16864 | 2019-01-11 | An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls... |
| CVE-2018-16865 | 2019-01-11 | An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket.... |
| CVE-2019-3803 | 2019-01-12 | Concourse includes token in CLI authentication callback |
| CVE-2018-20699 | 2019-01-12 | Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and... |
| CVE-2019-6243 | 2019-01-12 | Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI). |
| CVE-2019-6244 | 2019-01-12 | An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file. |
| CVE-2018-16206 | 2019-01-13 | Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2019-6245 | 2019-01-13 | An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. In the function agg::cell_aa::not_equal, dx is assigned to (x2 - x1). If dx >=... |
| CVE-2019-6246 | 2019-01-13 | An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the gil::get_color function in Generic Image Library in Boost, the return code is used as an address, leading to... |
| CVE-2019-6247 | 2019-01-13 | An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. A heap-based buffer overflow bug in svgpp_agg_render may lead to code execution. In the... |
| CVE-2019-6248 | 2019-01-13 | PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 has Reflected XSS via the srch parameter, as demonstrated by restaurants-details.php. |
| CVE-2018-16887 | 2019-01-13 | A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against... |
| CVE-2019-6249 | 2019-01-13 | An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add. |
| CVE-2019-6250 | 2019-01-13 | A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an... |
| CVE-2018-20703 | 2019-01-13 | CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string. |
| CVE-2019-6251 | 2019-01-14 | WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if... |
| CVE-2019-6256 | 2019-01-14 | A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP... |
| CVE-2019-6257 | 2019-01-14 | A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in php/elFinder.class.php. |
| CVE-2019-6259 | 2019-01-14 | An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter. |
| CVE-2018-1956 | 2019-01-14 | IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 153628. |
| CVE-2018-1967 | 2019-01-14 | IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |