CVE List - 2019 / February
Showing 601 - 700 of 838 CVEs for February 2019 (Page 7 of 9)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-20146 | 2019-02-21 | An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell. |
| CVE-2019-8979 | 2019-02-21 | Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled. |
| CVE-2019-8980 | 2019-02-21 | A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures. |
| CVE-2018-20122 | 2019-02-21 | The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be... |
| CVE-2018-6687 | 2019-02-21 | GetSusp (a free McAfee tool) update fixes an infinite loop vulnerability (CVE-2018-6687) |
| CVE-2019-8982 | 2019-02-21 | com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF. |
| CVE-2019-1659 | 2019-02-21 | Cisco Prime Infrastructure Certificate Validation Vulnerability |
| CVE-2019-8983 | 2019-02-21 | MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2). |
| CVE-2019-8984 | 2019-02-21 | MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2). |
| CVE-2018-1944 | 2019-02-21 | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound... |
| CVE-2018-1945 | 2019-02-21 | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit... |
| CVE-2018-1946 | 2019-02-21 | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection... |
| CVE-2018-1947 | 2019-02-21 | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... |
| CVE-2018-1948 | 2019-02-21 | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the... |
| CVE-2018-1949 | 2019-02-21 | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM... |
| CVE-2018-1950 | 2019-02-21 | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance generates an error message that includes sensitive information about its environment, users, or associated data which could be used... |
| CVE-2018-2006 | 2019-02-21 | IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot"... |
| CVE-2019-1662 | 2019-02-21 | Cisco Prime Collaboration Assurance Software Unauthenticated Access Vulnerability |
| CVE-2018-20783 | 2019-02-21 | In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated... |
| CVE-2019-8985 | 2019-02-21 | On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial... |
| CVE-2019-1664 | 2019-02-21 | Cisco HyperFlex Software Unauthenticated Root Access Vulnerability |
| CVE-2019-1665 | 2019-02-21 | Cisco Hyperflex Stored Cross-Site Scripting Vulnerability |
| CVE-2019-1666 | 2019-02-21 | Cisco HyperFlex Unauthenticated Statistics Retrieval Vulnerability |
| CVE-2019-1667 | 2019-02-21 | Cisco HyperFlex Arbitrary Statistics Write Vulnerability |
| CVE-2019-1681 | 2019-02-21 | Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability |
| CVE-2019-1684 | 2019-02-21 | Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol and Link Layer Discovery Protocol Denial of Service Vulnerability |
| CVE-2019-1685 | 2019-02-21 | Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability |
| CVE-2019-6340 | 2019-02-21 | Drupal core - Highly critical - Remote Code Execution |
| CVE-2019-1691 | 2019-02-21 | Cisco Firepower Threat Defense Software SSL or TLS Denial of Service Vulnerability |
| CVE-2019-1698 | 2019-02-21 | Cisco IoT Field Network Director XML External Entity Vulnerability |
| CVE-2019-1700 | 2019-02-21 | Cisco Firepower 9000 Series Firepower 2-Port 100G Double-Width Network Module Queue Wedge Denial of Service Vulnerability |
| CVE-2019-8955 | 2019-02-21 | In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the... |
| CVE-2019-9002 | 2019-02-22 | An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the database_host parameter if the installer remains... |
| CVE-2019-7728 | 2019-02-22 | An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to improperly implemented TLS certificate checks, a malicious actor could potentially succeed in executing a... |
| CVE-2019-7729 | 2019-02-22 | An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to setting of insecure permissions, a malicious app could potentially succeed in retrieving video clips... |
| CVE-2018-20784 | 2019-02-22 | In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by... |
| CVE-2019-9003 | 2019-02-22 | In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart"... |
| CVE-2019-9004 | 2019-02-22 | In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13.c in lwm2mserver in the LWM2M server mishandles invalid options, leading to a memory leak. Processing of a single crafted packet leads to leaking... |
| CVE-2019-9015 | 2019-02-22 | A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the "column management" function. The path added to... |
| CVE-2019-9016 | 2019-02-22 | An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[name] parameter in a... |
| CVE-2019-9019 | 2019-02-22 | The British Airways Entertainment System, as installed on Boeing 777-36N(ER) and possibly other aircraft, does not prevent the USB charging/data-transfer feature from interacting with USB keyboard and mouse devices, which... |
| CVE-2019-6485 | 2019-02-22 | Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1... |
| CVE-2019-9020 | 2019-02-22 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory... |
| CVE-2019-9021 | 2019-02-22 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension... |
| CVE-2019-9022 | 2019-02-22 | An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause... |
| CVE-2019-9023 | 2019-02-22 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular... |
| CVE-2019-9024 | 2019-02-22 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read... |
| CVE-2019-9025 | 2019-02-22 | An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with... |
| CVE-2018-18692 | 2019-02-23 | A reflected Cross-Site scripting (XSS) vulnerability in SEMCO Semcosoft 5.3 allows remote attackers to inject arbitrary web scripts or HTML via the username parameter to the Login Form. |
| CVE-2019-9026 | 2019-02-23 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function InflateVarName() in inflate.c when called from ReadNextCell... |
| CVE-2019-9027 | 2019-02-23 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow problem in the function ReadNextCell() in mat5.c. |
| CVE-2019-9028 | 2019-02-23 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function InflateDimensions() in inflate.c when called from ReadNextCell... |
| CVE-2019-9029 | 2019-02-23 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read with a SEGV in the function Mat_VarReadNextInfo5() in mat5.c. |
| CVE-2019-9030 | 2019-02-23 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in mat5.c. |
| CVE-2019-9031 | 2019-02-23 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a NULL pointer dereference in the function Mat_VarFree() in mat.c. |
| CVE-2019-9032 | 2019-02-23 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds write problem causing a SEGV in the function Mat_VarFree() in mat.c. |
| CVE-2019-9033 | 2019-02-23 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for the "Rank and Dimension" feature in the function ReadNextCell()... |
| CVE-2019-9034 | 2019-02-23 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for a memcpy in the function ReadNextCell() in mat5.c. |
| CVE-2019-9035 | 2019-02-23 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function ReadNextStructField() in mat5.c. |
| CVE-2019-9036 | 2019-02-23 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function ReadNextFunctionHandle() in mat5.c. |
| CVE-2019-9037 | 2019-02-23 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a buffer over-read in the function Mat_VarPrint() in mat.c. |
| CVE-2019-9038 | 2019-02-23 | An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read problem with a SEGV in the function ReadNextCell() in mat5.c. |
| CVE-2014-10078 | 2019-02-23 | Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php. |
| CVE-2014-10079 | 2019-02-23 | In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is... |
| CVE-2018-20785 | 2019-02-23 | Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be... |
| CVE-2019-9041 | 2019-02-23 | An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring. |
| CVE-2019-9042 | 2019-02-23 | An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only... |
| CVE-2019-9040 | 2019-02-23 | S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332. |
| CVE-2019-9048 | 2019-02-23 | An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI. |
| CVE-2019-9049 | 2019-02-23 | An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI. |
| CVE-2019-9050 | 2019-02-23 | An issue was discovered in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code by using action=installmodule to upload a ZIP archive, which is then extracted and executed. |
| CVE-2019-9051 | 2019-02-23 | An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI. |
| CVE-2019-9052 | 2019-02-23 | An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI. |
| CVE-2019-9047 | 2019-02-23 | GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter can be controlled. |
| CVE-2019-9062 | 2019-02-23 | PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site Request Forgery (CSRF) in my-account.php. |
| CVE-2019-9063 | 2019-02-23 | PHP Scripts Mall Auction website script 2.0.4 allows parameter tampering of the payment amount. |
| CVE-2019-9064 | 2019-02-23 | PHP Scripts Mall Cab Booking Script 1.0.3 allows Directory Traversal into the parent directory of a jpg or png file. |
| CVE-2019-9065 | 2019-02-23 | PHP Scripts Mall Custom T-Shirt Ecommerce Script 3.1.1 allows parameter tampering of the payment amount. |
| CVE-2019-9066 | 2019-02-23 | PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user profile. |
| CVE-2019-9070 | 2019-02-24 | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls. |
| CVE-2019-9071 | 2019-02-24 | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. |
| CVE-2019-9072 | 2019-02-24 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c. |
| CVE-2019-9073 | 2019-02-24 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c. |
| CVE-2019-9074 | 2019-02-24 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32... |
| CVE-2019-9075 | 2019-02-24 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c. |
| CVE-2019-9076 | 2019-02-24 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c. |
| CVE-2019-9077 | 2019-02-24 | An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section. |
| CVE-2019-8375 | 2019-02-24 | The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view... |
| CVE-2018-20786 | 2019-02-24 | libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c. |
| CVE-2019-9078 | 2019-02-24 | zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT. |
| CVE-2019-9082 | 2019-02-24 | ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command. |
| CVE-2019-9107 | 2019-02-25 | XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php. |
| CVE-2019-9108 | 2019-02-25 | XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php. |
| CVE-2019-9109 | 2019-02-25 | XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php. |
| CVE-2019-9110 | 2019-02-25 | XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php. |
| CVE-2018-20787 | 2019-02-25 | The ft5x46 touchscreen driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the size... |
| CVE-2018-20788 | 2019-02-25 | drivers/leds/leds-aw2023.c in the led driver for custom Linux kernels on the Xiaomi Redmi 6pro daisy-o-oss phone has several integer overflows because of a left-shifting operation when the right-hand operand can... |
| CVE-2019-9111 | 2019-02-25 | The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the count... |
| CVE-2019-9112 | 2019-02-25 | The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the count... |
| CVE-2019-9113 | 2019-02-25 | Ming (aka libming) 0.4.8 has a NULL pointer dereference in the function getString() in the decompile.c file in libutil.a. |