CVE List - 2019 / March
Showing 1 - 100 of 1194 CVEs for March 2019 (Page 1 of 12)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-9483 | 2019-03-01 | Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio and video data, or insert spoofed video that does not correspond to the actual person at the... |
| CVE-2019-9484 | 2019-03-01 | The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the... |
| CVE-2018-20798 | 2019-03-01 | The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are incompatible with the block durations implemented by sshguard, which might make it easier for attackers to bypass intended access... |
| CVE-2018-20799 | 2019-03-01 | In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication... |
| CVE-2018-8790 | 2019-03-01 | Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM. |
| CVE-2019-9543 | 2019-03-01 | An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate... |
| CVE-2019-9544 | 2019-03-01 | An issue was discovered in Bento4 1.5.1-628. An out of bounds write occurs in AP4_CttsTableEntry::AP4_CttsTableEntry() located in Core/Ap4Array.h. It can be triggered by sending a crafted file to (for example)... |
| CVE-2019-9545 | 2019-03-01 | An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages... |
| CVE-2019-9546 | 2019-03-01 | SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service. |
| CVE-2019-9547 | 2019-03-01 | In Storage Performance Development Kit (SPDK) before 19.01, a malicious vhost client (i.e., virtual machine) could carefully construct a circular descriptor chain that would result in a partial denial of... |
| CVE-2019-8278 | 2019-03-02 | Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution. |
| CVE-2019-8279 | 2019-03-02 | Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum. |
| CVE-2019-9549 | 2019-03-03 | An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=user&act=addnew URI, as demonstrated by adding a level=1 account, a similar issue to CVE-2018-18935. |
| CVE-2019-9550 | 2019-03-03 | DhCms through 2017-09-18 has admin.php?r=admin/Index/index XSS. |
| CVE-2019-9551 | 2019-03-04 | An issue was discovered in DOYO (aka doyocms) 2.3 through 2015-05-06. It has admin.php XSS. |
| CVE-2019-9552 | 2019-03-04 | Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the p2p/api/ or p2p/lib/ or p2p/images/ URI. |
| CVE-2019-9563 | 2019-03-04 | In BlueMind 3.5.x before 3.5.11 Hotfix 7 and 4.x before 4.0-beta3, the contact application mishandles temporary uploads. |
| CVE-2019-9565 | 2019-03-04 | Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 before 10.1.2147 allows remote attackers to steal NTLM hashes or perform SMB relay attacks upon a direct launch... |
| CVE-2019-9566 | 2019-03-04 | FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request. |
| CVE-2019-9567 | 2019-03-04 | The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll. |
| CVE-2019-9568 | 2019-03-04 | The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission. |
| CVE-2019-6206 | 2019-03-04 | An issue existed with autofill resuming after it was canceled. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.3. Password autofill may fill in... |
| CVE-2019-6235 | 2019-03-04 | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3, iTunes 12.9.3 for Windows. A sandboxed process... |
| CVE-2017-15515 | 2019-03-04 | NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field. |
| CVE-2018-5482 | 2019-03-04 | NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain... |
| CVE-2019-9570 | 2019-03-05 | An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/system_manage/save.html URI, related to the site_code parameter. |
| CVE-2019-9572 | 2019-03-05 | SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the _Static substring, changing the Content-Type to application/zip, and placing... |
| CVE-2018-15361 | 2019-03-05 | UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability... |
| CVE-2019-8258 | 2019-03-05 | UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been... |
| CVE-2019-8259 | 2019-03-05 | UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another... |
| CVE-2019-8260 | 2019-03-05 | UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC client RRE decoder code, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has... |
| CVE-2019-8261 | 2019-03-05 | UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability... |
| CVE-2019-8262 | 2019-03-05 | UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity.... |
| CVE-2019-8263 | 2019-03-05 | UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable... |
| CVE-2019-6200 | 2019-03-05 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. An attacker in a privileged network position may be able to... |
| CVE-2019-6202 | 2019-03-05 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. A malicious application may be able to elevate privileges. |
| CVE-2019-6205 | 2019-03-05 | A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes... |
| CVE-2019-6208 | 2019-03-05 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in... |
| CVE-2019-6209 | 2019-03-05 | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3,... |
| CVE-2019-6210 | 2019-03-05 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able... |
| CVE-2019-6211 | 2019-03-05 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. Processing maliciously crafted web content may lead to arbitrary code... |
| CVE-2019-6212 | 2019-03-05 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing... |
| CVE-2019-6213 | 2019-03-05 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute... |
| CVE-2019-6214 | 2019-03-05 | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able... |
| CVE-2019-6215 | 2019-03-05 | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing... |
| CVE-2019-6216 | 2019-03-05 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows... |
| CVE-2019-6217 | 2019-03-05 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows... |
| CVE-2019-6218 | 2019-03-05 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to execute... |
| CVE-2019-6219 | 2019-03-05 | A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to... |
| CVE-2019-6220 | 2019-03-05 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.3. An application may be able to read restricted memory. |
| CVE-2019-6221 | 2019-03-05 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, iTunes 12.9.3 for Windows. A malicious application may be able to... |
| CVE-2019-6224 | 2019-03-05 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A remote attacker may be able... |
| CVE-2019-6225 | 2019-03-05 | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges. |
| CVE-2019-6226 | 2019-03-05 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows... |
| CVE-2019-6227 | 2019-03-05 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows... |
| CVE-2019-6228 | 2019-03-05 | A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue is fixed in iOS 12.1.3, Safari 12.0.3. Processing maliciously crafted web content may... |
| CVE-2019-6229 | 2019-03-05 | A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted... |
| CVE-2019-6230 | 2019-03-05 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3,macOS Mojave 10.14.3,tvOS 12.1.2,watchOS 5.1.3. A malicious application may be able to break out... |
| CVE-2019-6231 | 2019-03-05 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to... |
| CVE-2019-6233 | 2019-03-05 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing... |
| CVE-2019-6234 | 2019-03-05 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing... |
| CVE-2019-6223 | 2019-03-05 | A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental... |
| CVE-2018-19636 | 2019-03-05 | Local root exploit via inclusion of attacker controlled shell script |
| CVE-2018-19637 | 2019-03-05 | Static temporary filename allows overwriting of files |
| CVE-2018-19638 | 2019-03-05 | User can overwrite arbitrary log files in support tar |
| CVE-2018-19639 | 2019-03-05 | Code execution if run with command line switch -v |
| CVE-2018-19640 | 2019-03-05 | Code execution if run with command line switch -v |
| CVE-2018-1875 | 2019-03-05 | IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a... |
| CVE-2018-1899 | 2019-03-05 | IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM... |
| CVE-2018-1937 | 2019-03-05 | IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317. |
| CVE-2018-1938 | 2019-03-05 | IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318. |
| CVE-2018-1939 | 2019-03-05 | IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote... |
| CVE-2019-4027 | 2019-03-05 | IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2019-4028 | 2019-03-05 | IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2019-4029 | 2019-03-05 | IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2019-4032 | 2019-03-05 | IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view,... |
| CVE-2019-4063 | 2019-03-05 | IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition could allow highly sensitive information to be transmitted in plain text. An attacker could obtain this information using man in the... |
| CVE-2018-19725 | 2019-03-05 | Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation. |
| CVE-2019-9573 | 2019-03-05 | The WP Human Resource Management plugin before 2.2.6 for WordPress mishandles leave applications. |
| CVE-2019-9574 | 2019-03-05 | The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role. |
| CVE-2019-9575 | 2019-03-05 | The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/admin.php?page=mlw_quiz_results quiz_id XSS. |
| CVE-2019-9576 | 2019-03-05 | The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS. |
| CVE-2018-11793 | 2019-03-05 | When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow... |
| CVE-2019-3917 | 2019-03-05 | The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote, unauthenticated attacker to enable telnetd on the router via a crafted HTTP request. |
| CVE-2019-3918 | 2019-03-05 | The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces. |
| CVE-2019-3919 | 2019-03-05 | The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restore_Form?script/. |
| CVE-2019-3920 | 2019-03-05 | The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/. |
| CVE-2019-3921 | 2019-03-05 | The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usb_Form?script/.... |
| CVE-2019-3922 | 2019-03-05 | The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponForm/fsetup_Form.... |
| CVE-2019-6518 | 2019-03-05 | Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. |
| CVE-2019-6520 | 2019-03-05 | Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes. |
| CVE-2019-6522 | 2019-03-05 | Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive... |
| CVE-2019-6524 | 2019-03-05 | Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack. |
| CVE-2019-6528 | 2019-03-05 | PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy versions Telecontrol Gateway 3G Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol Gateway XS-MU Versions 4.2.21,... |
| CVE-2019-6557 | 2019-03-05 | Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution. |
| CVE-2019-6559 | 2019-03-05 | Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash. |
| CVE-2019-6561 | 2019-03-05 | Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device. |
| CVE-2019-6563 | 2019-03-05 | Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the... |
| CVE-2019-6565 | 2019-03-05 | Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script. |
| CVE-2019-9213 | 2019-03-05 | In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on... |