CVE List - 2019 / March
Showing 1001 - 1100 of 1194 CVEs for March 2019 (Page 11 of 12)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-15813 | 2019-03-26 | FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000000e1237 via a crafted image file. |
| CVE-2018-15814 | 2019-03-26 | FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000001cb509 via a crafted image file. |
| CVE-2018-15815 | 2019-03-26 | FastStone Image Viewer 6.5 has an Exception Handler Chain Corrupted issue starting at image00400000+0x00000000003ef68a via a crafted image file. |
| CVE-2018-15816 | 2019-03-26 | FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d7d via a crafted image file. |
| CVE-2018-15817 | 2019-03-26 | FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d63 via a crafted image file. |
| CVE-2019-9744 | 2019-03-26 | An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. There is unauthorized access to... |
| CVE-2019-9743 | 2019-03-26 | An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component. |
| CVE-2019-6569 | 2019-03-26 | The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious... |
| CVE-2019-1569 | 2019-03-26 | The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user. |
| CVE-2019-1570 | 2019-03-26 | The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. |
| CVE-2019-1572 | 2019-03-26 | PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files. |
| CVE-2019-10105 | 2019-03-26 | CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager. |
| CVE-2019-10106 | 2019-03-26 | CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section. |
| CVE-2019-10107 | 2019-03-26 | CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section. |
| CVE-2019-1571 | 2019-03-26 | The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings. |
| CVE-2019-3828 | 2019-03-27 | Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host,... |
| CVE-2019-3847 | 2019-03-27 | A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but... |
| CVE-2019-7167 | 2019-03-27 | Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these... |
| CVE-2019-10118 | 2019-03-27 | Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API. |
| CVE-2016-10744 | 2019-03-27 | In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to... |
| CVE-2019-10125 | 2019-03-27 | An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by... |
| CVE-2019-9917 | 2019-03-27 | ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding. |
| CVE-2019-3877 | 2019-03-27 | A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL,... |
| CVE-2018-10934 | 2019-03-27 | A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to... |
| CVE-2019-3814 | 2019-03-27 | It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly... |
| CVE-2019-3821 | 2019-03-27 | A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway... |
| CVE-2019-3840 | 2019-03-27 | A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can... |
| CVE-2019-3817 | 2019-03-27 | A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps... |
| CVE-2018-16207 | 2019-03-27 | PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to bypass access restriction to alter or edit unauthorized files via unspecified vectors. |
| CVE-2019-5926 | 2019-03-27 | Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2019-5927 | 2019-03-27 | Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors. |
| CVE-2019-5418 | 2019-03-27 | There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target... |
| CVE-2019-9863 | 2019-03-27 | Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is... |
| CVE-2019-5419 | 2019-03-27 | There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and... |
| CVE-2019-5420 | 2019-03-27 | A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used... |
| CVE-2019-9862 | 2019-03-27 | An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because "encrypted signal transmission" is missing, an attacker is... |
| CVE-2019-9860 | 2019-03-27 | Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm... |
| CVE-2018-5923 | 2019-03-27 | In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code. |
| CVE-2018-5926 | 2019-03-27 | A potential vulnerability has been identified in HP Remote Graphics Software’s certificate authentication process version 7.5.0 and earlier. |
| CVE-2019-6536 | 2019-03-27 | Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute... |
| CVE-2018-5927 | 2019-03-27 | HP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitrary code. |
| CVE-2017-2748 | 2019-03-27 | A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no... |
| CVE-2017-2752 | 2019-03-27 | A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access... |
| CVE-2019-10231 | 2019-03-27 | Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php). |
| CVE-2019-10232 | 2019-03-27 | Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php. |
| CVE-2019-10233 | 2019-03-27 | Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie. |
| CVE-2018-19641 | 2019-03-27 | Solutions Business Manager (SBM) Unauthenticated remote code execution issue in version prior to 11.5 |
| CVE-2018-19642 | 2019-03-27 | Solutions Business Manager (SBM) Denial of Service issue in version prior to 11.5 |
| CVE-2018-19466 | 2019-03-27 | A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls. |
| CVE-2017-18364 | 2019-03-27 | phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter. |
| CVE-2018-19644 | 2019-03-27 | Solutions Business Manager (SBM) reflected cross site script issue in version prior to 11.5 |
| CVE-2018-19643 | 2019-03-27 | Solutions Business Manager (SBM) Information Leakage issue in version prior to 11.5 |
| CVE-2018-19016 | 2019-03-27 | Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier. A remote attacker could send a crafted UDP packet to... |
| CVE-2019-3829 | 2019-03-27 | A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509... |
| CVE-2018-12546 | 2019-03-27 | In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will... |
| CVE-2018-12550 | 2019-03-27 | When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto... |
| CVE-2018-12551 | 2019-03-27 | When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This... |
| CVE-2018-18994 | 2019-03-27 | LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of bounds read when opening a specially crafted project file, which may cause a system crash or allow data exfiltration. |
| CVE-2019-10237 | 2019-03-27 | S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040. |
| CVE-2019-10238 | 2019-03-27 | Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter. |
| CVE-2019-1000031 | 2019-03-27 | A disk space or quota exhaustion issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave... |
| CVE-2019-1010257 | 2019-03-27 | An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's... |
| CVE-2018-15585 | 2019-03-27 | Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter. |
| CVE-2018-3613 | 2019-03-27 | Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. |
| CVE-2018-12183 | 2019-03-27 | Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. |
| CVE-2018-12182 | 2019-03-27 | Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. |
| CVE-2018-12178 | 2019-03-27 | Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network. |
| CVE-2019-0160 | 2019-03-27 | Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. |
| CVE-2017-7655 | 2019-03-27 | In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library. |
| CVE-2018-12179 | 2019-03-27 | Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. |
| CVE-2018-12545 | 2019-03-27 | In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or... |
| CVE-2018-12180 | 2019-03-27 | Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access. |
| CVE-2018-12181 | 2019-03-27 | Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access. |
| CVE-2019-0161 | 2019-03-27 | Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. |
| CVE-2017-9626 | 2019-03-27 | Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing... |
| CVE-2018-14814 | 2019-03-27 | WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lacks proper validation of user-supplied data, which may result in a read past the... |
| CVE-2018-19648 | 2019-03-27 | An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETCONF Access Management (NACM) allows unprivileged users to create privileged users and execute arbitrary commands via the use of... |
| CVE-2019-1737 | 2019-03-27 | Cisco IOS and IOS XE Software IP Service Level Agreement Denial of Service Vulnerability |
| CVE-2019-1738 | 2019-03-27 | Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerability |
| CVE-2019-1739 | 2019-03-27 | Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities |
| CVE-2019-1741 | 2019-03-27 | Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability |
| CVE-2019-1740 | 2019-03-27 | Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities |
| CVE-2019-1743 | 2019-03-27 | Cisco IOS XE Software Arbitrary File Upload Vulnerability |
| CVE-2019-1742 | 2019-03-27 | Cisco IOS XE Software Information Disclosure Vulnerability |
| CVE-2019-1745 | 2019-03-27 | Cisco IOS XE Software Command Injection Vulnerability |
| CVE-2019-1746 | 2019-03-27 | Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability |
| CVE-2019-1748 | 2019-03-27 | Cisco IOS and IOS XE Software Network Plug-and-Play Agent Certificate Validation Vulnerability |
| CVE-2019-1747 | 2019-03-27 | Cisco IOS and IOS XE Software Short Message Service Denial of Service Vulnerability |
| CVE-2019-1750 | 2019-03-27 | Cisco IOS XE Software Catalyst 4500 Cisco Discovery Protocol Denial of Service Vulnerability |
| CVE-2019-1749 | 2019-03-27 | Cisco Aggregation Services Router 900 Route Switch Processor 3 OSPFv2 Denial of Service Vulnerability |
| CVE-2019-1751 | 2019-03-28 | Cisco IOS Software NAT64 Denial of Service Vulnerability |
| CVE-2019-1752 | 2019-03-28 | Cisco IOS and IOS XE Software ISDN Interface Denial of Service Vulnerability |
| CVE-2019-1753 | 2019-03-28 | Cisco IOS XE Software Privilege Escalation Vulnerability |
| CVE-2019-1756 | 2019-03-28 | Cisco IOS XE Software Command Injection Vulnerability |
| CVE-2019-1755 | 2019-03-28 | Cisco IOS XE Software Command Injection Vulnerability |
| CVE-2019-1754 | 2019-03-28 | Cisco IOS XE Software Privilege Escalation Vulnerability |
| CVE-2019-1758 | 2019-03-28 | Cisco IOS Software Catalyst 6500 Series 802.1x Authentication Bypass Vulnerability |
| CVE-2019-1757 | 2019-03-28 | Cisco IOS and IOS XE Software Smart Call Home Certificate Validation Vulnerability |
| CVE-2019-1761 | 2019-03-28 | Cisco IOS and IOS XE Software Hot Standby Router Protocol Information Leak Vulnerability |
| CVE-2019-1760 | 2019-03-28 | Cisco IOS XE Software Performance Routing Version 3 Denial of Service Vulnerability |