CVE List - 2019 / March
Showing 301 - 400 of 1194 CVEs for March 2019 (Page 4 of 12)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-1606 | 2019-03-08 | Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1606) |
| CVE-2019-1607 | 2019-03-08 | Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607) |
| CVE-2019-1608 | 2019-03-08 | Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608) |
| CVE-2019-1609 | 2019-03-08 | Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609) |
| CVE-2019-5015 | 2019-03-08 | A local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0's Install Helper helper tool. A user with local access can use this vulnerability to... |
| CVE-2019-1003031 | 2019-03-08 | A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master... |
| CVE-2019-1003032 | 2019-03-08 | A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java, src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.java that allows attackers with Job/Configure permission to execute arbitrary code on... |
| CVE-2019-1003033 | 2019-03-08 | A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. |
| CVE-2019-1003034 | 2019-03-08 | A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary... |
| CVE-2019-1003035 | 2019-03-08 | An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the 'verify configuration' form validation... |
| CVE-2019-1003036 | 2019-03-08 | A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an... |
| CVE-2019-1003037 | 2019-03-08 | An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in... |
| CVE-2019-1003038 | 2019-03-08 | An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of... |
| CVE-2019-1003039 | 2019-03-08 | An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them. |
| CVE-2019-9636 | 2019-03-08 | Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies,... |
| CVE-2019-1003029 | 2019-03-08 | A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master... |
| CVE-2019-1003030 | 2019-03-08 | A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the... |
| CVE-2017-3164 | 2019-03-08 | Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the... |
| CVE-2019-9637 | 2019-03-08 | An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being... |
| CVE-2019-9638 | 2019-03-08 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the... |
| CVE-2019-9639 | 2019-03-08 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the... |
| CVE-2019-9640 | 2019-03-08 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. |
| CVE-2019-9641 | 2019-03-08 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. |
| CVE-2019-8277 | 2019-03-09 | UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another... |
| CVE-2019-8264 | 2019-03-09 | UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside Ultra2 decoder, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This... |
| CVE-2019-8265 | 2019-03-09 | UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macro in VNC client code, which can potentially result in code execution. This attack appears to... |
| CVE-2019-8266 | 2019-03-09 | UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnection::Copybuffer function in VNC client code, which can potentially result in code execution. This attack appears to... |
| CVE-2019-8267 | 2019-03-09 | UltraVNC revision 1207 has out-of-bounds read vulnerability in VNC client code inside TextChat module, which results in a denial of service (DoS) condition. This attack appears to be exploitable via... |
| CVE-2019-8268 | 2019-03-09 | UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable... |
| CVE-2019-8269 | 2019-03-09 | UltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial of service (DoS) condition. This attack appear to be exploitable... |
| CVE-2019-8270 | 2019-03-09 | UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial of service (DoS) condition. This attack appear to be exploitable via... |
| CVE-2019-8271 | 2019-03-09 | UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via... |
| CVE-2019-8272 | 2019-03-09 | UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have... |
| CVE-2019-8273 | 2019-03-09 | UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be... |
| CVE-2019-8274 | 2019-03-09 | UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be... |
| CVE-2019-8275 | 2019-03-09 | UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via... |
| CVE-2019-8276 | 2019-03-09 | UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in Denial of Service (DoS). This attack appears to... |
| CVE-2019-8280 | 2019-03-09 | UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability... |
| CVE-2019-9580 | 2019-03-09 | In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS. |
| CVE-2019-9646 | 2019-03-10 | The Contact Form Email plugin before 1.2.66 for WordPress allows wp-admin/admin.php item XSS, related to cp_admin_int_edition.inc.php in the "custom edition area." |
| CVE-2019-9650 | 2019-03-11 | An XSS issue was discovered in upcoming_events.php in the Upcoming Events plugin before 1.33 for MyBB via a crafted name for an event. |
| CVE-2019-9651 | 2019-03-11 | An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the check_bad() function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions... |
| CVE-2019-9652 | 2019-03-11 | There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the... |
| CVE-2019-9656 | 2019-03-11 | An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump. |
| CVE-2019-9658 | 2019-03-11 | Checkstyle before 8.18 loads external DTDs by default. |
| CVE-2019-9660 | 2019-03-11 | Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter. |
| CVE-2019-9661 | 2019-03-11 | Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html "value" parameter, |
| CVE-2019-9662 | 2019-03-11 | An issue was discovered in JTBC(PHP) 3.0.1.8. Its cache management module is flawed. An arbitrary file ending in "inc.php" can be deleted via a console/cache/manage.php?type=action&action=batch&batch=delete&ids=../ substring. |
| CVE-2019-9675 | 2019-03-11 | An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that... |
| CVE-2019-9659 | 2019-03-11 | The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as... |
| CVE-2019-9686 | 2019-03-11 | pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. pacman... |
| CVE-2019-9687 | 2019-03-11 | PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. |
| CVE-2019-9688 | 2019-03-11 | sftnow through 2018-12-29 allows index.php?g=Admin&m=User&a=add_post CSRF to add an admin account. |
| CVE-2019-9692 | 2019-03-11 | class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). |
| CVE-2019-9693 | 2019-03-11 | In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter... |
| CVE-2018-1890 | 2019-03-11 | IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081. |
| CVE-2018-1902 | 2019-03-11 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM... |
| CVE-2018-1922 | 2019-03-11 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution.... |
| CVE-2018-1923 | 2019-03-11 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution.... |
| CVE-2018-1974 | 2019-03-11 | IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915. |
| CVE-2018-1978 | 2019-03-11 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to... |
| CVE-2018-1980 | 2019-03-11 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to... |
| CVE-2018-1998 | 2019-03-11 | IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792.... |
| CVE-2018-2009 | 2019-03-11 | IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all... |
| CVE-2019-1610 | 2019-03-11 | Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1610) |
| CVE-2019-1611 | 2019-03-11 | Cisco FXOS and NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1611) |
| CVE-2019-1612 | 2019-03-11 | Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1612) |
| CVE-2019-1613 | 2019-03-11 | Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1613) |
| CVE-2019-1614 | 2019-03-11 | Cisco NX-OS Software NX-API Command Injection Vulnerability |
| CVE-2019-1615 | 2019-03-11 | Cisco NX-OS Software Image Signature Verification Vulnerability |
| CVE-2019-1616 | 2019-03-11 | Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability |
| CVE-2019-1617 | 2019-03-11 | Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability |
| CVE-2019-1618 | 2019-03-11 | Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Tetration Analytics Agent Arbitrary Code Execution Vulnerability |
| CVE-2019-1690 | 2019-03-11 | Cisco Application Policy Infrastructure Controller IPv6 Link-Local Address Vulnerability |
| CVE-2019-1702 | 2019-03-11 | Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities |
| CVE-2019-1707 | 2019-03-11 | Cisco DNA Center Access Contract Stored Cross-Site Scripting Vulnerability |
| CVE-2019-4015 | 2019-03-11 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to... |
| CVE-2019-4016 | 2019-03-11 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to... |
| CVE-2019-9704 | 2019-03-12 | Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not... |
| CVE-2019-9705 | 2019-03-12 | Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is... |
| CVE-2019-9706 | 2019-03-12 | Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error. |
| CVE-2019-9710 | 2019-03-12 | An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is... |
| CVE-2019-9644 | 2019-03-12 | An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to... |
| CVE-2019-9718 | 2019-03-12 | In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in... |
| CVE-2019-9721 | 2019-03-12 | A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in... |
| CVE-2018-17944 | 2019-03-12 | On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they... |
| CVE-2019-9711 | 2019-03-12 | An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS. |
| CVE-2019-9712 | 2019-03-12 | An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS. |
| CVE-2019-9713 | 2019-03-12 | An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access. |
| CVE-2019-9714 | 2019-03-12 | An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS. |
| CVE-2019-9557 | 2019-03-12 | Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into... |
| CVE-2019-9558 | 2019-03-12 | Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting (XSS) via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript... |
| CVE-2019-9725 | 2019-03-12 | The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting. |
| CVE-2019-5917 | 2019-03-12 | azure-umqtt-c (available through GitHub prior to 2017 October 6) allows remote attackers to cause a denial of service via unspecified vectors. |
| CVE-2019-5918 | 2019-03-12 | Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. |
| CVE-2019-5919 | 2019-03-12 | An incomplete cryptography of the data store function by using hidden tag in Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to obtain information of the stored data,... |
| CVE-2019-5920 | 2019-03-12 | Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page. |
| CVE-2019-5921 | 2019-03-12 | Untrusted search path vulnerability in Windows 7 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2019-5922 | 2019-03-12 | Untrusted search path vulnerability in The installer of Microsoft Teams allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2019-5923 | 2019-03-12 | Directory traversal vulnerability in iChain Insurance Wallet App for iOS Version 1.3.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors. |