CVE List - 2019 / March
Showing 801 - 900 of 1194 CVEs for March 2019 (Page 9 of 12)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-5011 | 2019-03-21 | An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the... |
| CVE-2018-16563 | 2019-03-21 | A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.35), Firmware variant MODBUS TCP for EN100 Ethernet module (All versions), Firmware variant... |
| CVE-2018-4003 | 2019-03-21 | An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS... |
| CVE-2018-3969 | 2019-03-21 | An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots... |
| CVE-2018-3985 | 2019-03-21 | An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name... |
| CVE-2019-6491 | 2019-03-21 | RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection. |
| CVE-2018-4011 | 2019-03-21 | An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the "RDLENGTH" value is handled... |
| CVE-2018-4030 | 2019-03-21 | An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host"... |
| CVE-2018-3963 | 2019-03-21 | An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the... |
| CVE-2018-3968 | 2019-03-21 | An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker... |
| CVE-2019-7238 | 2019-03-21 | Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. |
| CVE-2017-16253 | 2019-03-21 | An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012 for the cc channel of Insteon Hub running firmware version 1012. Specially... |
| CVE-2017-16254 | 2019-03-21 | An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based... |
| CVE-2017-16255 | 2019-03-21 | An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based... |
| CVE-2019-8997 | 2019-03-21 | An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files... |
| CVE-2019-9903 | 2019-03-21 | PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted... |
| CVE-2019-9904 | 2019-03-21 | An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c. |
| CVE-2015-6461 | 2019-03-21 | Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web... |
| CVE-2019-5490 | 2019-03-21 | Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any... |
| CVE-2015-6462 | 2019-03-21 | Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H,... |
| CVE-2018-13798 | 2019-03-21 | A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network... |
| CVE-2015-6457 | 2019-03-21 | Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to... |
| CVE-2015-6458 | 2019-03-21 | Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to... |
| CVE-2019-7537 | 2019-03-21 | An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution. |
| CVE-2019-3855 | 2019-03-21 | An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote... |
| CVE-2019-3858 | 2019-03-21 | An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH... |
| CVE-2019-8351 | 2019-03-21 | Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| CVE-2019-3871 | 2019-03-21 | A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS... |
| CVE-2018-20031 | 2019-03-21 | A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a... |
| CVE-2018-20032 | 2019-03-21 | A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination... |
| CVE-2019-7539 | 2019-03-21 | A code injection issue was discovered in ipycache through 2016-05-31. |
| CVE-2018-20034 | 2019-03-21 | A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker... |
| CVE-2018-18913 | 2019-03-21 | Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL... |
| CVE-2019-9908 | 2019-03-21 | The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS. |
| CVE-2019-9909 | 2019-03-21 | The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS. |
| CVE-2019-9910 | 2019-03-21 | The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS. |
| CVE-2019-9911 | 2019-03-21 | The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS. |
| CVE-2019-9912 | 2019-03-21 | The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO. |
| CVE-2019-9913 | 2019-03-21 | The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS. |
| CVE-2019-9914 | 2019-03-21 | The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS. |
| CVE-2019-9915 | 2019-03-21 | GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter. |
| CVE-2019-9924 | 2019-03-22 | rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. |
| CVE-2019-9925 | 2019-03-22 | S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter. |
| CVE-2019-9927 | 2019-03-22 | Caret before 2019-02-22 allows Remote Code Execution. |
| CVE-2019-9923 | 2019-03-22 | pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. |
| CVE-2019-9936 | 2019-03-22 | In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related... |
| CVE-2019-9937 | 2019-03-22 | In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related... |
| CVE-2019-9938 | 2019-03-22 | The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated)... |
| CVE-2019-9939 | 2019-03-22 | The SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated)... |
| CVE-2019-9648 | 2019-03-22 | An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing... |
| CVE-2019-4035 | 2019-03-22 | IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to... |
| CVE-2019-4052 | 2019-03-22 | IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544. |
| CVE-2019-9649 | 2019-03-22 | An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\..\)... |
| CVE-2018-20165 | 2019-03-22 | Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI. |
| CVE-2019-1766 | 2019-03-22 | Cisco IP Phone 8800 Series File Upload Denial of Service Vulnerability |
| CVE-2019-1765 | 2019-03-22 | Cisco IP Phone 8800 Series Path Traversal Vulnerability |
| CVE-2019-1764 | 2019-03-22 | Cisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability |
| CVE-2019-1763 | 2019-03-22 | Cisco IP Phone 8800 Series Authorization Bypass Vulnerability |
| CVE-2019-1716 | 2019-03-22 | Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability |
| CVE-2019-9942 | 2019-03-23 | A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if... |
| CVE-2019-9945 | 2019-03-23 | SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user... |
| CVE-2019-9947 | 2019-03-23 | An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as... |
| CVE-2019-9948 | 2019-03-23 | urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a... |
| CVE-2016-10743 | 2019-03-23 | hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call. |
| CVE-2015-3965 | 2019-03-23 | Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function. |
| CVE-2019-9956 | 2019-03-23 | In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via... |
| CVE-2019-9960 | 2019-03-24 | The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path. |
| CVE-2019-9962 | 2019-03-24 | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy. |
| CVE-2019-9963 | 2019-03-24 | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap. |
| CVE-2019-9964 | 2019-03-24 | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey. |
| CVE-2019-9965 | 2019-03-24 | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap. |
| CVE-2019-9966 | 2019-03-24 | XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x38536c. |
| CVE-2019-9967 | 2019-03-24 | XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlPrefixUnicodeString. |
| CVE-2019-9968 | 2019-03-24 | XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlQueueWorkItem. |
| CVE-2019-9969 | 2019-03-24 | XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x385399. |
| CVE-2019-9970 | 2019-03-24 | Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This... |
| CVE-2019-9977 | 2019-03-24 | The renderer process in the entertainment system on Tesla Model 3 vehicles mishandles JIT compilation, which allows attackers to trigger firmware code execution, and display a crafted message to vehicle... |
| CVE-2019-9978 | 2019-03-24 | The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare... |
| CVE-2019-10010 | 2019-03-24 | Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly... |
| CVE-2019-10014 | 2019-03-24 | In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated. |
| CVE-2019-10015 | 2019-03-24 | baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BG_SITE_NAME field in... |
| CVE-2019-10017 | 2019-03-24 | CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker. |
| CVE-2019-10018 | 2019-03-24 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. |
| CVE-2019-10019 | 2019-03-24 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes. |
| CVE-2019-10020 | 2019-03-24 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters. |
| CVE-2019-10021 | 2019-03-24 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps. |
| CVE-2019-10022 | 2019-03-24 | An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc. |
| CVE-2019-10023 | 2019-03-24 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case. |
| CVE-2019-10024 | 2019-03-24 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters. |
| CVE-2019-10025 | 2019-03-24 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits. |
| CVE-2019-10026 | 2019-03-24 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case. |
| CVE-2019-10027 | 2019-03-24 | PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen. |
| CVE-2019-3810 | 2019-03-25 | A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users'... |
| CVE-2019-7609 | 2019-03-25 | Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will... |
| CVE-2019-10016 | 2019-03-25 | GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring. |
| CVE-2015-3952 | 2019-03-25 | Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version... |
| CVE-2017-9376 | 2019-03-25 | ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do. |
| CVE-2017-9362 | 2019-03-25 | ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API. |
| CVE-2019-3479 | 2019-03-25 | Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7. |
| CVE-2015-3953 | 2019-03-25 | Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13... |