CVE List - 2019 / April
Showing 701 - 800 of 1531 CVEs for April 2019 (Page 8 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-0019 | 2019-04-10 | BGP packets can trigger rpd crash when BGP tracing is enabled. |
| CVE-2019-0028 | 2019-04-10 | Junos OS: RPD process crashes due to specific BGP peer restarts condition. |
| CVE-2019-0031 | 2019-04-10 | Junos OS: jdhcpd daemon memory consumption Denial of Service when receiving specific IPv6 DHCP packets. |
| CVE-2019-0032 | 2019-04-10 | Junos Space Service Now and Service Insight: Organization username and password stored in plaintext in log files. |
| CVE-2019-0033 | 2019-04-10 | SRX Series: A remote attacker may cause a high CPU Denial of Service to the device when proxy ARP is configured. |
| CVE-2019-0035 | 2019-04-10 | Junos OS: 'set system ports console insecure' allows root password recovery on OAM volumes |
| CVE-2019-0036 | 2019-04-10 | Junos OS: Firewall filter terms named "internal-1" and "internal-2" being ignored |
| CVE-2019-0037 | 2019-04-10 | Junos OS: jdhcpd crash upon receipt of crafted DHCPv6 solicit message |
| CVE-2019-0038 | 2019-04-10 | SRX Series: Crafted packets destined to fxp0 management interface on SRX340/SRX345 devices can lead to DoS |
| CVE-2019-0039 | 2019-04-10 | Junos OS: Login credentials are vulnerable to brute force attacks through the REST API |
| CVE-2019-0040 | 2019-04-10 | Junos OS: Specially crafted packets sent to port 111 on any interface triggers responses from the management interface |
| CVE-2019-0041 | 2019-04-10 | Junos OS: EX4300-MP Series: IP transit traffic can reach the control plane via loopback interface. |
| CVE-2019-0042 | 2019-04-10 | Incorrect messages from Juniper Identity Management Service (JIMS) can trigger Denial of Service or firewall bypass conditions for SRX series devices |
| CVE-2019-0043 | 2019-04-10 | Junos OS: RPD process crashes upon receipt of a specific SNMP packet |
| CVE-2019-0044 | 2019-04-10 | Junos OS: SRX5000 series: Kernel crash (vmcore) upon receipt of a specific packet on fxp0 interface |
| CVE-2019-11070 | 2019-04-10 | WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization.... |
| CVE-2019-0279 | 2019-04-10 | ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization... |
| CVE-2019-0282 | 2019-04-10 | Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal... |
| CVE-2019-0283 | 2019-04-10 | SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and... |
| CVE-2019-0284 | 2019-04-10 | SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. The attacker can call SLDREG with an XML... |
| CVE-2019-0285 | 2019-04-10 | The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker. |
| CVE-2019-11071 | 2019-04-10 | SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled. |
| CVE-2018-19453 | 2019-04-10 | Kentico CMS before 11.0.45 allows unrestricted upload of a file with a dangerous type. |
| CVE-2019-11072 | 2019-04-10 | lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious... |
| CVE-2018-14683 | 2019-04-10 | PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI. |
| CVE-2019-11077 | 2019-04-11 | FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI. |
| CVE-2019-11078 | 2019-04-11 | MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI. |
| CVE-2019-3914 | 2019-04-11 | Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access... |
| CVE-2019-3915 | 2019-04-11 | Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain... |
| CVE-2019-3916 | 2019-04-11 | Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API... |
| CVE-2019-3845 | 2019-04-11 | A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite... |
| CVE-2019-3837 | 2019-04-11 | It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same... |
| CVE-2019-6318 | 2019-04-11 | HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that potentially allows execution of arbitrary code. |
| CVE-2018-19300 | 2019-04-11 | On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware... |
| CVE-2019-3459 | 2019-04-11 | A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. |
| CVE-2019-3460 | 2019-04-11 | A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. |
| CVE-2018-17305 | 2019-04-11 | UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution. |
| CVE-2019-5672 | 2019-04-11 | NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in... |
| CVE-2019-5673 | 2019-04-11 | NVIDIA Jetson TX2 contains a vulnerability in the kernel driver (on all versions prior to R28.3) where the ARM System Memory Management Unit (SMMU) improperly checks for a fault condition,... |
| CVE-2019-6610 | 2019-04-11 | On BIG-IP versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11.6.0-11.6.3.4, and 11.5.1-11.5.8, the system is vulnerable to a denial of service attack when performing URL classification. |
| CVE-2019-5024 | 2019-04-11 | A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of... |
| CVE-2019-9974 | 2019-04-11 | diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices... |
| CVE-2019-9975 | 2019-04-11 | DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key. |
| CVE-2019-9976 | 2019-04-11 | The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface... |
| CVE-2019-5715 | 2019-04-11 | All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and... |
| CVE-2019-7219 | 2019-04-11 | Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former... |
| CVE-2019-9733 | 2019-04-11 | An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case an administrator gets locked out... |
| CVE-2019-9628 | 2019-04-11 | The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an... |
| CVE-2019-9056 | 2019-04-11 | An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted... |
| CVE-2019-6493 | 2019-04-11 | SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC0 is called. This kernel pointer... |
| CVE-2019-7644 | 2019-04-11 | Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker,... |
| CVE-2019-6796 | 2019-04-11 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field... |
| CVE-2018-19202 | 2019-04-11 | A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsetting[bburl]' parameter. |
| CVE-2018-20487 | 2019-04-11 | An issue was discovered in the firewall3 component in Inteno IOPSYS 1.0 through 3.16. The attacker must make a JSON-RPC method call to add a firewall rule as an "include"... |
| CVE-2019-6525 | 2019-04-11 | AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. A user with low privileges could make... |
| CVE-2019-6534 | 2019-04-11 | The uncontrolled search path element vulnerability in Gemalto Sentinel UltraPro Client Library ux32w.dll Versions 1.3.0, 1.3.1, and 1.3.2 enables an attacker to load and execute a malicious file. |
| CVE-2019-11190 | 2019-04-11 | The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the... |
| CVE-2019-11191 | 2019-04-11 | The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called... |
| CVE-2019-11196 | 2019-04-12 | An authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management System (IUMS) allows unauthenticated, remote attackers to gain administrator privileges via the Teachers Web Panel (TWP) User ID... |
| CVE-2019-11213 | 2019-04-12 | In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end... |
| CVE-2017-14199 | 2019-04-12 | A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0. |
| CVE-2018-6239 | 2019-04-12 | NVIDIA Jetson TX2 contains a vulnerability by means of speculative execution where local and unprivileged code may access the contents of cached information in an unauthorized manner, which may lead... |
| CVE-2018-6269 | 2019-04-12 | NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) handling for user mode requests could create a non-trusted pointer dereference, which may lead to information... |
| CVE-2019-1574 | 2019-04-12 | Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View. |
| CVE-2019-10880 | 2019-04-12 | Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP... |
| CVE-2018-13137 | 2019-04-12 | The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI. |
| CVE-2018-16254 | 2019-04-12 | There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: The vendor states that this is not a vulnerability. WP All Import is only... |
| CVE-2018-16255 | 2019-04-12 | There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate. NOTE: The vendor states that this is not a vulnerability. WP All Import is only... |
| CVE-2018-16256 | 2019-04-12 | There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule). NOTE: The vendor states that this is not a vulnerability. WP All... |
| CVE-2017-7772 | 2019-04-12 | Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function. |
| CVE-2018-16257 | 2019-04-12 | There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only... |
| CVE-2018-16258 | 2019-04-12 | There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type. NOTE: The vendor states that this is not a vulnerability. WP All Import is... |
| CVE-2018-16259 | 2019-04-12 | There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit. NOTE: The vendor states that this is not a vulnerability. WP All Import is... |
| CVE-2019-11221 | 2019-04-12 | GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c. |
| CVE-2019-11222 | 2019-04-12 | gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file. |
| CVE-2017-7771 | 2019-04-12 | Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. |
| CVE-2017-7773 | 2019-04-12 | Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor. |
| CVE-2017-7774 | 2019-04-12 | Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function. |
| CVE-2017-7776 | 2019-04-12 | Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph. |
| CVE-2017-7777 | 2019-04-12 | Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function. |
| CVE-2019-6526 | 2019-04-12 | Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of... |
| CVE-2019-3891 | 2019-04-12 | It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access... |
| CVE-2017-18366 | 2019-04-12 | Subrion CMS 4.1.5 has CSRF in blog/delete/. |
| CVE-2019-11228 | 2019-04-13 | repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress. |
| CVE-2019-11229 | 2019-04-13 | models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution. |
| CVE-2018-18261 | 2019-04-14 | In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter. |
| CVE-2019-11236 | 2019-04-15 | In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. |
| CVE-2019-0232 | 2019-04-15 | When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due... |
| CVE-2019-6609 | 2019-04-15 | Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions... |
| CVE-2018-1925 | 2019-04-15 | IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925. |
| CVE-2019-4012 | 2019-04-15 | IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view,... |
| CVE-2019-4178 | 2019-04-15 | IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on... |
| CVE-2019-4202 | 2019-04-15 | IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on the server and gain complete... |
| CVE-2019-4203 | 2019-04-15 | IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force... |
| CVE-2019-5516 | 2019-04-15 | VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds vulnerability... |
| CVE-2019-5520 | 2019-04-15 | VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read... |
| CVE-2019-5517 | 2019-04-15 | VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities... |
| CVE-2018-17583 | 2019-04-15 | The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_exclude_pages action. |
| CVE-2018-17584 | 2019-04-15 | The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page. |
| CVE-2018-17585 | 2019-04-15 | The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the wpfastestcacheoptions wpFastestCachePreload_number or wpFastestCacheLanguage parameter. |