CVE List - 2019 / April
Showing 801 - 900 of 1531 CVEs for April 2019 (Page 9 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-17586 | 2019-04-15 | The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_timeout_pages action. |
| CVE-2018-4009 | 2019-04-15 | An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise... |
| CVE-2018-4008 | 2019-04-15 | An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context.... |
| CVE-2018-18017 | 2019-04-15 | XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. |
| CVE-2018-18018 | 2019-04-15 | SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. |
| CVE-2018-18019 | 2019-04-15 | XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter. |
| CVE-2018-16966 | 2019-04-15 | There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. |
| CVE-2018-16967 | 2019-04-15 | There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. |
| CVE-2019-9845 | 2019-04-16 | madskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in Controllers/BlogController.cs writes a decoded base64 string to... |
| CVE-2018-19971 | 2019-04-16 | JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. |
| CVE-2018-18489 | 2019-04-16 | The ping feature in the Diagnostic functionality on TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n devices allows remote attackers to cause a denial of service (HTTP service termination) by... |
| CVE-2019-7155 | 2019-04-16 | An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. A user... |
| CVE-2019-3883 | 2019-04-17 | In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only... |
| CVE-2019-9494 | 2019-04-17 | The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacks |
| CVE-2019-9495 | 2019-04-17 | The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns |
| CVE-2019-9496 | 2019-04-17 | An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps |
| CVE-2019-9497 | 2019-04-17 | The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit |
| CVE-2019-9498 | 2019-04-17 | The implementations of EAP-PWD in hostapd EAP Server do not validate the scalar and element values in EAP-pwd-Commit |
| CVE-2019-9499 | 2019-04-17 | The implementations of EAP-PWD in wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit |
| CVE-2019-3708 | 2019-04-17 | Cross-Site Scripting Vulnerability in OVA file upload feature |
| CVE-2019-3709 | 2019-04-17 | Cross-Site Scripting Vulnerability while registering vCenter servers |
| CVE-2019-3798 | 2019-04-17 | Escalation of Privileges in Cloud Controller |
| CVE-2018-13808 | 2019-04-17 | A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). An attacker with network access to port 23/tcp could extract internal communication data or cause a... |
| CVE-2018-13809 | 2019-04-17 | A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated web server of the affected CP devices could allow Cross-Site Scripting (XSS) attacks if... |
| CVE-2018-13810 | 2019-04-17 | A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery... |
| CVE-2018-16558 | 2019-04-17 | A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port... |
| CVE-2018-16559 | 2019-04-17 | A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port... |
| CVE-2018-16561 | 2019-04-17 | A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU.... |
| CVE-2019-6568 | 2019-04-17 | The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to... |
| CVE-2019-6570 | 2019-04-17 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization.... |
| CVE-2019-6575 | 2019-04-17 | A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI... |
| CVE-2019-6579 | 2019-04-17 | A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system... |
| CVE-2017-11427 | 2019-04-17 | Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal |
| CVE-2017-11428 | 2019-04-17 | Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal |
| CVE-2017-11429 | 2019-04-17 | Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal |
| CVE-2017-11430 | 2019-04-17 | Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal |
| CVE-2018-7340 | 2019-04-17 | Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal |
| CVE-2019-10953 | 2019-04-17 | ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network... |
| CVE-2019-10949 | 2019-04-17 | Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing... |
| CVE-2019-10951 | 2019-04-17 | Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute... |
| CVE-2019-10947 | 2019-04-17 | Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute... |
| CVE-2019-8455 | 2019-04-17 | A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can... |
| CVE-2019-8453 | 2019-04-17 | Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace... |
| CVE-2019-0228 | 2019-04-17 | Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. |
| CVE-2018-4007 | 2019-04-17 | An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An... |
| CVE-2018-4005 | 2019-04-17 | An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to raise their privileges... |
| CVE-2018-4004 | 2019-04-17 | An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the disconnectService functionality. A non-root user is able to kill any privileged process on the system.... |
| CVE-2018-10959 | 2019-04-17 | Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an... |
| CVE-2018-4006 | 2019-04-17 | An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system.... |
| CVE-2018-13378 | 2019-04-17 | An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code. |
| CVE-2019-9756 | 2019-04-17 | An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control,... |
| CVE-2019-9176 | 2019-04-17 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows CSRF. |
| CVE-2019-9174 | 2019-04-17 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF. |
| CVE-2019-9172 | 2019-04-17 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 2 of 5). |
| CVE-2019-9170 | 2019-04-17 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control. |
| CVE-2019-9175 | 2019-04-17 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 3 of 5). |
| CVE-2019-9178 | 2019-04-17 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 4 of 5). |
| CVE-2019-9179 | 2019-04-17 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 5 of 5). |
| CVE-2019-9890 | 2019-04-17 | An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. |
| CVE-2019-9171 | 2019-04-17 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 1 of 5). |
| CVE-2019-9224 | 2019-04-17 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 4 of 5). |
| CVE-2019-9225 | 2019-04-17 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 5 of 5). |
| CVE-2019-9219 | 2019-04-17 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5). |
| CVE-2019-9217 | 2019-04-17 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Its User Interface has a Misrepresentation of Critical Information. |
| CVE-2019-9222 | 2019-04-17 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. |
| CVE-2019-9223 | 2019-04-17 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure. |
| CVE-2019-9220 | 2019-04-17 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption. |
| CVE-2018-18094 | 2019-04-17 | Improper directory permissions in installer for Intel(R) Media SDK before 2018 R2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2019-0158 | 2019-04-17 | Insufficient path checking in the installation package for Intel(R) Graphics Performance Analyzer for Linux version 18.4 and before may allow an authenticated user to potentially enable escalation of privilege via... |
| CVE-2019-0162 | 2019-04-17 | Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2019-0163 | 2019-04-17 | Insufficient input validation in system firmware for Intel(R) Broadwell U i5 vPro before version MYBDWi5v.86A may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or... |
| CVE-2019-10641 | 2019-04-17 | Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password. |
| CVE-2019-10643 | 2019-04-17 | Contao 4.7 allows Use of a Key Past its Expiration Date. |
| CVE-2019-10642 | 2019-04-17 | Contao 4.7 allows CSRF. |
| CVE-2018-20028 | 2019-04-17 | Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control. |
| CVE-2018-0248 | 2019-04-17 | Cisco Wireless LAN Controller Software GUI Configuration Denial of Service Vulnerabilities |
| CVE-2018-0382 | 2019-04-17 | Cisco Wireless LAN Controller Software Session Hijacking Vulnerability |
| CVE-2019-1654 | 2019-04-17 | Cisco Aironet Series Access Points Development Shell Access Vulnerability |
| CVE-2019-1710 | 2019-04-17 | Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation Vulnerability |
| CVE-2019-1686 | 2019-04-17 | Cisco ASR 9000 Series Aggregation Services Routers ACL Bypass Vulnerability |
| CVE-2019-1711 | 2019-04-17 | Cisco IOS XR gRPC Software Denial of Service Vulnerability |
| CVE-2019-1718 | 2019-04-17 | Cisco Identity Services Engine SSL Renegotiation Denial of Service Vulnerability |
| CVE-2019-1712 | 2019-04-17 | Cisco IOS XR Software Protocol Independent Multicast Denial of Service Vulnerability |
| CVE-2018-16877 | 2019-04-18 | A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with... |
| CVE-2018-16878 | 2019-04-18 | A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS |
| CVE-2019-11324 | 2019-04-18 | The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL... |
| CVE-2019-3885 | 2019-04-18 | A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. |
| CVE-2019-1719 | 2019-04-18 | Cisco Identity Services Engine Cross-Site Scripting Vulnerability |
| CVE-2019-1722 | 2019-04-18 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability |
| CVE-2019-1721 | 2019-04-18 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability |
| CVE-2019-1720 | 2019-04-18 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability |
| CVE-2019-1777 | 2019-04-18 | Cisco Registered Envelope Service Stored Cross-Site Scripting Vulnerability |
| CVE-2019-1725 | 2019-04-18 | Cisco UCS B-Series Blade Servers Local Management CLI Arbitrary File Creation or CLI Parameter Injection Vulnerability |
| CVE-2019-1792 | 2019-04-18 | Cisco Umbrella Cross-Site Scripting Vulnerability |
| CVE-2019-1794 | 2019-04-18 | Cisco Directory Connector Search Order Hijacking Vulnerability |
| CVE-2019-1799 | 2019-04-18 | Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities |
| CVE-2019-1796 | 2019-04-18 | Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities |
| CVE-2019-1800 | 2019-04-18 | Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities |
| CVE-2019-1797 | 2019-04-18 | Cisco Wireless LAN Controller Software Cross-Site Request Forgery Vulnerability |
| CVE-2019-1805 | 2019-04-18 | Cisco Wireless LAN Controller Secure Shell Unauthorized Access Vulnerability |