CVE List - 2019 / April
Showing 1501 - 1531 of 1531 CVEs for April 2019 (Page 16 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-11616 | 2019-04-30 | doorGets 7.0 has a sensitive information disclosure vulnerability in /setup/temp/admin.php and /setup/temp/database.php. A remote unauthenticated attacker could exploit this vulnerability to obtain the administrator password. |
| CVE-2019-11617 | 2019-04-30 | doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote attacker can exploit this vulnerability for "Google Analytics code" modification. |
| CVE-2019-11618 | 2019-04-30 | doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token... |
| CVE-2019-11619 | 2019-04-30 | doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=analytics. A remote background administrator privilege user (or a user with permission to manage configuration analytics) could exploit the vulnerability... |
| CVE-2019-11620 | 2019-04-30 | doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain database... |
| CVE-2019-11621 | 2019-04-30 | doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=network. A remote background administrator privilege user (or a user with permission to manage network configuration) could exploit the vulnerability... |
| CVE-2019-11622 | 2019-04-30 | doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. A remote background administrator privilege user (or a user with permission to manage modulecategory) could exploit the vulnerability to obtain database... |
| CVE-2019-11623 | 2019-04-30 | doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=siteweb. A remote background administrator privilege user (or a user with permission to manage configuration siteweb) could exploit the vulnerability... |
| CVE-2019-11624 | 2019-04-30 | doorGets 7.0 has an arbitrary file deletion vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote background administrator privilege user can exploit this vulnerability to delete arbitrary files. |
| CVE-2019-11625 | 2019-04-30 | doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/emailingRequest.php. A remote background administrator privilege user (or a user with permission to manage emailing) could exploit the vulnerability to obtain database... |
| CVE-2019-11626 | 2019-04-30 | routers/ajaxRouter.php in doorGets 7.0 has a web site physical path leakage vulnerability, as demonstrated by an ajax/index.php?uri=1234%5c request. |
| CVE-2019-3925 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3. A remote, unauthenticated attacker can use this vulnerability to execute operating... |
| CVE-2019-3926 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.14.1. A remote, unauthenticated attacker can use this vulnerability to execute operating... |
| CVE-2019-3927 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker can use... |
| CVE-2019-3928 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. A remote, unauthenticated attacker can use this vulnerability... |
| CVE-2019-3929 | 2019-04-30 | The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware... |
| CVE-2019-3930 | 2019-04-30 | The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware... |
| CVE-2019-3931 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can... |
| CVE-2019-3932 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use this vulnerability... |
| CVE-2019-3933 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP. A remote, unauthenticated attacker can use this... |
| CVE-2019-3934 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can... |
| CVE-2019-3935 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. A remote,... |
| CVE-2019-3936 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. The request will force the slideshow... |
| CVE-2019-3937 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in cleartext in the file /tmp/scfgdndf. A local attacker can use... |
| CVE-2019-3938 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is... |
| CVE-2019-3939 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain... |
| CVE-2019-0194 | 2019-04-30 | Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected. |
| CVE-2019-0213 | 2019-04-30 | In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as... |
| CVE-2019-0214 | 2019-04-30 | In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten,... |
| CVE-2019-11627 | 2019-04-30 | gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID. |
| CVE-2019-11628 | 2019-05-01 | An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics... |
| CVE-2019-11632 | 2019-05-01 | In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables... |
| CVE-2019-11633 | 2019-05-01 | HoneyPress through 2016-09-27 can be fingerprinted by attackers because of the ingrained unique www.atxsec.com and ayylmao.wpengine.com hostnames within the fake WordPress templates. This allows attackers to discover and avoid this... |
| CVE-2018-1608 | 2019-05-01 | IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798. |
| CVE-2018-1933 | 2019-05-01 | IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2019-4258 | 2019-05-01 | IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the... |
| CVE-2019-11636 | 2019-05-01 | Zcash 2.x allows an inexpensive approach to "fill all transactions of all blocks" and "prevent any real transaction from occurring" via a "Sapling Wood-Chipper" attack. |
| CVE-2019-11637 | 2019-05-01 | An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_rset_get_props at rec-rset.c in librec.a, leading to a crash. |
| CVE-2019-11638 | 2019-05-01 | An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash. |
| CVE-2019-11639 | 2019-05-01 | An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a. |
| CVE-2019-11640 | 2019-05-01 | An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a. |
| CVE-2019-11641 | 2019-05-01 | Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerprinting by including predictable data and minimal variation in size within HTML templates, giving attackers the ability to detect and avoid... |
| CVE-2019-6562 | 2019-05-01 | In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that... |
| CVE-2019-10954 | 2019-05-01 | Rockwell Automation CompactLogix 5370 Stack-based Buffer Overflow |
| CVE-2019-10952 | 2019-05-01 | Rockwell Automation CompactLogix 5370 Uncontrolled Resource Consumption |
| CVE-2019-0227 | 2019-05-01 | A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x... |
| CVE-2018-8035 | 2019-05-01 | This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter... |
| CVE-2019-11675 | 2019-05-02 | The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. For example,... |
| CVE-2019-11676 | 2019-05-02 | The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks. |
| CVE-2019-11677 | 2019-05-02 | The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection. |
| CVE-2019-11678 | 2019-05-02 | The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection. |
| CVE-2019-11682 | 2019-05-02 | A buffer overflow in the SMTP response service in MailCarrier 2.51 allows the attacker to execute arbitrary code remotely via a long HELP command, a related issue to CVE-2019-11395. |
| CVE-2018-2015 | 2019-05-02 | IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a... |
| CVE-2017-18368 | 2019-05-02 | The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by... |
| CVE-2017-18369 | 2019-05-02 | The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is... |
| CVE-2017-18370 | 2019-05-02 | The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated... |
| CVE-2017-18371 | 2019-05-02 | The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password... |
| CVE-2017-18372 | 2019-05-02 | The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user.... |
| CVE-2017-18373 | 2019-05-02 | The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and... |
| CVE-2017-18374 | 2019-05-02 | The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true... |
| CVE-2018-12404 | 2019-05-02 | A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher... |
| CVE-2019-3490 | 2019-05-02 | A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking... |
| CVE-2019-11683 | 2019-05-02 | udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP... |
| CVE-2019-9017 | 2019-05-02 | DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name. |
| CVE-2018-16716 | 2019-05-02 | A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure)... |
| CVE-2018-16717 | 2019-05-02 | A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox. |
| CVE-2018-16718 | 2019-05-02 | An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument. |
| CVE-2018-16960 | 2019-05-02 | An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xd_user_formal_name parameter. |
| CVE-2018-16961 | 2019-05-02 | An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file parameter, allowing remote attackers to read PDF files in arbitrary directories. |
| CVE-2018-16988 | 2019-05-02 | An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value... |
| CVE-2018-10383 | 2019-05-02 | Lantronix SecureLinx Spider (SLS) 2.2+ devices have XSS in the auth.asp login page. |
| CVE-2019-9826 | 2019-05-02 | The fulltext search component in phpBB before 3.2.6 allows Denial of Service. |
| CVE-2019-11687 | 2019-05-02 | An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b and continuing in current implementations. The 128-byte preamble of a DICOM... |
| CVE-2019-11690 | 2019-05-03 | gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is... |
| CVE-2018-15388 | 2019-05-03 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN Denial of Service Vulnerability |
| CVE-2019-1587 | 2019-05-03 | Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Filter Query Information Disclosure Vulnerability |
| CVE-2019-1586 | 2019-05-03 | Cisco Application Policy Infrastructure Controller Recoverable Encryption Key Vulnerability |
| CVE-2018-15462 | 2019-05-03 | Cisco Firepower Threat Defense Software TCP Ingress Handler Denial of Service Vulnerability |
| CVE-2019-1592 | 2019-05-03 | Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Privilege Escalation Vulnerability |
| CVE-2019-1590 | 2019-05-03 | Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Insecure Fabric Authentication Vulnerability |
| CVE-2019-1589 | 2019-05-03 | Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Unmeasured Boot Vulnerability |
| CVE-2019-1682 | 2019-05-03 | Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability |
| CVE-2019-1635 | 2019-05-03 | Cisco IP Phone 7800 Series and 8800 Series Session Initiation Protocol XML Denial of Service Vulnerability |
| CVE-2019-1692 | 2019-05-03 | Cisco Application Policy Infrastructure Controller Web-Based Management Interface Usage Information Disclosure Vulnerability |
| CVE-2019-1687 | 2019-05-03 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software TCP Proxy Denial of Service Vulnerability |
| CVE-2019-1693 | 2019-05-03 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN Denial of Service Vulnerability |
| CVE-2019-1696 | 2019-05-03 | Cisco Firepower Threat Defense Software SMB Protocol Preprocessor Detection Engine Denial of Service Vulnerabilities |
| CVE-2019-1695 | 2019-05-03 | Cisco Adaptive Security Appliance and Firepower Threat Defense Software Layer 2 Filtering Bypass Vulnerability |
| CVE-2019-1694 | 2019-05-03 | Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software TCP Timer Handling Denial of Service Vulnerability |
| CVE-2019-1697 | 2019-05-03 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Lightweight Directory Access Protocol Denial of Service Vulnerability |
| CVE-2019-1699 | 2019-05-03 | Cisco Firepower Threat Defense Software Command Injection Vulnerability |
| CVE-2019-1704 | 2019-05-03 | Cisco Firepower Threat Defense Software SMB Protocol Preprocessor Detection Engine Denial of Service Vulnerabilities |
| CVE-2019-1703 | 2019-05-03 | Cisco Firepower Threat Defense Software Packet Processing Denial of Service Vulnerability |
| CVE-2019-1701 | 2019-05-03 | Cisco Adaptive Security Appliance and Firepower Threat Defense Software WebVPN Cross-Site Scripting Vulnerabilities |
| CVE-2019-1709 | 2019-05-03 | Cisco Firepower Threat Defense Software Command Injection Vulnerability |
| CVE-2019-1708 | 2019-05-03 | Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software MOBIKE Denial of Service Vulnerability |
| CVE-2019-1706 | 2019-05-03 | Cisco Adaptive Security Appliance Software IPsec Denial of Service Vulnerability |
| CVE-2019-1705 | 2019-05-03 | Cisco Adaptive Security Appliance Software VPN Denial of Service Vulnerability |
| CVE-2019-1714 | 2019-05-03 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability |
| CVE-2019-1713 | 2019-05-03 | Cisco Adaptive Security Appliance Software Cross-Site Request Forgery Vulnerability |