CVE List - 2019 / May
Showing 1 - 100 of 1316 CVEs for May 2019 (Page 1 of 14)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-11632 | 2019-05-01 | In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables... |
| CVE-2019-11633 | 2019-05-01 | HoneyPress through 2016-09-27 can be fingerprinted by attackers because of the ingrained unique www.atxsec.com and ayylmao.wpengine.com hostnames within the fake WordPress templates. This allows attackers to discover and avoid this... |
| CVE-2018-1608 | 2019-05-01 | IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 143798. |
| CVE-2018-1933 | 2019-05-01 | IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2019-4258 | 2019-05-01 | IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the... |
| CVE-2019-11636 | 2019-05-01 | Zcash 2.x allows an inexpensive approach to "fill all transactions of all blocks" and "prevent any real transaction from occurring" via a "Sapling Wood-Chipper" attack. |
| CVE-2019-11637 | 2019-05-01 | An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_rset_get_props at rec-rset.c in librec.a, leading to a crash. |
| CVE-2019-11638 | 2019-05-01 | An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash. |
| CVE-2019-11639 | 2019-05-01 | An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a. |
| CVE-2019-11640 | 2019-05-01 | An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a. |
| CVE-2019-11641 | 2019-05-01 | Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerprinting by including predictable data and minimal variation in size within HTML templates, giving attackers the ability to detect and avoid... |
| CVE-2019-6562 | 2019-05-01 | In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that... |
| CVE-2019-10954 | 2019-05-01 | Rockwell Automation CompactLogix 5370 Stack-based Buffer Overflow |
| CVE-2019-10952 | 2019-05-01 | Rockwell Automation CompactLogix 5370 Uncontrolled Resource Consumption |
| CVE-2019-0227 | 2019-05-01 | A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x... |
| CVE-2018-8035 | 2019-05-01 | This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter... |
| CVE-2019-11675 | 2019-05-02 | The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. For example,... |
| CVE-2019-11676 | 2019-05-02 | The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks. |
| CVE-2019-11677 | 2019-05-02 | The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection. |
| CVE-2019-11678 | 2019-05-02 | The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection. |
| CVE-2019-11682 | 2019-05-02 | A buffer overflow in the SMTP response service in MailCarrier 2.51 allows the attacker to execute arbitrary code remotely via a long HELP command, a related issue to CVE-2019-11395. |
| CVE-2018-2015 | 2019-05-02 | IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a... |
| CVE-2017-18368 | 2019-05-02 | The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by... |
| CVE-2017-18369 | 2019-05-02 | The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is... |
| CVE-2017-18370 | 2019-05-02 | The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated... |
| CVE-2017-18371 | 2019-05-02 | The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password... |
| CVE-2017-18372 | 2019-05-02 | The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user.... |
| CVE-2017-18373 | 2019-05-02 | The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and... |
| CVE-2017-18374 | 2019-05-02 | The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true... |
| CVE-2018-12404 | 2019-05-02 | A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher... |
| CVE-2019-3490 | 2019-05-02 | A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking... |
| CVE-2019-11683 | 2019-05-02 | udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP... |
| CVE-2019-9017 | 2019-05-02 | DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name. |
| CVE-2018-16716 | 2019-05-02 | A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure)... |
| CVE-2018-16717 | 2019-05-02 | A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox. |
| CVE-2018-16718 | 2019-05-02 | An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument. |
| CVE-2018-16960 | 2019-05-02 | An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xd_user_formal_name parameter. |
| CVE-2018-16961 | 2019-05-02 | An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file parameter, allowing remote attackers to read PDF files in arbitrary directories. |
| CVE-2018-16988 | 2019-05-02 | An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value... |
| CVE-2018-10383 | 2019-05-02 | Lantronix SecureLinx Spider (SLS) 2.2+ devices have XSS in the auth.asp login page. |
| CVE-2019-9826 | 2019-05-02 | The fulltext search component in phpBB before 3.2.6 allows Denial of Service. |
| CVE-2019-11687 | 2019-05-02 | An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b and continuing in current implementations. The 128-byte preamble of a DICOM... |
| CVE-2019-11690 | 2019-05-03 | gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is... |
| CVE-2018-15388 | 2019-05-03 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN Denial of Service Vulnerability |
| CVE-2019-1587 | 2019-05-03 | Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Filter Query Information Disclosure Vulnerability |
| CVE-2019-1586 | 2019-05-03 | Cisco Application Policy Infrastructure Controller Recoverable Encryption Key Vulnerability |
| CVE-2018-15462 | 2019-05-03 | Cisco Firepower Threat Defense Software TCP Ingress Handler Denial of Service Vulnerability |
| CVE-2019-1592 | 2019-05-03 | Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Privilege Escalation Vulnerability |
| CVE-2019-1590 | 2019-05-03 | Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Insecure Fabric Authentication Vulnerability |
| CVE-2019-1589 | 2019-05-03 | Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Unmeasured Boot Vulnerability |
| CVE-2019-1682 | 2019-05-03 | Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability |
| CVE-2019-1635 | 2019-05-03 | Cisco IP Phone 7800 Series and 8800 Series Session Initiation Protocol XML Denial of Service Vulnerability |
| CVE-2019-1692 | 2019-05-03 | Cisco Application Policy Infrastructure Controller Web-Based Management Interface Usage Information Disclosure Vulnerability |
| CVE-2019-1687 | 2019-05-03 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software TCP Proxy Denial of Service Vulnerability |
| CVE-2019-1693 | 2019-05-03 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN Denial of Service Vulnerability |
| CVE-2019-1696 | 2019-05-03 | Cisco Firepower Threat Defense Software SMB Protocol Preprocessor Detection Engine Denial of Service Vulnerabilities |
| CVE-2019-1695 | 2019-05-03 | Cisco Adaptive Security Appliance and Firepower Threat Defense Software Layer 2 Filtering Bypass Vulnerability |
| CVE-2019-1694 | 2019-05-03 | Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software TCP Timer Handling Denial of Service Vulnerability |
| CVE-2019-1697 | 2019-05-03 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Lightweight Directory Access Protocol Denial of Service Vulnerability |
| CVE-2019-1699 | 2019-05-03 | Cisco Firepower Threat Defense Software Command Injection Vulnerability |
| CVE-2019-1704 | 2019-05-03 | Cisco Firepower Threat Defense Software SMB Protocol Preprocessor Detection Engine Denial of Service Vulnerabilities |
| CVE-2019-1703 | 2019-05-03 | Cisco Firepower Threat Defense Software Packet Processing Denial of Service Vulnerability |
| CVE-2019-1701 | 2019-05-03 | Cisco Adaptive Security Appliance and Firepower Threat Defense Software WebVPN Cross-Site Scripting Vulnerabilities |
| CVE-2019-1709 | 2019-05-03 | Cisco Firepower Threat Defense Software Command Injection Vulnerability |
| CVE-2019-1708 | 2019-05-03 | Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software MOBIKE Denial of Service Vulnerability |
| CVE-2019-1706 | 2019-05-03 | Cisco Adaptive Security Appliance Software IPsec Denial of Service Vulnerability |
| CVE-2019-1705 | 2019-05-03 | Cisco Adaptive Security Appliance Software VPN Denial of Service Vulnerability |
| CVE-2019-1714 | 2019-05-03 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability |
| CVE-2019-1713 | 2019-05-03 | Cisco Adaptive Security Appliance Software Cross-Site Request Forgery Vulnerability |
| CVE-2019-1803 | 2019-05-03 | Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Root Privilege Escalation Vulnerability |
| CVE-2019-1724 | 2019-05-03 | Cisco Small Business RV320 and RV325 Routers Session Hijacking Vulnerability |
| CVE-2019-1715 | 2019-05-03 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Low-Entropy Keys Vulnerability |
| CVE-2019-1816 | 2019-05-03 | Cisco Web Security Appliance Privilege Escalation Vulnerability |
| CVE-2019-1807 | 2019-05-03 | Cisco Umbrella Dashboard Session Management Vulnerability |
| CVE-2019-1804 | 2019-05-03 | Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerability |
| CVE-2019-1836 | 2019-05-03 | Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Symbolic Link Path Traversal Vulnerability |
| CVE-2019-1817 | 2019-05-03 | Cisco Web Security Appliance Malformed Request Denial of Service Vulnerability |
| CVE-2019-1854 | 2019-05-03 | Cisco Expressway Series Directory Traversal Vulnerability |
| CVE-2019-1852 | 2019-05-03 | Cisco Prime Network Registrar Cross-Site Scripting Vulnerability |
| CVE-2019-1844 | 2019-05-03 | Cisco Email Security Appliance Filter Bypass Vulnerability |
| CVE-2019-1838 | 2019-05-03 | Cisco Application Policy Infrastructure Controller Web-Based Management Interface Cross-Site Scripting Vulnerability |
| CVE-2019-1859 | 2019-05-03 | Cisco Small Business Switches Secure Shell Certificate Authentication Bypass Vulnerability |
| CVE-2019-1857 | 2019-05-03 | Cisco HyperFlex HX-Series Web-Based Management Interface Cross-Site Request Forgery Vulnerability |
| CVE-2019-1856 | 2019-05-03 | Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability |
| CVE-2019-6611 | 2019-05-03 | When BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 are processing certain rare data sequences occurring in PPTP VPN traffic, the BIG-IP system may execute incorrect logic. The TMM may restart... |
| CVE-2019-6612 | 2019-05-03 | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, DNS query TCP connections that are aborted before receiving a response from a DNS cache may cause TMM to restart. |
| CVE-2019-6613 | 2019-05-03 | On BIG-IP 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, SNMP may expose sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is used with various profile types... |
| CVE-2019-6615 | 2019-05-03 | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems. |
| CVE-2019-6614 | 2019-05-03 | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may... |
| CVE-2019-6616 | 2019-05-03 | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions... |
| CVE-2019-6617 | 2019-05-03 | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user... |
| CVE-2019-3805 | 2019-05-03 | A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An... |
| CVE-2019-3894 | 2019-05-03 | It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate... |
| CVE-2018-20824 | 2019-05-03 | The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter. |
| CVE-2019-3400 | 2019-05-03 | The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS)... |
| CVE-2019-6158 | 2019-05-03 | An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy... |
| CVE-2019-11036 | 2019-05-03 | Heap over-read in PHP EXIF extension |
| CVE-2019-11037 | 2019-05-03 | Out of bounds memory write in PHP Imagick extension |
| CVE-2019-6618 | 2019-05-03 | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, users with the Resource Administrator role can modify sensitive portions of the filesystem if provided Advanced Shell Access, such as editing /etc/passwd.... |
| CVE-2019-6619 | 2019-05-03 | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Traffic Management Microkernel (TMM) may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation (ALPN) enabled and it... |