CVE List - 2019 / May
Showing 901 - 1000 of 1316 CVEs for May 2019 (Page 10 of 14)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-7846 | 2019-05-22 | A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized... |
| CVE-2018-7849 | 2019-05-22 | A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to... |
| CVE-2018-7843 | 2019-05-22 | A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks... |
| CVE-2018-7848 | 2019-05-22 | A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading... |
| CVE-2018-7842 | 2019-05-22 | A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by... |
| CVE-2018-7847 | 2019-05-22 | A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code... |
| CVE-2018-7850 | 2019-05-22 | A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid... |
| CVE-2018-7845 | 2019-05-22 | A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the... |
| CVE-2018-7852 | 2019-05-22 | A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private... |
| CVE-2018-7853 | 2019-05-22 | A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical... |
| CVE-2018-7854 | 2019-05-22 | A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid... |
| CVE-2018-7201 | 2019-05-22 | CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel. |
| CVE-2018-7855 | 2019-05-22 | A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid... |
| CVE-2018-7856 | 2019-05-22 | A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing... |
| CVE-2018-7857 | 2019-05-22 | A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible Denial of Service when writing... |
| CVE-2019-6806 | 2019-05-22 | A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading... |
| CVE-2019-6807 | 2019-05-22 | A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of service when writing... |
| CVE-2019-6808 | 2019-05-22 | A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting... |
| CVE-2018-7844 | 2019-05-22 | A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading... |
| CVE-2018-7803 | 2019-05-22 | A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The... |
| CVE-2019-12293 | 2019-05-23 | In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. |
| CVE-2019-12295 | 2019-05-23 | In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently... |
| CVE-2019-11873 | 2019-05-23 | wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet... |
| CVE-2019-12297 | 2019-05-23 | An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an Externally Controlled Format String, reachable via TCP port 8010 or... |
| CVE-2019-9949 | 2019-05-23 | Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a... |
| CVE-2019-10977 | 2019-05-23 | In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter... |
| CVE-2019-12042 | 2019-05-23 | Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system... |
| CVE-2019-12298 | 2019-05-23 | Leanify 0.4.3 allows remote attackers to trigger an out-of-bounds write (1024 bytes) via a modified input file. |
| CVE-2019-0201 | 2019-05-23 | An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and... |
| CVE-2018-15664 | 2019-05-23 | In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem... |
| CVE-2019-4039 | 2019-05-23 | IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID:... |
| CVE-2019-4078 | 2019-05-23 | IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ... |
| CVE-2019-12272 | 2019-05-23 | In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability. |
| CVE-2019-12300 | 2019-05-23 | Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to... |
| CVE-2017-5213 | 2019-05-23 | Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS). |
| CVE-2017-5212 | 2019-05-23 | Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control. |
| CVE-2017-5211 | 2019-05-23 | Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing. |
| CVE-2017-5210 | 2019-05-23 | Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure. |
| CVE-2017-17061 | 2019-05-23 | OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). |
| CVE-2017-17060 | 2019-05-23 | OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions. |
| CVE-2017-15652 | 2019-05-23 | Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that).... |
| CVE-2017-15030 | 2019-05-23 | Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). |
| CVE-2017-15029 | 2019-05-23 | Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. |
| CVE-2019-12301 | 2019-05-23 | The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed... |
| CVE-2017-13668 | 2019-05-23 | OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). |
| CVE-2017-11740 | 2019-05-23 | In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can... |
| CVE-2019-7137 | 2019-05-23 | Adobe Bridge CC versions 9.0.2 have a memory corruption vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2017-11739 | 2019-05-23 | In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility... |
| CVE-2017-11738 | 2019-05-23 | In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack. |
| CVE-2019-7136 | 2019-05-23 | Adobe Bridge CC versions 9.0.2 have an use after free vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2019-7138 | 2019-05-23 | Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2019-7134 | 2019-05-23 | Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2017-11561 | 2019-05-23 | An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can... |
| CVE-2019-7133 | 2019-05-23 | Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2019-7132 | 2019-05-23 | Adobe Bridge CC versions 9.0.2 have an out-of-bounds write vulnerability. Successful exploitation could lead to remote code execution. |
| CVE-2019-7130 | 2019-05-23 | Adobe Bridge CC versions 9.0.2 have a heap overflow vulnerability. Successful exploitation could lead to remote code execution. |
| CVE-2019-7107 | 2019-05-23 | Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2. |
| CVE-2019-7105 | 2019-05-23 | Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2019-7097 | 2019-05-23 | Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol implementation vulnerability. Successful exploitation could lead to sensitive data disclosure if smb request is subject to a relay attack. |
| CVE-2019-7106 | 2019-05-23 | Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2019-7135 | 2019-05-23 | Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2019-7104 | 2019-05-23 | Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2019-7103 | 2019-05-23 | Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2019-7101 | 2019-05-23 | Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2019-7100 | 2019-05-23 | Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2019-7099 | 2019-05-23 | Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2019-7102 | 2019-05-23 | Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2019-7098 | 2019-05-23 | Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2019-7108 | 2019-05-23 | Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . |
| CVE-2019-7125 | 2019-05-23 | Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary... |
| CVE-2019-7113 | 2019-05-23 | Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary... |
| CVE-2019-7112 | 2019-05-23 | Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability. Successful exploitation could lead to... |
| CVE-2019-7096 | 2019-05-23 | Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2019-7088 | 2019-05-23 | Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability. Successful exploitation could lead to... |
| CVE-2019-7128 | 2019-05-23 | Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary... |
| CVE-2019-7117 | 2019-05-23 | Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary... |
| CVE-2019-7124 | 2019-05-23 | Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary... |
| CVE-2017-11560 | 2019-05-23 | An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then... |
| CVE-2019-7120 | 2019-05-23 | Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary... |
| CVE-2017-11559 | 2019-05-23 | An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack. |
| CVE-2019-7119 | 2019-05-23 | Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary... |
| CVE-2019-7118 | 2019-05-23 | Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary... |
| CVE-2019-7111 | 2019-05-23 | Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary... |
| CVE-2019-7127 | 2019-05-23 | Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information... |
| CVE-2019-7123 | 2019-05-23 | Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information... |
| CVE-2019-7122 | 2019-05-23 | Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information... |
| CVE-2017-11557 | 2019-05-23 | An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's... |
| CVE-2019-7121 | 2019-05-23 | Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information... |
| CVE-2017-11365 | 2019-05-23 | Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component... |
| CVE-2019-7116 | 2019-05-23 | Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information... |
| CVE-2019-7115 | 2019-05-23 | Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information... |
| CVE-2019-7114 | 2019-05-23 | Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information... |
| CVE-2019-7110 | 2019-05-23 | Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information... |
| CVE-2019-7109 | 2019-05-23 | Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information... |
| CVE-2019-7061 | 2019-05-23 | Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information... |
| CVE-2017-13667 | 2019-05-23 | OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. |
| CVE-2016-9969 | 2019-05-23 | In libwebp 0.5.1, there is a double free bug in libwebpmux. |
| CVE-2019-12288 | 2019-05-23 | An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V (C38S) KR203.18.1.20 devices. The web service, network, and account files can be manipulated through a web UI... |
| CVE-2019-12289 | 2019-05-23 | An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. A remote command can be executed through a system firmware update without authentication. The... |
| CVE-2016-8901 | 2019-05-23 | b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php. |