CVE List - 2019 / June
Showing 701 - 800 of 1244 CVEs for June 2019 (Page 8 of 13)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-6323 | 2019-06-17 | HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to... |
| CVE-2019-6324 | 2019-06-17 | HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to... |
| CVE-2019-6325 | 2019-06-17 | HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server that is potentially... |
| CVE-2019-6326 | 2019-06-17 | HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have embedded web server attributes which may be... |
| CVE-2019-6327 | 2019-06-17 | HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer... |
| CVE-2019-12789 | 2019-06-17 | An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use... |
| CVE-2019-12550 | 2019-06-17 | WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET. |
| CVE-2019-12549 | 2019-06-17 | WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding... |
| CVE-2017-9388 | 2019-06-17 | An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part... |
| CVE-2019-12476 | 2019-06-17 | An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via... |
| CVE-2017-9384 | 2019-06-17 | An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part... |
| CVE-2017-9381 | 2019-06-17 | An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a user with the capability of installing or deleting apps on the device using the... |
| CVE-2019-12801 | 2019-06-17 | out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name. |
| CVE-2019-11407 | 2019-06-17 | app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other... |
| CVE-2019-10997 | 2019-06-17 | An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer... |
| CVE-2019-11408 | 2019-06-17 | XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller... |
| CVE-2019-11409 | 2019-06-17 | app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands... |
| CVE-2019-11410 | 2019-06-17 | app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on... |
| CVE-2019-7579 | 2019-06-17 | An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ability exists for an unauthenticated user to browse a confidential ui/1.0.99.187766/dynamic/js/setup.js.localized file on the router's webserver, allowing for an attacker... |
| CVE-2019-7315 | 2019-06-17 | Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.x are vulnerable to directory traversal via the web interface, as demonstrated by reading /etc/shadow. NOTE: this... |
| CVE-2019-8324 | 2019-06-17 | An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to... |
| CVE-2019-8325 | 2019-06-17 | An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.) |
| CVE-2019-8323 | 2019-06-17 | An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response,... |
| CVE-2019-8322 | 2019-06-17 | An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is... |
| CVE-2019-8321 | 2019-06-17 | An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible. |
| CVE-2019-7158 | 2019-06-17 | OX App Suite 7.10.0 and earlier has Incorrect Access Control. |
| CVE-2017-9390 | 2019-06-17 | An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the... |
| CVE-2017-9387 | 2019-06-17 | An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called relay.sh which is used for creating new SSH relays for the... |
| CVE-2018-19450 | 2019-06-17 | A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) 5.4.0.1031 when parsing a launch action. An attacker can leverage this to gain remote code... |
| CVE-2017-9389 | 2019-06-17 | An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part... |
| CVE-2018-19449 | 2019-06-17 | A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API Doc.exportAsFDF is used. An attacker can leverage this to... |
| CVE-2017-9386 | 2019-06-17 | An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a script file called "get_file.sh" which allows a user to retrieve any file stored in... |
| CVE-2018-19448 | 2019-06-17 | In Foxit Reader SDK (ActiveX) Professional 5.4.0.1031, an uninitialized object in IReader_ContentProvider::GetDocEventHandler occurs when embedding the control into Office documents. By opening a specially crafted document, an attacker can trigger... |
| CVE-2018-19447 | 2019-06-17 | A stack-based buffer overflow can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) 5.4.0.1031 when parsing the URI string. An attacker can leverage this to gain remote... |
| CVE-2017-9385 | 2019-06-17 | An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user... |
| CVE-2018-19446 | 2019-06-17 | A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API Doc.createDataObject is used. An attacker can leverage this to... |
| CVE-2017-9383 | 2019-06-17 | An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port... |
| CVE-2018-19445 | 2019-06-17 | A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API app.launchURL is used. An attacker can leverage this to... |
| CVE-2018-19444 | 2019-06-17 | A use after free in the TextBox field Validate action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage... |
| CVE-2017-9382 | 2019-06-17 | An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port... |
| CVE-2018-19146 | 2019-06-17 | Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element. |
| CVE-2018-18958 | 2019-06-17 | OPNsense 18.7.x before 18.7.7 has Incorrect Access Control. |
| CVE-2017-9391 | 2019-06-17 | An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port... |
| CVE-2017-9392 | 2019-06-17 | An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port... |
| CVE-2019-5016 | 2019-06-17 | An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other... |
| CVE-2019-5017 | 2019-06-17 | An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products.... |
| CVE-2017-10721 | 2019-06-17 | Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default.... |
| CVE-2017-10719 | 2019-06-17 | Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has default Wi-Fi credentials that are... |
| CVE-2017-10718 | 2019-06-17 | Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that any malicious user connecting to the device can... |
| CVE-2017-10723 | 2019-06-17 | Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID... |
| CVE-2017-10724 | 2019-06-17 | Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID... |
| CVE-2017-10722 | 2019-06-17 | Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the... |
| CVE-2017-10720 | 2019-06-17 | Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the... |
| CVE-2019-12865 | 2019-06-17 | In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command. |
| CVE-2019-12823 | 2019-06-18 | Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS. |
| CVE-2019-10998 | 2019-06-18 | An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Unlimited physical access to the PLC... |
| CVE-2019-7159 | 2019-06-18 | OX App Suite 7.10.1 and earlier allows Information Exposure. |
| CVE-2019-6965 | 2019-06-18 | An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter. |
| CVE-2018-20013 | 2019-06-18 | In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::ProcessPacket metadata_id!=0 assertion, leading to shutting down the client application. |
| CVE-2018-18944 | 2019-06-18 | Artha ~ The Open Thesaurus 1.0.3.0 has a Buffer Overflow. |
| CVE-2018-18886 | 2019-06-18 | Helpy v2.1.0 has Stored XSS via the Ticket title. |
| CVE-2018-18880 | 2019-06-18 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script. |
| CVE-2019-12872 | 2019-06-18 | dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp. |
| CVE-2019-7588 | 2019-06-18 | exacqVision Enterprise System Manager (ESM) privilege escalation |
| CVE-2018-18879 | 2019-06-18 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php. |
| CVE-2018-18878 | 2019-06-18 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device... |
| CVE-2018-18877 | 2019-06-18 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device. |
| CVE-2018-18876 | 2019-06-18 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue makes it possible to read any file present on the underlying operating system. |
| CVE-2018-18875 | 2019-06-18 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php. |
| CVE-2019-4142 | 2019-06-18 | IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that... |
| CVE-2018-18852 | 2019-06-18 | Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited... |
| CVE-2018-18839 | 2019-06-18 | An issue was discovered in Netdata 1.10.0. Full Path Disclosure (FPD) exists via api/v1/alarms. NOTE: the vendor says "is intentional. |
| CVE-2018-18838 | 2019-06-18 | An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry. |
| CVE-2018-18837 | 2019-06-18 | An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c. |
| CVE-2018-18836 | 2019-06-18 | An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c. |
| CVE-2018-18802 | 2019-06-18 | The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin/mod_users/controller.php?action=edit. |
| CVE-2012-6711 | 2019-06-18 | A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo... |
| CVE-2019-12874 | 2019-06-18 | An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free. |
| CVE-2019-12875 | 2019-06-18 | Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key. |
| CVE-2017-8336 | 2019-06-18 | An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device.... |
| CVE-2017-8335 | 2019-06-18 | An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting name for wireless network. These... |
| CVE-2017-8329 | 2019-06-18 | An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting a name for the wireless... |
| CVE-2017-8333 | 2019-06-18 | An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device.... |
| CVE-2017-8331 | 2019-06-18 | An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new port forwarding rules to... |
| CVE-2017-8328 | 2019-06-18 | An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the... |
| CVE-2017-8334 | 2019-06-18 | An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web... |
| CVE-2017-8332 | 2019-06-18 | An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking key words passing in the... |
| CVE-2019-12592 | 2019-06-18 | A universal Cross-site scripting (UXSS) vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of... |
| CVE-2017-8330 | 2019-06-18 | An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a UPnP functionality for devices to interface with the router and interact... |
| CVE-2017-8337 | 2019-06-18 | An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of executing various actions on the web... |
| CVE-2019-12133 | 2019-06-18 | Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute... |
| CVE-2019-12881 | 2019-06-18 | i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other... |
| CVE-2019-3953 | 2019-06-18 | Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call. |
| CVE-2019-10085 | 2019-06-18 | In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. The XSS executes when a user engages with... |
| CVE-2019-3954 | 2019-06-18 | Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call. |
| CVE-2019-11038 | 2019-06-18 | Uninitialized read in gdImageCreateFromXbm |
| CVE-2019-11039 | 2019-06-18 | Out-of-bounds read in iconv.c |
| CVE-2019-11040 | 2019-06-18 | Heap buffer overflow in EXIF extension |
| CVE-2019-11477 | 2019-06-18 | Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs |
| CVE-2019-11478 | 2019-06-18 | SACK can cause extensive memory use via fragmented resend queue |