CVE List - 2019 / July
Showing 1 - 100 of 1618 CVEs for July 2019 (Page 1 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-13147 | 2019-07-01 | In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service... |
| CVE-2019-13117 | 2019-07-01 | In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on... |
| CVE-2019-13118 | 2019-07-01 | In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a... |
| CVE-2019-12970 | 2019-07-01 | XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script... |
| CVE-2019-13125 | 2019-07-01 | HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation. |
| CVE-2019-12781 | 2019-07-01 | An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings... |
| CVE-2019-13127 | 2019-07-01 | An issue was discovered in mxGraph through 4.0.0, related to the "draw.io Diagrams" plugin before 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field leads to... |
| CVE-2019-13128 | 2019-07-01 | An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the IPAddress or Gateway field... |
| CVE-2019-13129 | 2019-07-01 | On the Motorola router CX2L MWR04L 1.01, there is a stack consumption (infinite recursion) issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf... |
| CVE-2019-4057 | 2019-07-01 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a... |
| CVE-2019-4101 | 2019-07-01 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and... |
| CVE-2019-4102 | 2019-07-01 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly... |
| CVE-2019-4154 | 2019-07-01 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to... |
| CVE-2019-4237 | 2019-07-01 | A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious... |
| CVE-2019-4295 | 2019-07-01 | IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker with specialized access to obtain highly sensitive from the credential vault. IBM X-Force ID: 160758. |
| CVE-2019-4296 | 2019-07-01 | IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759. |
| CVE-2019-4297 | 2019-07-01 | IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this... |
| CVE-2019-4298 | 2019-07-01 | IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have... |
| CVE-2019-4299 | 2019-07-01 | IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765. |
| CVE-2019-4322 | 2019-07-01 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to... |
| CVE-2019-4336 | 2019-07-01 | IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161411. |
| CVE-2019-4337 | 2019-07-01 | IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due to missing authentication in Ignite nodes. IBM X-Force ID: 161412. |
| CVE-2019-4357 | 2019-07-01 | When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary... |
| CVE-2019-4383 | 2019-07-01 | When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force... |
| CVE-2019-4386 | 2019-07-01 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force... |
| CVE-2019-4410 | 2019-07-01 | IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the... |
| CVE-2019-13131 | 2019-07-01 | Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE. |
| CVE-2016-5235 | 2019-07-01 | A Cross Site Scripting (XSS) vulnerability in versions of F5 WebSafe Dashboard 3.9.x and earlier, aka F5 WebSafe Alert Server, allows an unauthenticated user to inject HTML via a crafted... |
| CVE-2016-5236 | 2019-07-01 | Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9.5 and earlier, aka F5 WebSafe Alert Server, allow privileged authenticated users to inject arbitrary web script or HTML when creating a new... |
| CVE-2019-12826 | 2019-07-01 | A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets... |
| CVE-2019-7670 | 2019-07-01 | Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could... |
| CVE-2019-13024 | 2019-07-01 | Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to... |
| CVE-2019-7669 | 2019-07-01 | Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s... |
| CVE-2019-7668 | 2019-07-01 | Prima Systems FlexAir devices have Default Credentials. |
| CVE-2019-7667 | 2019-07-01 | Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file... |
| CVE-2019-7666 | 2019-07-01 | Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database... |
| CVE-2019-7281 | 2019-07-01 | Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in... |
| CVE-2019-1577 | 2019-07-01 | Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML. |
| CVE-2019-1578 | 2019-07-01 | Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the... |
| CVE-2019-7280 | 2019-07-01 | Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a... |
| CVE-2019-7279 | 2019-07-01 | Optergy Proton/Enterprise devices have Hard-coded Credentials. |
| CVE-2019-13133 | 2019-07-01 | ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c. |
| CVE-2019-13134 | 2019-07-01 | ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. |
| CVE-2019-13135 | 2019-07-01 | ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c. |
| CVE-2019-13136 | 2019-07-01 | ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c. |
| CVE-2019-13137 | 2019-07-01 | ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c. |
| CVE-2019-3962 | 2019-07-01 | Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL... |
| CVE-2019-7278 | 2019-07-01 | Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service. |
| CVE-2019-7277 | 2019-07-01 | Optergy Proton/Enterprise devices allow Unauthenticated Internal Network Information Disclosure. |
| CVE-2019-7275 | 2019-07-01 | Optergy Proton/Enterprise devices allow Open Redirect. |
| CVE-2019-7274 | 2019-07-01 | Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root. |
| CVE-2019-10979 | 2019-07-01 | SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password. |
| CVE-2019-7273 | 2019-07-01 | Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF). |
| CVE-2019-7272 | 2019-07-01 | Optergy Proton/Enterprise devices allow Username Disclosure. |
| CVE-2019-7271 | 2019-07-01 | Nortek Linear eMerge 50P/5000P devices have Default Credentials. |
| CVE-2019-5497 | 2019-07-01 | NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution. |
| CVE-2019-6642 | 2019-07-01 | In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example)... |
| CVE-2019-9702 | 2019-07-01 | Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to... |
| CVE-2019-9703 | 2019-07-01 | Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to... |
| CVE-2019-7256 | 2019-07-02 | Linear eMerge E3-Series devices allow Command Injections. |
| CVE-2019-13148 | 2019-07-02 | An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the UDP Ports To Open in Add Gaming Rule. |
| CVE-2019-13149 | 2019-07-02 | An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the key passwd in Routing RIP Settings. |
| CVE-2019-13150 | 2019-07-02 | An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication). The command injection exists in the key ip_addr. |
| CVE-2019-13151 | 2019-07-02 | An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin. |
| CVE-2019-13152 | 2019-07-02 | An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Gaming Rule. |
| CVE-2019-13153 | 2019-07-02 | An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server. |
| CVE-2019-13154 | 2019-07-02 | An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule. |
| CVE-2019-13155 | 2019-07-02 | An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server. |
| CVE-2019-4087 | 2019-07-02 | IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to... |
| CVE-2019-4088 | 2019-07-02 | IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded... |
| CVE-2019-4129 | 2019-07-02 | IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. By creating an error... |
| CVE-2019-4134 | 2019-07-02 | IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to... |
| CVE-2019-4140 | 2019-07-02 | IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. IBM X-Force ID: 158336. |
| CVE-2019-4260 | 2019-07-02 | IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. IBM X-Force ID: 160012. |
| CVE-2019-4292 | 2019-07-02 | IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. IBM X-Force ID:... |
| CVE-2019-13056 | 2019-07-02 | An issue was discovered in CyberPanel through 1.8.4. On the user edit page, an attacker can edit the administrator's e-mail and password because of the lack of CSRF protection. |
| CVE-2017-8408 | 2019-07-02 | An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It... |
| CVE-2019-12594 | 2019-07-02 | DOSBox 0.74-2 has Incorrect Access Control. |
| CVE-2019-7270 | 2019-07-02 | Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF). |
| CVE-2019-7269 | 2019-07-02 | Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution. |
| CVE-2019-7268 | 2019-07-02 | Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. |
| CVE-2019-7267 | 2019-07-02 | Linear eMerge 50P/5000P devices allow Cookie Path Traversal. |
| CVE-2019-7266 | 2019-07-02 | Linear eMerge 50P/5000P devices allow Authentication Bypass. |
| CVE-2019-7265 | 2019-07-02 | Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH). |
| CVE-2019-7264 | 2019-07-02 | Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on the ARM platform. |
| CVE-2019-7263 | 2019-07-02 | Linear eMerge E3-Series devices have a Version Control Failure. |
| CVE-2019-7262 | 2019-07-02 | Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF). |
| CVE-2019-7261 | 2019-07-02 | Linear eMerge E3-Series devices have Hard-coded Credentials. |
| CVE-2019-7260 | 2019-07-02 | Linear eMerge E3-Series devices have Cleartext Credentials in a Database. |
| CVE-2019-7259 | 2019-07-02 | Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure. |
| CVE-2019-7258 | 2019-07-02 | Linear eMerge E3-Series devices allow Privilege Escalation. |
| CVE-2019-7257 | 2019-07-02 | Linear eMerge E3-Series devices allow Unrestricted File Upload. |
| CVE-2019-5443 | 2019-07-02 | A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as... |
| CVE-2019-7255 | 2019-07-02 | Linear eMerge E3-Series devices allow XSS. |
| CVE-2017-8411 | 2019-07-02 | An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It... |
| CVE-2017-8404 | 2019-07-02 | An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It... |
| CVE-2019-7254 | 2019-07-02 | Linear eMerge E3-Series devices allow File Inclusion. |
| CVE-2017-8407 | 2019-07-02 | An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the... |
| CVE-2019-7253 | 2019-07-02 | Linear eMerge E3-Series devices allow Directory Traversal. |
| CVE-2019-7252 | 2019-07-02 | Linear eMerge E3-Series devices have Default Credentials. |