CVE List - 2019 / July
Showing 1401 - 1500 of 1618 CVEs for July 2019 (Page 15 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-1110 | 2019-07-29 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID... |
| CVE-2019-1111 | 2019-07-29 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID... |
| CVE-2019-1112 | 2019-07-29 | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. |
| CVE-2019-1113 | 2019-07-29 | A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary... |
| CVE-2019-1020006 | 2019-07-29 | invenio-app before 1.1.1 allows host header injection. |
| CVE-2019-1116 | 2019-07-29 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094,... |
| CVE-2019-1117 | 2019-07-29 | A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1118, CVE-2019-1119, CVE-2019-1120,... |
| CVE-2019-1118 | 2019-07-29 | A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1119, CVE-2019-1120,... |
| CVE-2019-1119 | 2019-07-29 | A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1120,... |
| CVE-2019-1120 | 2019-07-29 | A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119,... |
| CVE-2019-1121 | 2019-07-29 | A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119,... |
| CVE-2019-1122 | 2019-07-29 | A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119,... |
| CVE-2019-1123 | 2019-07-29 | A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119,... |
| CVE-2019-1124 | 2019-07-29 | A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119,... |
| CVE-2019-1126 | 2019-07-29 | A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run... |
| CVE-2019-1127 | 2019-07-29 | A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119,... |
| CVE-2019-1128 | 2019-07-29 | A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119,... |
| CVE-2019-1129 | 2019-07-29 | An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1130. |
| CVE-2019-1130 | 2019-07-29 | An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129. |
| CVE-2019-1132 | 2019-07-29 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. |
| CVE-2019-1134 | 2019-07-29 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. |
| CVE-2019-1136 | 2019-07-29 | An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. |
| CVE-2019-1137 | 2019-07-29 | A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'. |
| CVE-2019-1020008 | 2019-07-29 | stacktable.js before 1.0.4 allows XSS. |
| CVE-2019-1020009 | 2019-07-29 | Fleet before 2.1.2 allows exposure of SMTP credentials. |
| CVE-2019-1020007 | 2019-07-29 | Dependency-Track before 3.5.1 allows XSS. |
| CVE-2019-1020004 | 2019-07-29 | Tridactyl before 1.16.0 allows fake key events. |
| CVE-2019-1020002 | 2019-07-29 | Pterodactyl before 0.7.14 with 2FA allows credential sniffing. |
| CVE-2019-13103 | 2019-07-29 | A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other... |
| CVE-2019-14267 | 2019-07-29 | PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled. |
| CVE-2019-12948 | 2019-07-29 | A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges... |
| CVE-2019-6726 | 2019-07-29 | The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wp_postratings_clear_fastest_cache and rm_folder_recursively in wpFastestCache.php mishandle ../ in an HTTP Referer header. |
| CVE-2019-12743 | 2019-07-29 | HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts existing on any Social Network Kits (including self-hosted ones) by brute-forcing the username after the /u/... |
| CVE-2015-9288 | 2019-07-29 | The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials |
| CVE-2015-6960 | 2019-07-29 | edx-platform before 2015-09-17 allows XSS via a team name. |
| CVE-2015-6253 | 2019-07-29 | edx-platform before 2015-08-17 allows XSS in the Studio listing of courses. |
| CVE-2019-11199 | 2019-07-29 | Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on... |
| CVE-2019-11200 | 2019-07-29 | Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which... |
| CVE-2019-11201 | 2019-07-29 | Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic... |
| CVE-2015-5601 | 2019-07-29 | edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files. |
| CVE-2019-13498 | 2019-07-29 | One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4. |
| CVE-2019-13126 | 2019-07-29 | An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must... |
| CVE-2016-10765 | 2019-07-29 | edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address. |
| CVE-2016-10766 | 2019-07-29 | edx-platform before 2016-06-06 allows CSRF. |
| CVE-2019-11868 | 2019-07-29 | See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call an IOCTL specifying any kernel address to which arbitrary bytes are written... |
| CVE-2019-14271 | 2019-07-29 | In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains... |
| CVE-2019-13571 | 2019-07-29 | A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary... |
| CVE-2018-17211 | 2019-07-29 | An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. An unauthenticated attacker can view details about the printers associated with CPS via a crafted HTTP GET request. |
| CVE-2018-17213 | 2019-07-29 | An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. A user without valid credentials can bypass the authentication process, obtaining a valid session cookie with guest/pseudo-guest level... |
| CVE-2018-11773 | 2019-07-29 | Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php... |
| CVE-2018-11774 | 2019-07-29 | Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements.... |
| CVE-2018-11772 | 2019-07-29 | Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node (if any) was previously selected in the privilege tree. The cookie data is then... |
| CVE-2019-13655 | 2019-07-29 | Imgix through 2019-06-19 allows remote attackers to cause a denial of service (resource consumption) by manipulating a small JPEG file to specify dimensions of 64250x64250 pixels, which is mishandled during... |
| CVE-2019-14415 | 2019-07-29 | An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another user's... |
| CVE-2019-14416 | 2019-07-29 | An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the... |
| CVE-2019-14417 | 2019-07-29 | An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the... |
| CVE-2019-14418 | 2019-07-29 | An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite... |
| CVE-2019-14431 | 2019-07-29 | In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution... |
| CVE-2019-3948 | 2019-07-29 | The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R,... |
| CVE-2018-18570 | 2019-07-29 | Planon before Live Build 41 has XSS. |
| CVE-2019-14439 | 2019-07-30 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed... |
| CVE-2019-14441 | 2019-07-30 | An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float... |
| CVE-2019-14442 | 2019-07-30 | In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause... |
| CVE-2019-14443 | 2019-07-30 | An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. |
| CVE-2019-14444 | 2019-07-30 | apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as... |
| CVE-2019-13635 | 2019-07-30 | The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFastestCache.php and inc/cache.php Directory Traversal. |
| CVE-2019-14327 | 2019-07-30 | A CSRF vulnerability in Settings form in the Custom Simple Rss plugin 2.0.6 for WordPress allows attackers to change the plugin settings. |
| CVE-2017-18380 | 2019-07-30 | edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name. |
| CVE-2015-9290 | 2019-07-30 | In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going... |
| CVE-2019-14386 | 2019-07-30 | cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). |
| CVE-2019-14381 | 2019-07-30 | libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot. |
| CVE-2019-14387 | 2019-07-30 | cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). |
| CVE-2019-14388 | 2019-07-30 | cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507). |
| CVE-2019-14389 | 2019-07-30 | cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510). |
| CVE-2019-14390 | 2019-07-30 | cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). |
| CVE-2019-14391 | 2019-07-30 | cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). |
| CVE-2019-4062 | 2019-07-30 | IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to... |
| CVE-2019-4285 | 2019-07-30 | IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web... |
| CVE-2019-4456 | 2019-07-30 | IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this... |
| CVE-2019-11775 | 2019-07-30 | All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning... |
| CVE-2018-20867 | 2019-07-30 | cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462). |
| CVE-2019-14392 | 2019-07-30 | cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501). |
| CVE-2019-14393 | 2019-07-30 | cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486). |
| CVE-2019-14394 | 2019-07-30 | cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489). |
| CVE-2019-14395 | 2019-07-30 | cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494). |
| CVE-2019-14396 | 2019-07-30 | API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495). |
| CVE-2019-14397 | 2019-07-30 | cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496). |
| CVE-2019-14398 | 2019-07-30 | cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498). |
| CVE-2019-14399 | 2019-07-30 | The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477). |
| CVE-2019-14400 | 2019-07-30 | cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479). |
| CVE-2019-14401 | 2019-07-30 | cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480). |
| CVE-2019-14402 | 2019-07-30 | cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481). |
| CVE-2019-14403 | 2019-07-30 | cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483). |
| CVE-2019-14404 | 2019-07-30 | cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484). |
| CVE-2019-14405 | 2019-07-30 | cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487). |
| CVE-2019-14406 | 2019-07-30 | cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493). |
| CVE-2019-14407 | 2019-07-30 | cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415). |
| CVE-2019-14408 | 2019-07-30 | cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460). |
| CVE-2019-14409 | 2019-07-30 | cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466). |
| CVE-2019-14410 | 2019-07-30 | Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472). |