CVE List - 2019 / July
Showing 201 - 300 of 1618 CVEs for July 2019 (Page 3 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-5602 | 2019-07-03 | In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to... |
| CVE-2018-14863 | 2019-07-03 | Incorrect access control in the RPC framework in Odoo Community 8.0 through 11.0 and Odoo Enterprise 9.0 through 11.0 allows authenticated users to call private functions via RPC. |
| CVE-2018-14862 | 2019-07-03 | Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a... |
| CVE-2018-14861 | 2019-07-03 | Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of... |
| CVE-2018-14860 | 2019-07-03 | Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and... |
| CVE-2018-14859 | 2019-07-03 | Incorrect access control in the password reset component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated users to reset the password of other users... |
| CVE-2017-8229 | 2019-07-03 | Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which... |
| CVE-2017-8226 | 2019-07-03 | Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version... |
| CVE-2017-8230 | 2019-07-03 | On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups "admin" and "user". However, as a part of security analysis it was identified that a... |
| CVE-2017-8227 | 2019-07-03 | Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by... |
| CVE-2017-8228 | 2019-07-03 | Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours. Amcrest cloud services does not perform a thorough verification when allowing the user to add a new camera to... |
| CVE-2017-13719 | 2019-07-03 | The Amcrest IPM-721S Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 allows HTTP requests that permit enabling various functionalities of the camera by using HTTP APIs, instead of the web management interface that is provided by the... |
| CVE-2019-12844 | 2019-07-03 | A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3. |
| CVE-2019-12845 | 2019-07-03 | The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3. |
| CVE-2019-12843 | 2019-07-03 | A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3. |
| CVE-2019-12841 | 2019-07-03 | Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2. |
| CVE-2019-12842 | 2019-07-03 | A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2. |
| CVE-2019-12846 | 2019-07-03 | A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2. |
| CVE-2019-12852 | 2019-07-03 | An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168. |
| CVE-2019-13207 | 2019-07-03 | nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() function in dname.c. |
| CVE-2019-13074 | 2019-07-03 | A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management. |
| CVE-2019-9827 | 2019-07-03 | Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring... |
| CVE-2015-3907 | 2019-07-03 | CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE attacks. |
| CVE-2019-13208 | 2019-07-03 | WavesSysSvc in Waves MAXX Audio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. This affects WavesSysSvc64.exe 1.9.29.0. |
| CVE-2019-13226 | 2019-07-04 | deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location... |
| CVE-2019-13227 | 2019-07-04 | In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there... |
| CVE-2019-13228 | 2019-07-04 | deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there... |
| CVE-2019-13229 | 2019-07-04 | deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo() function to write a log file as root, and follows symlinks there. An unprivileged user can prepare a symlink... |
| CVE-2019-13232 | 2019-07-04 | Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue. |
| CVE-2019-13233 | 2019-07-04 | In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for... |
| CVE-2018-20850 | 2019-07-04 | Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server. |
| CVE-2019-13238 | 2019-07-04 | An issue was discovered in Bento4 1.5.1.0. A memory allocation failure is unhandled in Core/Ap4SdpAtom.cpp and leads to crashes. When parsing input video, the program allocates a new buffer to... |
| CVE-2019-13239 | 2019-07-04 | inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture. |
| CVE-2019-13241 | 2019-07-04 | FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled... |
| CVE-2019-13242 | 2019-07-04 | IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x0000000000013a98. |
| CVE-2019-13243 | 2019-07-04 | IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00000000000249c6. |
| CVE-2019-13244 | 2019-07-04 | FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x0000000000002d7d. |
| CVE-2019-13245 | 2019-07-04 | FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a95b1. |
| CVE-2019-13246 | 2019-07-04 | FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a9601. |
| CVE-2019-13247 | 2019-07-04 | ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000024ed. |
| CVE-2019-13248 | 2019-07-04 | ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x0000000000002450. |
| CVE-2019-13249 | 2019-07-04 | ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000b9e7a. |
| CVE-2019-13250 | 2019-07-04 | ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000b9c2f. |
| CVE-2019-13251 | 2019-07-04 | ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000c47ff. |
| CVE-2019-13252 | 2019-07-04 | ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000001172b0. |
| CVE-2019-13253 | 2019-07-04 | XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000385474. |
| CVE-2019-13254 | 2019-07-04 | XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e808. |
| CVE-2019-13255 | 2019-07-04 | XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327464. |
| CVE-2019-13256 | 2019-07-04 | XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e849. |
| CVE-2019-13257 | 2019-07-04 | XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003273aa. |
| CVE-2019-13258 | 2019-07-04 | XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328165. |
| CVE-2019-13259 | 2019-07-04 | XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e566. |
| CVE-2019-13260 | 2019-07-04 | XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327a07. |
| CVE-2019-13261 | 2019-07-04 | XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384. |
| CVE-2019-13262 | 2019-07-04 | XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb. |
| CVE-2019-13275 | 2019-07-04 | An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable... |
| CVE-2019-13281 | 2019-07-04 | In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF... |
| CVE-2019-13282 | 2019-07-04 | In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a... |
| CVE-2019-13283 | 2019-07-04 | In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making... |
| CVE-2019-1886 | 2019-07-04 | Cisco Web Security Appliance HTTPS Certificate Denial of Service Vulnerability |
| CVE-2019-1884 | 2019-07-04 | Cisco Web Security Appliance Web Proxy Denial of Service Vulnerability |
| CVE-2019-1855 | 2019-07-04 | Cisco Jabber for Windows DLL Preloading Vulnerability |
| CVE-2019-1889 | 2019-07-04 | Cisco Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability |
| CVE-2019-1890 | 2019-07-04 | Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability |
| CVE-2019-13286 | 2019-07-04 | In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the... |
| CVE-2019-13287 | 2019-07-04 | In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the... |
| CVE-2019-13288 | 2019-07-04 | In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to... |
| CVE-2019-13289 | 2019-07-04 | In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm... |
| CVE-2019-13290 | 2019-07-04 | Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large... |
| CVE-2019-13291 | 2019-07-04 | In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the... |
| CVE-2019-13292 | 2019-07-04 | A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into... |
| CVE-2019-13294 | 2019-07-04 | AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system. |
| CVE-2019-13295 | 2019-07-05 | ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. |
| CVE-2019-13296 | 2019-07-05 | ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value. |
| CVE-2019-13297 | 2019-07-05 | ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. |
| CVE-2019-13298 | 2019-07-05 | ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error. |
| CVE-2019-13299 | 2019-07-05 | ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel. |
| CVE-2019-13300 | 2019-07-05 | ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. |
| CVE-2019-13301 | 2019-07-05 | ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error. |
| CVE-2019-13302 | 2019-07-05 | ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages. |
| CVE-2019-13303 | 2019-07-05 | ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage. |
| CVE-2019-13304 | 2019-07-05 | ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment. |
| CVE-2019-13305 | 2019-07-05 | ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. |
| CVE-2019-13306 | 2019-07-05 | ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. |
| CVE-2019-13307 | 2019-07-05 | ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. |
| CVE-2019-13308 | 2019-07-05 | ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage. |
| CVE-2019-13309 | 2019-07-05 | ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. |
| CVE-2019-13310 | 2019-07-05 | ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. |
| CVE-2019-13311 | 2019-07-05 | ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error. |
| CVE-2019-13312 | 2019-07-05 | block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read. |
| CVE-2019-13144 | 2019-07-05 | myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. This is fixed in 1.5. |
| CVE-2019-5960 | 2019-07-05 | Cross-site request forgery (CSRF) vulnerability in WP Open Graph 1.6.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
| CVE-2019-5961 | 2019-07-05 | The Android App 'Tootdon for Mastodon' version 3.4.1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2019-5962 | 2019-07-05 | Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2019-5963 | 2019-07-05 | Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
| CVE-2019-5964 | 2019-07-05 | iDoors Reader 2.10.17 and earlier allows an attacker on the same network segment to bypass authentication to access the management console and operate the product via unspecified vectors. |
| CVE-2019-5965 | 2019-07-05 | Open redirect vulnerability in Joruri Mail 2.1.4 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
| CVE-2019-5966 | 2019-07-05 | Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and alter/disclose the information via unspecified vectors. |
| CVE-2019-5967 | 2019-07-05 | Cross-site scripting vulnerability in Joruri CMS 2017 Release2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2019-5968 | 2019-07-05 | Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and earlier allows remote attackers to hijack the authentication of administrators via updating user's 'Basic Info'. |