CVE List - 2019 / July
Showing 501 - 600 of 1618 CVEs for July 2019 (Page 6 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-0327 | 2019-07-10 | SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload... |
| CVE-2019-0328 | 2019-07-10 | ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker... |
| CVE-2019-0329 | 2019-07-10 | SAP Information Steward, version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
| CVE-2019-0330 | 2019-07-10 | The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by... |
| CVE-2019-12803 | 2019-07-10 | Hunesion i-oneNet unrestricted file upload vulnerability |
| CVE-2019-12804 | 2019-07-10 | Hunesion i-oneNet Missing Support for Integrity Check vulnerability |
| CVE-2019-5444 | 2019-07-10 | Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows attackers to list any file in arbitrary folder. |
| CVE-2019-5445 | 2019-07-10 | DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands. |
| CVE-2019-5446 | 2019-07-10 | Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root. |
| CVE-2019-13481 | 2019-07-10 | An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MTU field to SetWanSettings. |
| CVE-2019-13482 | 2019-07-10 | An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings. |
| CVE-2019-13488 | 2019-07-10 | A cross-site scripting (XSS) vulnerability in static/js/trape.js in Trape through 2019-05-08 allows remote attackers to inject arbitrary web script or HTML via the country, query, or refer parameter to the... |
| CVE-2019-13489 | 2019-07-10 | Trape through 2019-05-08 has SQL injection via the data[2] variable in core/db.py, as demonstrated by the /bs t parameter. |
| CVE-2019-10135 | 2019-07-11 | A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load() function allowed the user to load any suspicious object... |
| CVE-2019-13504 | 2019-07-11 | There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2. |
| CVE-2019-13503 | 2019-07-11 | mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read. |
| CVE-2019-13505 | 2019-07-11 | The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1. |
| CVE-2019-1010003 | 2019-07-11 | Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS). |
| CVE-2019-12838 | 2019-07-11 | SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. |
| CVE-2019-13506 | 2019-07-11 | @nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandles object keys, leading to XSS. |
| CVE-2019-12597 | 2019-07-11 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName. |
| CVE-2019-12596 | 2019-07-11 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType. |
| CVE-2019-12595 | 2019-07-11 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter. |
| CVE-2019-12540 | 2019-07-11 | An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field. |
| CVE-2019-12539 | 2019-07-11 | An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189. |
| CVE-2019-12537 | 2019-07-11 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field. |
| CVE-2019-12363 | 2019-07-11 | An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via... |
| CVE-2019-13507 | 2019-07-11 | hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. |
| CVE-2018-11744 | 2019-07-11 | Cloudera Manager through 5.15 has Incorrect Access Control. |
| CVE-2019-10340 | 2019-07-11 | A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained... |
| CVE-2019-10341 | 2019-07-11 | A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through... |
| CVE-2019-10342 | 2019-07-11 | A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. |
| CVE-2019-10346 | 2019-07-11 | A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin. |
| CVE-2019-10347 | 2019-07-11 | Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system. |
| CVE-2019-10348 | 2019-07-11 | Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master... |
| CVE-2019-10349 | 2019-07-11 | A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in... |
| CVE-2019-10350 | 2019-07-11 | Jenkins Port Allocator Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the... |
| CVE-2019-10351 | 2019-07-11 | Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the... |
| CVE-2019-13560 | 2019-07-11 | D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter. |
| CVE-2019-13561 | 2019-07-11 | D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter. |
| CVE-2019-13562 | 2019-07-11 | D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter. |
| CVE-2019-13563 | 2019-07-11 | D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console. |
| CVE-2019-13564 | 2019-07-11 | XSS exists in Ping Identity Agentless Integration Kit before 1.5. |
| CVE-2019-10651 | 2019-07-11 | An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x before 2018.3 SU3, with remote code execution. In other words, the issue... |
| CVE-2019-12527 | 2019-07-11 | An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that... |
| CVE-2019-11268 | 2019-07-11 | UAA SQL Identity Zone Vulnerability |
| CVE-2019-12525 | 2019-07-11 | An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain... |
| CVE-2019-9886 | 2019-07-11 | eClass platform allows user to download arbitrary files without authentication |
| CVE-2019-11062 | 2019-07-11 | SUNNET WMPro v5.0 and v5.1 has OS Command Injection |
| CVE-2019-3889 | 2019-07-11 | A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization... |
| CVE-2019-10192 | 2019-07-11 | A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the... |
| CVE-2019-10193 | 2019-07-11 | A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE... |
| CVE-2019-10194 | 2019-07-11 | Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with... |
| CVE-2019-12529 | 2019-07-11 | An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via... |
| CVE-2019-7003 | 2019-07-11 | ACM SQL Injection |
| CVE-2018-17150 | 2019-07-11 | Intersystems Cache 2017.2.2.865.0 allows XSS. |
| CVE-2018-17152 | 2019-07-11 | Intersystems Cache 2017.2.2.865.0 allows XXE. |
| CVE-2018-17151 | 2019-07-11 | Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control. |
| CVE-2018-19588 | 2019-07-11 | Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control. |
| CVE-2019-13029 | 2019-07-11 | Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML... |
| CVE-2019-9657 | 2019-07-11 | Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a different issue than CVE-2018-19588. This occurs because of incorrect protection of VPN certificates (used for initiating a VPN session to the... |
| CVE-2014-3798 | 2019-07-11 | The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame. |
| CVE-2019-12575 | 2019-07-11 | A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The... |
| CVE-2019-1010319 | 2019-07-11 | WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is:... |
| CVE-2019-12579 | 2019-07-11 | A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to run arbitrary code with elevated... |
| CVE-2019-1010317 | 2019-07-11 | WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is:... |
| CVE-2019-1010316 | 2019-07-11 | pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. The impact is: False locking impression when run in a non-X11 session. The fixed version is: 0.4. |
| CVE-2019-12577 | 2019-07-11 | A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The... |
| CVE-2019-12573 | 2019-07-11 | A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to overwrite arbitrary files. The openvpn_launcher... |
| CVE-2019-1010314 | 2019-07-11 | Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description.... |
| CVE-2019-1010315 | 2019-07-11 | WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse... |
| CVE-2019-12576 | 2019-07-11 | A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The... |
| CVE-2019-0046 | 2019-07-11 | Junos OS: EX4300 Series: Denial of Service upon receipt of large number of specific valid packets on management interface. |
| CVE-2019-0048 | 2019-07-11 | EX4300 Series: When a firewall filter is applied to a loopback interface, other firewall filters for multicast traffic may fail |
| CVE-2019-0049 | 2019-07-11 | Junos OS: RPD process crashes when BGP peer restarts |
| CVE-2019-0052 | 2019-07-11 | SRX Series: srxpfe process crash while JSF/UTM module parses specific HTTP packets |
| CVE-2019-0053 | 2019-07-11 | Junos OS: Insufficient validation of environment variables in telnet client may lead to stack-based buffer overflow |
| CVE-2019-12571 | 2019-07-11 | A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v0.9.8 beta (build 02099) for macOS could allow an authenticated, local attacker to overwrite arbitrary files. When... |
| CVE-2019-10970 | 2019-07-11 | In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to... |
| CVE-2019-12578 | 2019-07-11 | A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The... |
| CVE-2018-1968 | 2019-07-11 | IBM Security Identity Manager 7.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153749. |
| CVE-2019-4118 | 2019-07-11 | IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could allow a local attacker with admin privileges to obtain highly sensitive information upon deployment. IBM X-Force ID: 158144. |
| CVE-2019-4131 | 2019-07-11 | IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. IBM X-Force ID: 158270. |
| CVE-2019-4193 | 2019-07-11 | IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server... |
| CVE-2019-4263 | 2019-07-11 | IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015. |
| CVE-2019-12574 | 2019-07-11 | A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v1.0 for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The... |
| CVE-2019-12751 | 2019-07-11 | Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application... |
| CVE-2019-5528 | 2019-07-11 | VMware ESXi 6.5 suffers from partial denial of service vulnerability in hostd process. Patch ESXi650-201907201-UG for this issue is available. |
| CVE-2019-11133 | 2019-07-11 | Improper access control in the Intel(R) Processor Diagnostic Tool before version 4.1.2.24 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via... |
| CVE-2018-18095 | 2019-07-11 | Improper authentication in firmware for Intel(R) SSD DC S4500 Series and Intel(R) SSD DC S4600 Series before SCV10150 may allow an unprivileged user to potentially enable escalation of privilege via... |
| CVE-2018-17196 | 2019-07-11 | In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the... |
| CVE-2019-3415 | 2019-07-11 | ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Due to path traversal,users can download any files. |
| CVE-2019-10915 | 2019-07-11 | A vulnerability has been identified in TIA Administrator (All versions < V1.0 SP1 Upd1). The integrated configuration web application (TIA Administrator) allows to execute certain application commands without proper authentication.... |
| CVE-2019-10930 | 2019-07-11 | A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering... |
| CVE-2019-10931 | 2019-07-11 | A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering... |
| CVE-2019-10933 | 2019-07-11 | A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate User Interface)... |
| CVE-2019-10935 | 2019-07-11 | A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7... |
| CVE-2019-13574 | 2019-07-12 | In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed... |
| CVE-2019-13567 | 2019-07-12 | The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom... |
| CVE-2019-13494 | 2019-07-12 | nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0.9 has a stack-based buffer overflow via a long variable string in a Map Objects text file. |