IDCVSSSummaryLast (major) updatePublished
CVE-2019-11378 None
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access u
20-04-2019 - 11:29 20-04-2019 - 11:29
CVE-2019-11377 None
wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function.
20-04-2019 - 11:29 20-04-2019 - 11:29
CVE-2019-11376 None
** DISPUTED ** SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box. NOTE: the vendor indicates that there was an assumption that the content is "made editable on its own."
20-04-2019 - 11:29 20-04-2019 - 11:29
CVE-2019-11375 None
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.
20-04-2019 - 11:29 20-04-2019 - 11:29
CVE-2019-11374 None
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
20-04-2019 - 11:29 20-04-2019 - 11:29
CVE-2019-11373 None
An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
20-04-2019 - 11:29 20-04-2019 - 11:29
CVE-2019-11372 None
An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
20-04-2019 - 11:29 20-04-2019 - 11:29
CVE-2019-11366 None
An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference.
20-04-2019 - 09:29 20-04-2019 - 09:29
CVE-2019-11365 None
An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes
20-04-2019 - 09:29 20-04-2019 - 09:29
CVE-2019-11362 None
app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI.
20-04-2019 - 09:29 20-04-2019 - 09:29
CVE-2019-11359 None
Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter.
19-04-2019 - 20:29 19-04-2019 - 20:29
CVE-2019-11358 None
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n
19-04-2019 - 20:29 19-04-2019 - 20:29
CVE-2018-20817 None
SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentic
19-04-2019 - 19:29 19-04-2019 - 19:29
CVE-2019-11354 None
The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://g
19-04-2019 - 18:29 19-04-2019 - 18:29
CVE-2019-11351 None
TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt framework.
19-04-2019 - 17:29 19-04-2019 - 17:29
CVE-2019-11350 None
CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page.
19-04-2019 - 17:29 19-04-2019 - 17:29
CVE-2019-2041 None
In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. U
19-04-2019 - 16:29 19-04-2019 - 16:29
CVE-2019-2040 None
In rw_i93_process_ext_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitat
19-04-2019 - 16:29 19-04-2019 - 16:29
CVE-2019-2039 None
In rw_i93_sm_detect_ndef of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. P
19-04-2019 - 16:29 19-04-2019 - 16:29
CVE-2019-2038 None
In rw_i93_process_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
19-04-2019 - 16:29 19-04-2019 - 16:29
CVE-2019-2037 None
In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out-of-bound read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for
19-04-2019 - 16:29 19-04-2019 - 16:29
CVE-2019-2035 None
In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
19-04-2019 - 16:29 19-04-2019 - 16:29
CVE-2019-2034 None
In rw_i93_sm_read_ndef of rw_i93.cc, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the NFC process with no additional execution privileges needed. User interaction is needed fo
19-04-2019 - 16:29 19-04-2019 - 16:29
CVE-2019-2033 None
In create_hdr of dnssd_clientstub.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: And
19-04-2019 - 16:29 19-04-2019 - 16:29
CVE-2019-2032 None
In SetScanResponseData of ble_advertiser_hci_interface.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not
19-04-2019 - 16:29 19-04-2019 - 16:29
CVE-2019-2031 None
In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo
19-04-2019 - 16:29 19-04-2019 - 16:29
CVE-2019-2030 None
In removeInterfaceAddress of NetworkController.cpp, there is a possible use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versio
19-04-2019 - 16:29 19-04-2019 - 16:29
CVE-2019-2029 None
In btm_proc_smp_cback of tm_ble.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.
19-04-2019 - 16:29 19-04-2019 - 16:29
CVE-2019-2028 None
In numerous hand-crafted functions in libmpeg2, NEON registers are not preserved. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Androi
19-04-2019 - 16:29 19-04-2019 - 16:29
CVE-2019-2027 None
In floor0_inverse1 of floor0.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: A
19-04-2019 - 16:29 19-04-2019 - 16:29
CVE-2019-2026 None
In updateAssistMenuItems of Editor.java, there is a possible escape from the Setup Wizard due to a missing permission check. This could lead to local escalation of privilege and FRP bypass with no additional execution privileges needed. User interact
19-04-2019 - 16:29 19-04-2019 - 16:29
CVE-2019-9841 None
Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL.
19-04-2019 - 15:29 19-04-2019 - 15:29
CVE-2019-5008 None
hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.
19-04-2019 - 15:29 19-04-2019 - 15:29
CVE-2019-11344 None
data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked.
19-04-2019 - 15:29 19-04-2019 - 15:29
CVE-2019-10886 None
An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). This vulnerability allows an attacker to read arbitrary files without authentication
19-04-2019 - 14:29 19-04-2019 - 14:29
CVE-2019-4055 None
IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564.
19-04-2019 - 13:29 19-04-2019 - 13:29
CVE-2018-1729 None
IBM QRadar SIEM 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 147708.
19-04-2019 - 13:29 19-04-2019 - 13:29
CVE-2019-11340 None
util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.uti
19-04-2019 - 10:29 19-04-2019 - 10:29
CVE-2019-10245 None
In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.
19-04-2019 - 10:29 19-04-2019 - 10:29
CVE-2019-11339 6.8
The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video dat
18-04-2019 - 20:29 18-04-2019 - 20:29
CVE-2019-11338 6.8
libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted H
18-04-2019 - 20:29 18-04-2019 - 20:29
CVE-2019-9161 10.0
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginx_webconsole.php Cookie header can be use
18-04-2019 - 19:29 18-04-2019 - 19:29
CVE-2019-11332 None
MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456.
18-04-2019 - 19:29 18-04-2019 - 19:29
CVE-2019-9160 10.0
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin passwor
18-04-2019 - 18:29 18-04-2019 - 18:29
CVE-2019-11331 7.5
Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks.
18-04-2019 - 18:29 18-04-2019 - 18:29
CVE-2019-11015 2.1
A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credential
18-04-2019 - 18:29 18-04-2019 - 18:29
CVE-2019-11324 5.0
The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure i
18-04-2019 - 17:29 18-04-2019 - 17:29
CVE-2019-3719 None
Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim us
18-04-2019 - 16:29 18-04-2019 - 16:29
CVE-2019-3718 None
Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems.
18-04-2019 - 16:29 18-04-2019 - 16:29
CVE-2019-10893 3.5
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen. By changing the email ID to any XSS P
18-04-2019 - 16:29 18-04-2019 - 16:29
Back to Top Mark selected
Back to Top