IDCVSSSummaryLast (major) updatePublished
CVE-2016-6154 None
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
23-08-2019 - 18:15 23-08-2019 - 18:15
CVE-2019-6695 None
Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods.
23-08-2019 - 17:15 23-08-2019 - 17:15
CVE-2019-5594 None
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webU
23-08-2019 - 17:15 23-08-2019 - 17:15
CVE-2019-15092 None
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporte
23-08-2019 - 17:15 23-08-2019 - 17:15
CVE-2019-12400 None
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with t
23-08-2019 - 17:15 23-08-2019 - 17:15
CVE-2018-13367 None
An information exposure vulnerability in FortiOS 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI.
23-08-2019 - 17:15 23-08-2019 - 17:15
CVE-2019-7364 None
DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 201
23-08-2019 - 16:15 23-08-2019 - 16:15
CVE-2019-7363 None
Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a use-after-free vulnerability, which may result in code execution.
23-08-2019 - 16:15 23-08-2019 - 16:15
CVE-2019-7362 None
DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL preloading vulnerability, which may result in code execution.
23-08-2019 - 16:15 23-08-2019 - 16:15
CVE-2019-6698 None
Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they ar
23-08-2019 - 16:15 23-08-2019 - 16:15
CVE-2019-5592 None
Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Ins
23-08-2019 - 16:15 23-08-2019 - 16:15
CVE-2019-1583 None
Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. Active interaction with an affected component i
23-08-2019 - 14:19 23-08-2019 - 14:15
CVE-2019-1582 None
Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session.
23-08-2019 - 14:19 23-08-2019 - 14:15
CVE-2019-1581 None
Mitigation bypass in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to execute arbitrary code by crafting a malicious message.
23-08-2019 - 14:19 23-08-2019 - 14:15
CVE-2019-1580 None
Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.
23-08-2019 - 14:19 23-08-2019 - 14:15
CVE-2019-15537 None
The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php.
23-08-2019 - 14:19 23-08-2019 - 14:15
CVE-2019-15536 None
The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records.
23-08-2019 - 14:19 23-08-2019 - 14:15
CVE-2019-15535 None
Tasking Manager before 3.4.0 allows SQL Injection via custom SQL.
23-08-2019 - 14:19 23-08-2019 - 14:15
CVE-2019-11654 None
Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files.
23-08-2019 - 14:19 23-08-2019 - 14:15
CVE-2019-15531 None
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.
23-08-2019 - 13:15 23-08-2019 - 13:15
CVE-2019-15530 None
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login.
23-08-2019 - 13:15 23-08-2019 - 13:15
CVE-2019-15529 None
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login.
23-08-2019 - 13:15 23-08-2019 - 13:15
CVE-2019-15528 None
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings.
23-08-2019 - 13:15 23-08-2019 - 13:15
CVE-2019-15527 None
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings.
23-08-2019 - 13:15 23-08-2019 - 13:15
CVE-2019-15526 None
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482.
23-08-2019 - 13:15 23-08-2019 - 13:15
CVE-2019-13014 None
Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after
23-08-2019 - 13:15 23-08-2019 - 13:15
CVE-2019-13013 None
Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying
23-08-2019 - 13:15 23-08-2019 - 13:15
CVE-2019-10751 None
All versions of the HTTPie package are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a serve
23-08-2019 - 13:15 23-08-2019 - 13:15
CVE-2019-10750 None
deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using using a _proto_ payload.
23-08-2019 - 13:15 23-08-2019 - 13:15
CVE-2019-10747 None
set-value is vulnerable to Prototype Pollution in versions before 2.0.1 and version 3.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads.
23-08-2019 - 13:15 23-08-2019 - 13:15
CVE-2019-10746 None
mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
23-08-2019 - 13:15 23-08-2019 - 13:15
CVE-2019-15525 None
There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1.
23-08-2019 - 12:15 23-08-2019 - 12:15
CVE-2019-15520 None
comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory.
23-08-2019 - 11:15 23-08-2019 - 11:15
CVE-2019-15519 None
Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin.
23-08-2019 - 11:15 23-08-2019 - 11:15
CVE-2019-15518 None
Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler.
23-08-2019 - 11:15 23-08-2019 - 11:15
CVE-2019-15517 None
jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal.
23-08-2019 - 11:15 23-08-2019 - 11:15
CVE-2019-15516 None
Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring.
23-08-2019 - 11:15 23-08-2019 - 11:15
CVE-2019-8447 None
The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability.
23-08-2019 - 10:45 23-08-2019 - 10:15
CVE-2019-8446 None
The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.
23-08-2019 - 10:45 23-08-2019 - 10:15
CVE-2019-8445 None
Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check.
23-08-2019 - 10:45 23-08-2019 - 10:15
CVE-2019-8444 None
The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification.
23-08-2019 - 10:45 23-08-2019 - 10:15
CVE-2019-14999 None
The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forg
23-08-2019 - 10:45 23-08-2019 - 10:15
CVE-2019-13423 None
Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana
23-08-2019 - 10:45 23-08-2019 - 10:15
CVE-2019-13422 None
Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login.
23-08-2019 - 10:45 23-08-2019 - 10:15
CVE-2019-13421 None
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.
23-08-2019 - 10:45 23-08-2019 - 10:15
CVE-2019-11589 None
The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site requ
23-08-2019 - 10:45 23-08-2019 - 10:15
CVE-2019-11588 None
The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request for
23-08-2019 - 10:45 23-08-2019 - 10:15
CVE-2019-11587 None
Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (C
23-08-2019 - 10:45 23-08-2019 - 10:15
CVE-2019-11586 None
The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerabilit
23-08-2019 - 10:45 23-08-2019 - 10:15
CVE-2019-11585 None
The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a p
23-08-2019 - 10:45 23-08-2019 - 10:15
Back to Top Mark selected
Back to Top