CVE-2019-10xxx

There are 889 CVE in this subgroup.
Last updated: 
← Back to 2019
ID Summary Flags Max Score
CVE-2019-10008 Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an estab...
E
CVE-2019-10009 A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When ...
E
CVE-2019-10010 Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows r...
E S
CVE-2019-10011 ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 ...
CVE-2019-10012 Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute ...
E
CVE-2019-10013 The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Over...
CVE-2019-10014 In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords...
E
CVE-2019-10015 baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form...
CVE-2019-10016 GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by...
E
CVE-2019-10017 CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Ad...
E
CVE-2019-10018 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at...
E
CVE-2019-10019 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice...
E
CVE-2019-10020 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at S...
E
CVE-2019-10021 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at...
E
CVE-2019-10022 An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::op...
E
CVE-2019-10023 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at...
E
CVE-2019-10024 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at S...
E
CVE-2019-10025 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at...
E
CVE-2019-10026 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in...
E
CVE-2019-10027 PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information sc...
E
CVE-2019-10028 Denial of Service (DOS) in Dial Reference Source Code Used before June 18th, 2019....
CVE-2019-10038 Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a l...
CVE-2019-10039 The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An...
E
CVE-2019-10040 The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An...
E
CVE-2019-10041 The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An...
E
CVE-2019-10042 The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An...
E
CVE-2019-10044 Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux...
E
CVE-2019-10045 The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session cookie ...
E
CVE-2019-10046 An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including ses...
E
CVE-2019-10047 A stored XSS vulnerability exists in the web application of Pydio through 8.2.2 that can be exploite...
E
CVE-2019-10048 The ImageMagick plugin that is installed by default in Pydio through 8.2.2 does not perform the appr...
E
CVE-2019-10049 It is possible for an attacker with regular user access to the web application of Pydio through 8.2....
E
CVE-2019-10050 A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-m...
S
CVE-2019-10051 An issue was discovered in Suricata 4.1.3. If the function filetracker_newchunk encounters an unsafe...
E S
CVE-2019-10052 An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the...
E
CVE-2019-10053 An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner ...
S
CVE-2019-10054 An issue was discovered in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for th...
E
CVE-2019-10055 An issue was discovered in Suricata 4.1.3. The function ftp_pasv_response lacks a check for the leng...
E
CVE-2019-10056 An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet ...
E
CVE-2019-10057 Various Lexmark products have CSRF....
CVE-2019-10058 Various Lexmark products have Incorrect Access Control....
CVE-2019-10059 The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices....
CVE-2019-10060 The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vuln...
CVE-2019-10061 utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable t...
S
CVE-2019-10062 The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x r...
E M
CVE-2019-10063 Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. ...
S
CVE-2019-10064 hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions w...
E S
CVE-2019-10065 An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is l...
CVE-2019-10066 An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6....
S
CVE-2019-10067 An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition...
S
CVE-2019-10068 An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0....
KEV E
CVE-2019-10069 In Godot through 3.1, remote code execution is possible due to the deserialization policy not being ...
CVE-2019-10070 Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the se...
CVE-2019-10071 The code which checks HMAC in form submissions used String.equals() for comparisons, which results i...
CVE-2019-10072 The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on ...
CVE-2019-10073 The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache ...
CVE-2019-10074 An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when ...
CVE-2019-10075 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2019-10076 A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 ...
CVE-2019-10077 A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.1...
CVE-2019-10078 A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9....
CVE-2019-10079 Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traf...
CVE-2019-10080 The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently conf...
CVE-2019-10081 HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", coul...
E
CVE-2019-10082 In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could b...
S
CVE-2019-10083 When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the reque...
CVE-2019-10084 In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queri...
M
CVE-2019-10085 In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selecto...
CVE-2019-10086 In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressi...
S
CVE-2019-10087 On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger...
CVE-2019-10088 A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in ...
CVE-2019-10089 On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger...
CVE-2019-10090 On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger...
CVE-2019-10091 When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perf...
CVE-2019-10092 In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the ...
E S
CVE-2019-10093 In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available S...
CVE-2019-10094 A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a...
CVE-2019-10095 bash command injection in spark interpreter
CVE-2019-10096 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2019-10097 In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary ...
CVE-2019-10098 In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to b...
CVE-2019-10099 Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, e...
CVE-2019-10100 In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server S...
CVE-2019-10101 JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the...
E
CVE-2019-10102 JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolvin...
CVE-2019-10103 JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were r...
CVE-2019-10104 In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for T...
CVE-2019-10105 CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, whic...
E
CVE-2019-10106 CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "...
E
CVE-2019-10107 CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via t...
E
CVE-2019-10108 An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition...
E
CVE-2019-10109 An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Editi...
E
CVE-2019-10110 An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab Community and Enterprise Editi...
E
CVE-2019-10111 An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8...
E
CVE-2019-10112 An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8...
E
CVE-2019-10113 An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8...
E
CVE-2019-10114 An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Editi...
E
CVE-2019-10115 An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Editi...
E
CVE-2019-10116 An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Editi...
CVE-2019-10117 An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8...
E
CVE-2019-10118 Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the A...
S
CVE-2019-10119 eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authen...
CVE-2019-10120 On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login config...
CVE-2019-10121 eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authen...
CVE-2019-10122 eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43.16 have buffer overflows in t...
CVE-2019-10123 SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS lo...
E
CVE-2019-10124 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2019-10125 An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be r...
E S
CVE-2019-10126 A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies fun...
S
CVE-2019-10127 A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQ...
S
CVE-2019-10128 A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for Enter...
E
CVE-2019-10129 A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert ...
CVE-2019-10130 A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10....
CVE-2019-10131 An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the format...
S
CVE-2019-10132 A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socke...
S
CVE-2019-10133 A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts co...
S
CVE-2019-10134 A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of users' private fi...
S
CVE-2019-10135 A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. I...
S
CVE-2019-10136 It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums...
CVE-2019-10137 A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy p...
M
CVE-2019-10138 A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Ha...
CVE-2019-10139 During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/o...
CVE-2019-10140 A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An at...
CVE-2019-10141 A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, ...
S
CVE-2019-10142 A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions ...
CVE-2019-10143 It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrota...
E
CVE-2019-10144 rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. P...
E
CVE-2019-10145 rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. P...
E
CVE-2019-10146 A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-...
CVE-2019-10147 rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. P...
E
CVE-2019-10148 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-12779. Reason: This candidat...
R
CVE-2019-10149 A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address...
KEV E S
CVE-2019-10150 It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key ...
CVE-2019-10151 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-10152 A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it hand...
S
CVE-2019-10153 A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a...
S
CVE-2019-10154 A flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restr...
S
CVE-2019-10155 The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange pa...
S
CVE-2019-10156 A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.1...
S
CVE-2019-10157 It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web to...
CVE-2019-10158 A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the sessi...
S
CVE-2019-10159 cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an ...
CVE-2019-10160 A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f2624...
S
CVE-2019-10161 It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to u...
S
CVE-2019-10162 A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowi...
S
CVE-2019-10163 A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowin...
S
CVE-2019-10164 PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based b...
CVE-2019-10165 OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs...
S
CVE-2019-10166 It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit r...
CVE-2019-10167 The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4...
CVE-2019-10168 The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x befor...
CVE-2019-10169 A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be s...
CVE-2019-10170 A flaw was found in the Keycloak admin console, where the realm management interface permits a scrip...
CVE-2019-10171 It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was i...
CVE-2019-10172 A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vul...
CVE-2019-10173 It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous de...
S
CVE-2019-10174 A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ...
CVE-2019-10175 A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-...
CVE-2019-10176 A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens ...
CVE-2019-10177 A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForm...
CVE-2019-10178 It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from th...
CVE-2019-10179 A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Ag...
CVE-2019-10180 A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) d...
CVE-2019-10181 It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be inject...
S
CVE-2019-10182 It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from ele...
S
CVE-2019-10183 Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattende...
CVE-2019-10184 undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have t...
S
CVE-2019-10185 It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attac...
S
CVE-2019-10186 A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being...
S
CVE-2019-10187 A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entr...
S
CVE-2019-10188 A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modif...
S
CVE-2019-10189 A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group coul...
S
CVE-2019-10190 A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 befo...
CVE-2019-10191 A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows re...
CVE-2019-10192 A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x ...
S
CVE-2019-10193 A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x...
S
CVE-2019-10194 Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found ...
CVE-2019-10195 A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4....
CVE-2019-10196 A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent pas...
S
CVE-2019-10197 A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up...
M
CVE-2019-10198 An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, co...
S
CVE-2019-10199 It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in...
CVE-2019-10200 A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to crea...
S
CVE-2019-10201 It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signa...
M
CVE-2019-10202 A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EA...
CVE-2019-10203 PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when ...
CVE-2019-10204 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2019-10205 A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able...
CVE-2019-10206 ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 ...
CVE-2019-10207 A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x b...
CVE-2019-10208 A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before ...
CVE-2019-10209 Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison...
CVE-2019-10210 Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via s...
CVE-2019-10211 Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via b...
CVE-2019-10212 A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. I...
M
CVE-2019-10213 OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod log...
S
CVE-2019-10214 The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Ente...
S
CVE-2019-10215 Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highli...
S
CVE-2019-10216 In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged...
S
CVE-2019-10217 A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such...
E
CVE-2019-10218 A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, wh...
CVE-2019-10219 A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properl...
CVE-2019-10220 Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in direc...
S
CVE-2019-10221 A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the ...
CVE-2019-10222 A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests....
S
CVE-2019-10223 A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimenta...
E
CVE-2019-10224 A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode,...
CVE-2019-10225 A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Co...
M
CVE-2019-10226 HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authent...
E
CVE-2019-10227 openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component....
CVE-2019-10229 An issue was discovered in MailStore Server (and Service Provider Edition) 9.x through 11.x before 1...
CVE-2019-10231 Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authe...
S
CVE-2019-10232 Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php....
S
CVE-2019-10233 Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie....
S
CVE-2019-10237 S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?typ...
E
CVE-2019-10238 Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter....
E
CVE-2019-10239 Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently, which allows locally authent...
E
CVE-2019-10240 Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI ove...
E
CVE-2019-10241 In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vul...
S
CVE-2019-10242 In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet...
CVE-2019-10243 In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its repli...
CVE-2019-10244 In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple ...
CVE-2019-10245 In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a metho...
S
CVE-2019-10246 In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to ...
CVE-2019-10247 In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the ser...
S
CVE-2019-10248 Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP ...
CVE-2019-10249 All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and ...
E
CVE-2019-10250 UCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading certain PDF modules, which allows...
E
CVE-2019-10251 The UCWeb UC Browser application through 2019-03-26 for Android uses HTTP to download certain module...
E
CVE-2019-10253 A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote ...
E
CVE-2019-10254 In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS...
S
CVE-2019-10255 An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (...
S
CVE-2019-10256 An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found....
CVE-2019-10257 Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Unauthenticated users can escape ...
E
CVE-2019-10260 Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin...
S
CVE-2019-10261 CentOS Web Panel (CWP) 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and ...
E
CVE-2019-10262 A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_id is spliced directly in uplo...
E
CVE-2019-10263 An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When creating a trial account, ...
E
CVE-2019-10264 An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator acco...
E
CVE-2019-10265 An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced...
E
CVE-2019-10266 An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds X...
CVE-2019-10267 An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50...
E
CVE-2019-10268 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2019-10269 BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_rest...
E S
CVE-2019-10270 An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. I...
E
CVE-2019-10271 An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized pro...
CVE-2019-10272 An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the /wor...
E
CVE-2019-10273 Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 softwar...
E
CVE-2019-10276 Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.ph...
E
CVE-2019-10277 Jenkins StarTeam Plugin stores credentials unencrypted in job config.xml files on the Jenkins master...
CVE-2019-10278 A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDes...
CVE-2019-10279 A missing permission check in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestCo...
CVE-2019-10280 Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration f...
CVE-2019-10281 Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global c...
CVE-2019-10282 Jenkins Klaros-Testmanagement Plugin stores credentials unencrypted in job config.xml files on the J...
CVE-2019-10283 Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master whe...
CVE-2019-10284 Jenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins ma...
CVE-2019-10285 Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the ...
CVE-2019-10286 Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins maste...
CVE-2019-10287 Jenkins youtrack-plugin Plugin 0.7.1 and older stored credentials unencrypted in its global configur...
CVE-2019-10288 Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the ...
CVE-2019-10289 A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older i...
CVE-2019-10290 A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuil...
CVE-2019-10291 Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global co...
CVE-2019-10292 A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorIm...
CVE-2019-10293 A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validati...
CVE-2019-10294 Jenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master whe...
CVE-2019-10295 Jenkins crittercism-dsym Plugin stores credentials unencrypted in job config.xml files on the Jenkin...
CVE-2019-10296 Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on ...
CVE-2019-10297 Jenkins Sametime Plugin stores credentials unencrypted in its global configuration file on the Jenki...
CVE-2019-10298 Jenkins Koji Plugin stores credentials unencrypted in its global configuration file on the Jenkins m...
CVE-2019-10299 Jenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in its global configuration file...
CVE-2019-10300 A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLab...
CVE-2019-10301 A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig...
CVE-2019-10302 Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration f...
CVE-2019-10303 Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in...
CVE-2019-10304 A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#d...
CVE-2019-10305 A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNam...
CVE-2019-10306 A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with cont...
CVE-2019-10307 A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earl...
CVE-2019-10308 A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the Defau...
CVE-2019-10309 Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jen...
CVE-2019-10310 A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the ...
CVE-2019-10311 A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallatio...
CVE-2019-10312 A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallatio...
CVE-2019-10313 Jenkins Twitter Plugin stores credentials unencrypted in its global configuration file on the Jenkin...
CVE-2019-10314 Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM....
CVE-2019-10315 Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to pr...
CVE-2019-10316 Jenkins Aqua MicroScanner Plugin 1.0.5 and earlier stored credentials unencrypted in its global conf...
CVE-2019-10317 Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS and hostname verification globally for t...
CVE-2019-10318 Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config....
CVE-2019-10319 A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in Pam...
CVE-2019-10320 Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update cred...
M
CVE-2019-10321 A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in Artifa...
CVE-2019-10322 A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.Des...
E
CVE-2019-10323 A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentia...
E
CVE-2019-10324 A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in Releas...
CVE-2019-10325 A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacke...
CVE-2019-10326 A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed a...
CVE-2019-10327 An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and ...
CVE-2019-10328 Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script securit...
CVE-2019-10329 Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration ...
CVE-2019-10330 Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers witho...
CVE-2019-10331 A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Confi...
CVE-2019-10332 A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestC...
CVE-2019-10333 Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints...
CVE-2019-10334 Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally fo...
CVE-2019-10335 A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed...
CVE-2019-10336 A reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allo...
CVE-2019-10337 An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed a...
CVE-2019-10338 A cross-site request forgery vulnerability in Jenkins JX Resources Plugin 1.0.36 and earlier in Glob...
CVE-2019-10339 A missing permission check in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfigur...
CVE-2019-10340 A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.D...
CVE-2019-10341 A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#do...
CVE-2019-10342 A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdI...
CVE-2019-10343 Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expec...
CVE-2019-10344 Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP e...
CVE-2019-10345 Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret t...
CVE-2019-10346 A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and e...
CVE-2019-10347 Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can b...
CVE-2019-10348 Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master whe...
CVE-2019-10349 A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earli...
E
CVE-2019-10350 Jenkins Port Allocator Plugin stores credentials unencrypted in job config.xml files on the Jenkins ...
CVE-2019-10351 Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins mast...
CVE-2019-10352 A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/mai...
E
CVE-2019-10353 CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing a...
CVE-2019-10354 A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earl...
CVE-2019-10355 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the han...
CVE-2019-10356 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the han...
CVE-2019-10357 A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allo...
CVE-2019-10358 Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds...
CVE-2019-10359 A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the...
CVE-2019-10360 A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allow...
CVE-2019-10361 Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master...
CVE-2019-10362 Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable in...
CVE-2019-10363 Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values exp...
CVE-2019-10364 Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system...
CVE-2019-10365 Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temp...
CVE-2019-10366 Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml fil...
CVE-2019-10367 Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier di...
CVE-2019-10368 A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStorePr...
CVE-2019-10369 A missing permission check in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.Descriptor...
CVE-2019-10370 Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain te...
CVE-2019-10371 A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSe...
CVE-2019-10372 An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecu...
CVE-2019-10373 A stored cross-site scripting vulnerability in Jenkins Build Pipeline Plugin 1.5.8 and earlier allow...
CVE-2019-10374 A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allo...
CVE-2019-10375 An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attack...
CVE-2019-10376 A reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier all...
CVE-2019-10377 A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Re...
CVE-2019-10378 Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration ...
CVE-2019-10379 Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in...
CVE-2019-10380 Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom S...
CVE-2019-10381 Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification glob...
CVE-2019-10382 Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verificatio...
CVE-2019-10383 A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier al...
S
CVE-2019-10384 Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an as...
S
CVE-2019-10385 Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on th...
CVE-2019-10386 A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTest...
CVE-2019-10387 A missing permission check in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescr...
CVE-2019-10388 A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin ...
CVE-2019-10389 A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier...
CVE-2019-10390 A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Ove...
CVE-2019-10391 Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords ...
CVE-2019-10392 Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as ...
CVE-2019-10393 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the han...
CVE-2019-10394 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the han...
CVE-2019-10395 Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, result...
CVE-2019-10396 Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cro...
CVE-2019-10397 Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords i...
CVE-2019-10398 Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configura...
CVE-2019-10399 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the han...
CVE-2019-10400 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the han...
CVE-2019-10401 In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpre...
CVE-2019-10402 In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its i...
CVE-2019-10403 Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip fo...
CVE-2019-10404 Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is bl...
CVE-2019-10405 Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request he...
CVE-2019-10406 Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins ...
CVE-2019-10407 Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passe...
CVE-2019-10408 A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier a...
CVE-2019-10409 A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers...
CVE-2019-10410 Jenkins Log Parser Plugin 2.0 and earlier did not escape an error message, resulting in a cross-site...
CVE-2019-10411 Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text ...
CVE-2019-10412 Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part...
CVE-2019-10413 Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml ...
CVE-2019-10414 Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files...
CVE-2019-10415 Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its g...
CVE-2019-10416 Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job c...
CVE-2019-10417 Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script sec...
CVE-2019-10418 Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script sec...
CVE-2019-10419 Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configurati...
CVE-2019-10420 Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenki...
CVE-2019-10421 Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml file...
CVE-2019-10422 Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins...
CVE-2019-10423 Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenki...
CVE-2019-10424 Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenki...
CVE-2019-10425 Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins...
CVE-2019-10426 Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the ...
CVE-2019-10427 Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text ...
CVE-2019-10428 Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain ...
CVE-2019-10429 Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Je...
CVE-2019-10430 Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its...
CVE-2019-10431 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the han...
CVE-2019-10432 Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the project and build display names in...
CVE-2019-10433 Jenkins Dingding[钉钉] Plugin stores credentials unencrypted in job config.xml files on the Jenkins ma...
CVE-2019-10434 Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenki...
CVE-2019-10435 Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job config...
CVE-2019-10436 An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allo...
CVE-2019-10437 A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and ...
CVE-2019-10438 A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed ...
CVE-2019-10439 A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in vario...
CVE-2019-10440 Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration ...
CVE-2019-10441 A cross-site request forgery vulnerability in Jenkins iceScrum Plugin 1.1.5 and earlier allowed atta...
CVE-2019-10442 A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers with Overa...
CVE-2019-10443 Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on ...
CVE-2019-10444 Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname veri...
CVE-2019-10445 A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed atta...
CVE-2019-10446 Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globall...
CVE-2019-10447 Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master ...
CVE-2019-10448 Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenki...
CVE-2019-10449 Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenki...
CVE-2019-10450 Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration f...
CVE-2019-10451 Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on t...
CVE-2019-10452 Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the J...
CVE-2019-10453 Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkin...
CVE-2019-10454 A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to ...
CVE-2019-10455 A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission t...
CVE-2019-10456 A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Pl...
CVE-2019-10457 A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows atta...
CVE-2019-10458 Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Se...
CVE-2019-10459 Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret tok...
CVE-2019-10460 Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.x...
CVE-2019-10461 Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in ...
CVE-2019-10462 A cross-site request forgery vulnerability in Jenkins Dynatrace Application Monitoring Plugin 2.1.3 ...
CVE-2019-10463 A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with ...
CVE-2019-10464 A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to con...
CVE-2019-10465 A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read perm...
CVE-2019-10466 An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Ov...
CVE-2019-10467 Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins ma...
CVE-2019-10468 A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin all...
CVE-2019-10469 A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers wi...
CVE-2019-10470 A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related met...
CVE-2019-10471 A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to conn...
CVE-2019-10472 A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permi...
CVE-2019-10473 A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users wi...
CVE-2019-10474 A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read a...
CVE-2019-10475 A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to i...
CVE-2019-10476 Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration fi...
CVE-2019-10477 The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXM...
S
CVE-2019-10478 An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. An unrestricted fil...
E
CVE-2019-10479 An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded userna...
E
CVE-2019-10480 Out of bound write can happen in WMI firmware event handler due to lack of validation of data receiv...
S
CVE-2019-10481 Out of bound access occurs while handling the WMI FW event due to lack of check of buffer argument w...
S
CVE-2019-10482 Due to the use of non-time-constant comparison functions there is issue in timing side channels whic...
CVE-2019-10483 Side channel issue in QTEE due to usage of non-time-constant comparison function such as memcmp or s...
CVE-2019-10484 Use after free issue occurs when command destructors access dynamically allocated response buffer wh...
CVE-2019-10485 Infinite loop while decoding compressed data can lead to overrun condition in Snapdragon Auto, Snapd...
CVE-2019-10486 Race condition due to the lack of resource lock which will be concurrently modified in the memcpy st...
S
CVE-2019-10487 Buffer over read can happen while parsing SMS OTA messages at transport layer if network sends un-in...
CVE-2019-10488 Null pointer dereference can occur while parsing invalid chunks while playing the nonstandard clip i...
CVE-2019-10489 Possible null-pointer dereference can occur while parsing avi clip during copy in Snapdragon Auto, S...
CVE-2019-10490 Use after free issue in Xtra daemon shutdown due to static object instance getting freed from a mult...
CVE-2019-10491 ADSP can be compromised since it`s a general-purpose CPU processing untrusted data in Snapdragon Aut...
S
CVE-2019-10492 Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables i...
S
CVE-2019-10493 Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Aut...
CVE-2019-10494 Race condition between the camera functions due to lack of resource lock which will lead to memory c...
S
CVE-2019-10495 Arbitrary buffer write issue while processing sequence header during HEVC or AVC encoding. in Snapdr...
CVE-2019-10496 Lack of checking a variable received from driver and populating in Firmware data structure leads to ...
CVE-2019-10497 Use after free issue occurs If another instance of open for voice_svc node has been called from appl...
S
CVE-2019-10498 Buffer overflow scenario if the client sends more than 5 io_vec requests to the server in Snapdragon...
CVE-2019-10499 Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo...
S
CVE-2019-10500 While processing MT Secondary PDP request, Buffer overflow will happen due to incorrect calculation ...
CVE-2019-10501 Possible use after free issue due to improper input validation in volume listener library in Snapdra...
S
CVE-2019-10502 Possible stack overflow when an index equal to io buffer size is accessed in camera module in Snapdr...
S
CVE-2019-10503 Out-of-bounds access can occur in camera driver due to improper validation of array index in Snapdra...
S
CVE-2019-10504 Firmware not able to send EXT scan response to host within 1 sec due to resource consumption issue i...
CVE-2019-10505 Out of bound access while processing a non-standard IE measurement request with length crossing past...
S
CVE-2019-10506 While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor command, driver does not validate ...
S
CVE-2019-10507 Lack of check of extscan change results received from firmware can lead to an out of buffer read in ...
S
CVE-2019-10508 Lack of input validation for data received from user space can lead to OOB access in WLAN in Snapdra...
S
CVE-2019-10509 Device record of the pairing device used after free during ACL disconnection in Snapdragon Auto, Sna...
S
CVE-2019-10510 BT process died and BT toggled due to null pointer dereference when invalid vendor pass through comm...
S
CVE-2019-10511 Possibility of memory overflow while decoding GSNDCP compressed mode PDU in Snapdragon Auto, Snapdra...
CVE-2019-10512 Payload size is not checked before using it as array index in audio in Snapdragon Auto, Snapdragon C...
S
CVE-2019-10513 Possibility of Null pointer access if the SPDM commands are executed in the non-standard way in Trus...
CVE-2019-10515 DCI client which might be preemptively freed up might be accessed for transferring packets leading t...
S
CVE-2019-10516 Multiple read overflows in MM while decoding service accept,service reject,attach reject and MT deta...
CVE-2019-10517 Memory is being freed up twice when two concurrent threads are executing in parallel in Snapdragon A...
CVE-2019-10518 Use after free of a pointer in iWLAN scenario during netmgr state transition to CONNECT in Snapdrago...
CVE-2019-10520 An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and ...
S
CVE-2019-10522 While playing the clip which is nonstandard buffer overflow can occur while parsing in Snapdragon Au...
CVE-2019-10523 Target specific data is being sent to remote server and leads to information exposure in Snapdragon ...
CVE-2019-10524 Lack of check for a negative value returned for get_clk is wrongly interpreted as valid pointer and ...
S
CVE-2019-10525 Buffer overflow during SIB read when network configures complete sib list along with first and last ...
CVE-2019-10526 Out of bound write in WLAN driver due to NULL character not properly placed after SSID name in Snapd...
S
CVE-2019-10527 u'SMEM partition can be manipulated in case of any compromise on HLOS, thus resulting in access to m...
CVE-2019-10528 Use after free issue in kernel while accessing freed mdlog session info and its attributes after clo...
S
CVE-2019-10529 Possible use after free issue due to race condition while attempting to mark the entry pages as dirt...
S
CVE-2019-10530 Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdra...
S
CVE-2019-10531 Incorrect reading of system image resulting in buffer overflow when size of system image is increase...
S
CVE-2019-10532 Null-pointer dereference issue can occur while calculating string length when source string length i...
CVE-2019-10533 Out of bound access due to improper validation of array index cause the index table entry to get cor...
CVE-2019-10534 Null-pointer dereference can occur while accessing the super index entry when it is not been allocat...
CVE-2019-10535 Improper validation for loop variable received from firmware can lead to out of bound access in WLAN...
S
CVE-2019-10536 Potential double free scenario if driver receives another DIAG_EVENT_LOG_SUPPORTED event from firmwa...
S
CVE-2019-10537 Improper validation of event buffer extracted from FW response can lead to integer overflow, which w...
S
CVE-2019-10538 Lack of check of address range received from firmware response allows modem to respond arbitrary pag...
S
CVE-2019-10539 Possible buffer overflow issue due to lack of length check when parsing the extended cap IE header l...
CVE-2019-10540 Buffer overflow in WLAN NAN function due to lack of check of count value received in NAN availabilit...
CVE-2019-10541 Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific d...
CVE-2019-10542 Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in heade...
S
CVE-2019-10544 Improper length check on source buffer to handle userspace data received can lead to out-of-bound ac...
S
CVE-2019-10545 Null pointer dereference issue in kernel due to missing check related to LLC support in GPU in Snapd...
S
CVE-2019-10546 Buffer overflow can occur in WLAN firmware while parsing beacon/probe_response frames during roaming...
CVE-2019-10547 When issuing IOCTL calls to ION, Memory leak can occur due to failure in unassign pages under certai...
S
CVE-2019-10548 While trying to obtain datad ipc handle during DPL initialization, Heap use-after-free issue can occ...
CVE-2019-10549 Null pointer dereference issue can happen due to improper validation of CSEQ header response receive...
CVE-2019-10550 Buffer Over-read when UE is trying to process the message received form the network without zero ter...
CVE-2019-10551 String error while processing non standard SIP messages received can lead to buffer overread and the...
CVE-2019-10552 Multiple Buffer Over-read issue can happen due to improper length checks while decoding Service Reje...
CVE-2019-10553 Multiple Read overflows due to improper length checks while decoding authentication in Cs domain/RAU...
CVE-2019-10554 Multiple Read overflows issue due to improper length check while decoding Identity Request in CSdoma...
CVE-2019-10555 Buffer overflow can occur due to usage of wrong datatype and missing length check before copying int...
S
CVE-2019-10556 Missing length check before copying the data from kernel space to userspace through the copy functio...
S
CVE-2019-10557 Out-of-bound read in the wireless driver in the Linux kernel due to lack of check of buffer length. ...
S
CVE-2019-10558 While transferring data from APPS to DSP, Out of bound in FastRPC HLOS Driver due to the data buffer...
S
CVE-2019-10559 Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dere...
CVE-2019-10560 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-10561 Improper initialization of local variables which are parameters to sfs api may cause invalid pointer...
CVE-2019-10562 u'Improper authentication and signature verification of debug polices in secure boot loader will all...
CVE-2019-10563 Buffer over-read can occur in fast message handler due to improper input validation while processing...
S
CVE-2019-10564 Possible OOB issue in EEPROM due to lack of check while accessing memory map array at the time of re...
CVE-2019-10565 Double free issue can happen when sensor power settings is freed by some thread while another thread...
CVE-2019-10566 Buffer overflow can occur in wlan module if supported rates or extended rates element length is grea...
S
CVE-2019-10567 There is a way to deceive the GPU kernel driver into thinking there is room in the GPU ringbuffer an...
S
CVE-2019-10568 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-10569 Stack buffer overflow due to instance id is misplaced inside definition of hardware accelerated effe...
S
CVE-2019-10571 Snapshot of IB can lead to invalid address access due to missing check for size in the related funct...
S
CVE-2019-10572 Improper check in video driver while processing data from video firmware can lead to integer overflo...
S
CVE-2019-10573 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-10574 Lack of boundary checks for data offsets received from HLOS can lead to out-of-bound read in Snapdra...
E
CVE-2019-10575 Wlan binary which is not signed with OEMs RoT is working on secure device without authentication fai...
CVE-2019-10577 Improper input validation while processing SIP URI received from the network will lead to buffer ove...
CVE-2019-10578 Null pointer dereference can occur while parsing the clip which is nonstandard in Snapdragon Auto, S...
CVE-2019-10579 Buffer over-read can occur while playing the video clip which is not standard in Snapdragon Auto, Sn...
CVE-2019-10580 When kernel thread unregistered listener, Use after free issue happened as the listener client`s pri...
S
CVE-2019-10581 NULL is assigned to local instance of audio device pointer after free instead of global static point...
S
CVE-2019-10582 Use after free issue due to using of invalidated iterator to delete an object in sensors HAL in Snap...
CVE-2019-10583 Use after free issue occurs when camera access sensors data through direct report mode in Snapdragon...
CVE-2019-10584 Possibility of out of bound access in debug queue, if packet size field is corrupted in Snapdragon A...
S
CVE-2019-10585 Possible integer overflow happens when mmap find function will increment refcount every time when it...
S
CVE-2019-10586 Filling media attribute tag names without validating the destination buffer size which can result in...
CVE-2019-10587 Possible Stack overflow can occur when processing a large SDP body or non standard SDP body without ...
CVE-2019-10588 Copying RTCP messages into the output buffer without checking the destination buffer size which coul...
CVE-2019-10589 Lack of length check of response buffer can lead to buffer over-flow while GP command response buffe...
CVE-2019-10590 Out of bound access while parsing dts atom, which is non-standard as it does not have valid number o...
CVE-2019-10591 Null pointer dereference can happen when parsing udta atom which is non-standard and having invalid ...
CVE-2019-10592 Possible integer overflow while multiplying two integers of 32 bit in QDCM API of get display modes ...
CVE-2019-10593 Buffer overflow can occur when processing non standard SDP video Image attribute parameter in a VILT...
CVE-2019-10594 Stack overflow can occur when SDP is received with multiple payload types in the FMTP attribute of a...
CVE-2019-10595 Possible buffer overwrite in message handler due to lack of validation of tid value calculated from ...
S
CVE-2019-10596 u'Improper access control can lead signed process to guess pid of other processes and access their a...
CVE-2019-10597 kernel writes to user passed address without any checks can lead to arbitrary memory write in Snapdr...
CVE-2019-10598 Out of bound access can occur while processing peer info in IBSS connection mode due to lack of uppe...
S
CVE-2019-10599 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-10600 Use of local variable as argument to netlink CB callback goes out of it scope when callback triggere...
S
CVE-2019-10601 Out of bound access can occur while processing firmware event due to lack of validation of WMI messa...
S
CVE-2019-10602 Potential use-after-free heap error during Validate/Present calls on display HW composer in Snapdrag...
S
CVE-2019-10603 Use after free issue occurs If the real device interface goes down and a route lookup is performed w...
CVE-2019-10604 Possibility of heap-buffer-overflow during last iteration of loop while populating image version inf...
CVE-2019-10605 Buffer overwrite can occur in IEEE80211 header filling function due to lack of range check of array ...
S
CVE-2019-10606 Out-of-bound access will occur in USB driver due to lack of check to validate the frame size passed ...
S
CVE-2019-10607 Out of bounds memcpy can occur by providing the embedded NULL character string and length greater th...
S
CVE-2019-10608 Information disclosure issue occurs as there is no binding between the secure keypad session and the...
CVE-2019-10609 Out of bound write can happen due to lack of check of array index value while calculating it. in Sna...
CVE-2019-10610 Possible buffer over read when trying to process SDP message Video media line with frame-size attrib...
CVE-2019-10611 Buffer overflow can occur while processing clip due to lack of check of object size before parsing i...
CVE-2019-10612 UTCB object has a function pointer called by the reaper to deallocate its memory resources and this ...
CVE-2019-10613 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-10614 Out of boundary access is possible as there is no validation of data accessed against the received s...
S
CVE-2019-10615 u'Possibility of integer overflow in keymaster 4 while allocating memory due to multiplication of la...
CVE-2019-10616 Possibility of null pointer access if the SPDM commands are executed in the non-standard way in TZ. ...
CVE-2019-10617 Low privilege users can access service configuration which contains registry data that admins uses t...
CVE-2019-10618 Driver may access an invalid address while processing IO control due to lack of check of address val...
CVE-2019-10619 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-10620 Kernel memory error in debug module due to improper check of user data length before copying into me...
S
CVE-2019-10621 Use after free issue when MAP and UNMAP calls at same time as data structure used my MAP may be free...
S
CVE-2019-10622 Out of bound memory access can happen while parsing ADSP message due to lack of check of size of pay...
S
CVE-2019-10623 Possible integer overflow can happen in host driver while processing user controlled string due to i...
S
CVE-2019-10624 While handling the vendor command there is an integer truncation issue that could yield a buffer ove...
S
CVE-2019-10625 Out of bound access in diag services when DCI command buffer reallocation is not done properly with ...
S
CVE-2019-10626 Payload size is not validated before reading memory that may cause issue of accessing invalid pointe...
CVE-2019-10627 Integer overflow to buffer overflow vulnerability in PostScript image handling code used by the Post...
CVE-2019-10628 u'Memory can be potentially corrupted if random index is allowed to manipulate TLB entries in Kernel...
CVE-2019-10629 u'User Process can potentially corrupt kernel virtual page by passing a crafted page in API' in Snap...
CVE-2019-10630 A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged u...
E
CVE-2019-10631 Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allow...
E
CVE-2019-10632 A directory traversal vulnerability in the file browser component on the Zyxel NAS 326 version 5.21 ...
E
CVE-2019-10633 An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 a...
E
CVE-2019-10634 An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attac...
E
CVE-2019-10636 Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS1092, 88SS1095, 88SS9174, 88SS91...
CVE-2019-10637 Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS1092, 88SS1095, 88SS9174, 88SS91...
CVE-2019-10638 In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the ...
S
CVE-2019-10639 The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial k...
S
CVE-2019-10640 An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11....
E
CVE-2019-10641 Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Pas...
CVE-2019-10642 Contao 4.7 allows CSRF....
CVE-2019-10643 Contao 4.7 allows Use of a Key Past its Expiration Date....
CVE-2019-10644 An issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vulnerability that can add an adm...
E
CVE-2019-10646 Wolf CMS v0.8.3.1 is affected by cross site scripting (XSS) in the module Add Snippet (/?/admin/snip...
E
CVE-2019-10647 ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plu...
E
CVE-2019-10648 Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as dem...
S
CVE-2019-10649 In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c...
E S
CVE-2019-10650 In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage o...
E S
CVE-2019-10651 An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 20...
S
CVE-2019-10652 An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to...
E
CVE-2019-10653 An issue was discovered in Hsycms V1.1. There is a SQL injection vulnerability via a /news/*.html pa...
E
CVE-2019-10654 The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in Long Range Zip (aka lrzip) 0.6...
E
CVE-2019-10655 Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and...
E
CVE-2019-10656 Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary co...
CVE-2019-10657 Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated u...
CVE-2019-10658 Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary co...
CVE-2019-10659 Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated user...
CVE-2019-10660 Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitra...
CVE-2019-10661 On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password....
CVE-2019-10662 Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary c...
CVE-2019-10663 Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injecti...
CVE-2019-10664 Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage ...
E S
CVE-2019-10665 An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html...
E
CVE-2019-10666 An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script incl...
E
CVE-2019-10667 An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can ...
E
CVE-2019-10668 An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libr...
E
CVE-2019-10669 An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html...
E
CVE-2019-10670 An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqli_es...
E
CVE-2019-10671 An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input w...
E
CVE-2019-10672 treeRead in hdf/btree.c in libmysofa before 0.7 does not properly validate multiplications and addit...
S
CVE-2019-10673 A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2....
E
CVE-2019-10675 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2019-10676 An issue was discovered in Uniqkey Password Manager 1.14. Upon entering new credentials to a site th...
CVE-2019-10677 Multiple Cross-Site Scripting (XSS) issues in the web interface on DASAN Zhone ZNID GPON 2426A EU ve...
E
CVE-2019-10678 Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options....
E S
CVE-2019-10679 Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because...
E
CVE-2019-10682 django-nopassword before 5.0.0 stores cleartext secrets in the database....
S
CVE-2019-10684 Application/Admin/Controller/ConfigController.class.php in 74cms v5.0.1 allows remote attackers to e...
E
CVE-2019-10685 A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Heidelberg Prinect Archiver v...
E
CVE-2019-10686 An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may ...
CVE-2019-10687 KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, t...
E
CVE-2019-10688 VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethe...
CVE-2019-10689 VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connect...
CVE-2019-10691 The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication s...
CVE-2019-10692 In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST A...
E S
CVE-2019-10694 The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL a...
CVE-2019-10695 When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation...
CVE-2019-10705 Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access contro...
CVE-2019-10706 Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authenticat...
CVE-2019-10707 MKCMS V5.0 has SQL injection via the bplay.php play parameter....
E
CVE-2019-10708 S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter....
E
CVE-2019-10709 AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with ...
E
CVE-2019-10710 Insecure permissions in the Web management portal on all IP cameras based on Hisilicon Hi3510 firmwa...
M
CVE-2019-10711 Incorrect access control in the RTSP stream and web portal on all IP cameras based on Hisilicon Hi35...
CVE-2019-10712 The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 7...
CVE-2019-10714 LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, l...
E S
CVE-2019-10715 There is Stored XSS in Verodin Director 3.5.3.0 and earlier via input fields of certain tooltips, an...
CVE-2019-10716 An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwo...
E
CVE-2019-10717 BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter....
E S
CVE-2019-10718 BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.a...
E S
CVE-2019-10719 BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file...
E S
CVE-2019-10720 BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the them...
E S
CVE-2019-10721 BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to Blo...
E S
CVE-2019-10723 An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp ha...
E
CVE-2019-10724 There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can ...
CVE-2019-10732 In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub...
E
CVE-2019-10734 In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub...
E
CVE-2019-10735 In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as s...
E
CVE-2019-10740 In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can ...
E
CVE-2019-10741 K-9 Mail v5.600 can include the original quoted HTML code of a specially crafted, benign looking, em...
CVE-2019-10742 Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) b...
E S
CVE-2019-10743 All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. ...
E
CVE-2019-10744 Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDe...
E S
CVE-2019-10745 assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The fun...
E S
CVE-2019-10746 mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The func...
E S
CVE-2019-10747 set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep...
E
CVE-2019-10748 Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JS...
E
CVE-2019-10749 sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path key...
E S
CVE-2019-10750 deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could...
E
CVE-2019-10751 All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allow...
E
CVE-2019-10752 Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to se...
E S
CVE-2019-10753 In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for ecli...
CVE-2019-10754 Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 R...
E S
CVE-2019-10755 The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lan...
S
CVE-2019-10756 It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due t...
E
CVE-2019-10757 knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incor...
E
CVE-2019-10758 mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBS...
KEV E
CVE-2019-10759 safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor prop...
E S
CVE-2019-10760 safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor prop...
S
CVE-2019-10761 Sandbox Bypass
E S
CVE-2019-10762 columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper...
S
CVE-2019-10763 pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges (cl...
CVE-2019-10764 In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practi...
E
CVE-2019-10765 iobroker.admin before 3.6.12 allows attacker to include file contents from outside the `/log/file1/`...
E S
CVE-2019-10766 Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit() functio...
E S
CVE-2019-10767 An attacker can include file contents from outside the `/adapter/xxx/` directory, where `xxx` is the...
E S
CVE-2019-10768 In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying propertie...
E S
CVE-2019-10769 safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affe...
E
CVE-2019-10770 All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cro...
E
CVE-2019-10771 Characters in the GET url path are not properly escaped and can be reflected in the server response....
CVE-2019-10772 It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due t...
E
CVE-2019-10773 In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlink...
E S
CVE-2019-10774 php-shellcommand versions before 1.6.1 have a command injection vulnerability. Successful exploitati...
E S
CVE-2019-10775 ecstatic have a denial of service vulnerability. Successful exploitation could lead to crash of an a...
CVE-2019-10776 In "index.js" file line 240, the run command executes the git command with a user controlled variabl...
E S
CVE-2019-10777 In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the arg...
CVE-2019-10778 devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command ...
S
CVE-2019-10779 All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 a...
E
CVE-2019-10780 BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed d...
E S
CVE-2019-10781 In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()...
S
CVE-2019-10782 All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (X...
E
CVE-2019-10783 All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported ...
E
CVE-2019-10784 phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the reque...
E
CVE-2019-10785 dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1...
E
CVE-2019-10786 network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSyn...
E
CVE-2019-10787 im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argumen...
E S
CVE-2019-10788 im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argum...
E S
CVE-2019-10789 All versions of curling.js are vulnerable to Command Injection via the run function. The command arg...
E
CVE-2019-10790 taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge ...
E
CVE-2019-10791 promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file,...
E S
CVE-2019-10792 bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked int...
E S
CVE-2019-10793 dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into...
E S
CVE-2019-10794 All versions of component-flatten are vulnerable to Prototype Pollution. The a function could be tri...
S
CVE-2019-10795 undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into ...
E S
CVE-2019-10796 rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO w...
E
CVE-2019-10797 Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Head...
S
CVE-2019-10798 rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects resutling in Prototype Pollutio...
E
CVE-2019-10799 compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExit...
E S
CVE-2019-10800 Command Injection
E S
CVE-2019-10801 enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided ...
E
CVE-2019-10802 giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of f...
CVE-2019-10803 push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the var...
E
CVE-2019-10804 serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in seri...
E
CVE-2019-10805 valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can ...
E
CVE-2019-10806 vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method wit...
E S
CVE-2019-10807 Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbi...
E S
CVE-2019-10808 utilitify prior to 1.0.3 allows modification of object properties. The merge method could be tricked...
E S
CVE-2019-10842 Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when download...
E
CVE-2019-10843 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2019-10844 nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) through v1.0.14 relies ...
S
CVE-2019-10845 An issue was discovered in Uniqkey Password Manager 1.14. When entering new credentials to a site th...
CVE-2019-10846 Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the ...
CVE-2019-10847 Computrols CBAS 18.0.0 allows Cross-Site Request Forgery....
CVE-2019-10848 Computrols CBAS 18.0.0 allows Username Enumeration....
CVE-2019-10849 Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure....
CVE-2019-10850 Computrols CBAS 18.0.0 has Default Credentials....
CVE-2019-10851 Computrols CBAS 18.0.0 has hard-coded encryption keys....
CVE-2019-10852 Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonst...
CVE-2019-10853 Computrols CBAS 18.0.0 allows Authentication Bypass....
CVE-2019-10854 Computrols CBAS 18.0.0 allows Authenticated Command Injection....
CVE-2019-10855 Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if th...
CVE-2019-10856 In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists ...
E S
CVE-2019-10863 A command injection vulnerability exists in TeemIp versions before 2.4.0. The new_config parameter o...
E S
CVE-2019-10864 The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject ...
S
CVE-2019-10866 In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the ...
E
CVE-2019-10867 An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST...
E S
CVE-2019-10868 In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, ...
S
CVE-2019-10869 Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordP...
E
CVE-2019-10871 An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PS...
E
CVE-2019-10872 An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Sp...
E
CVE-2019-10873 An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function Splas...
E
CVE-2019-10874 Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows re...
E S
CVE-2019-10875 A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (...
E
CVE-2019-10876 An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before...
CVE-2019-10877 In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in engine/shared/map.cpp that can l...
S
CVE-2019-10878 In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData() and CDataFileReader...
S
CVE-2019-10879 In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::Open() in engine/shared/datafil...
E
CVE-2019-10880 Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, ...
S
CVE-2019-10881 Default hidden Privileged Account Vulnerability in multiple XEROX devices
S
CVE-2019-10882 Netskope client buffer overflow vulnerability
S
CVE-2019-10883 Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Com...
E
CVE-2019-10884 Uniqkey Password Manager 1.14 contains a vulnerability because it fails to recognize the difference ...
CVE-2019-10885 An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with...
CVE-2019-10886 An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before...
E
CVE-2019-10887 A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) devices running firmware version...
E
CVE-2019-10888 A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add...
E
CVE-2019-10891 An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnap_mai...
E
CVE-2019-10892 An issue was discovered in D-Link DIR-806 devices. There is a stack-based buffer overflow in functio...
E
CVE-2019-10893 CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (P...
E
CVE-2019-10894 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was...
E S
CVE-2019-10895 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This...
E S
CVE-2019-10896 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was add...
E S
CVE-2019-10897 In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in ...
E S
CVE-2019-10898 In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/di...
E S
CVE-2019-10899 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was ...
E S
CVE-2019-10900 In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dis...
E S
CVE-2019-10901 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was ad...
E S
CVE-2019-10902 In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-ts...
E S
CVE-2019-10903 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. T...
E S
CVE-2019-10904 Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mis...
E
CVE-2019-10905 Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to...
E
CVE-2019-10906 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape....
CVE-2019-10907 Airsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of airson...
S
CVE-2019-10908 In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStr...
S
CVE-2019-10909 In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x befor...
S
CVE-2019-10910 In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x befor...
E S
CVE-2019-10911 In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x befor...
S
CVE-2019-10912 In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possib...
S
CVE-2019-10913 In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x befor...
S
CVE-2019-10914 pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a s...
S
CVE-2019-10915 A vulnerability has been identified in TIA Administrator (All versions < V1.0 SP1 Upd1). The integra...
S
CVE-2019-10916 A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 ...
CVE-2019-10917 A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 ...
CVE-2019-10918 A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 ...
CVE-2019-10919 A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Att...
E
CVE-2019-10920 A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Pro...
CVE-2019-10921 A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Une...
E
CVE-2019-10922 A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 ...
M
CVE-2019-10923 An attacker with network access to an affected product may cause a denial of service condition by br...
CVE-2019-10924 A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.3). The vulnerability c...
CVE-2019-10925 A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). An authenticate...
M
CVE-2019-10926 A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). Communication w...
M
CVE-2019-10927 A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-2...
S
CVE-2019-10928 A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access...
CVE-2019-10929 A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Control...
CVE-2019-10930 A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and...
CVE-2019-10931 A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and...
CVE-2019-10933 A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <= ...
CVE-2019-10934 A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions <...
CVE-2019-10935 A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 ...
S
CVE-2019-10936 Affected devices improperly handle large amounts of specially crafted UDP packets. This could all...
CVE-2019-10937 A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with ...
S
CVE-2019-10938 A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7...
S
CVE-2019-10939 A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8), ...
CVE-2019-10940 A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect ...
CVE-2019-10941 A vulnerability has been identified in SINEMA Server (All versions < V14 SP3). Missing authenticatio...
S
CVE-2019-10942 A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All...
CVE-2019-10943 A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 20...
CVE-2019-10945 An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanit...
E
CVE-2019-10946 An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_use...
CVE-2019-10947 Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-...
S
CVE-2019-10948 Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-...
CVE-2019-10949 Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple out-of...
S
CVE-2019-10950 Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-...
CVE-2019-10951 Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple heap-b...
S
CVE-2019-10952 Rockwell Automation CompactLogix 5370 Uncontrolled Resource Consumption
S
CVE-2019-10953 ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple v...
M
CVE-2019-10954 Rockwell Automation CompactLogix 5370 Stack-based Buffer Overflow
S
CVE-2019-10955 In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earl...
CVE-2019-10956 Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1...
CVE-2019-10957 Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1...
CVE-2019-10958 Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1...
CVE-2019-10959 BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build...
M
CVE-2019-10960 Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access...
M
CVE-2019-10961 In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR fil...
S
CVE-2019-10962 BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browse...
M
CVE-2019-10963 Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve ...
E
CVE-2019-10964 Medtronic MiniMed 508 and Paradigm Series Insulin Pumps Improper Access Control
M
CVE-2019-10965 In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability i...
CVE-2019-10966 In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are co...
M
CVE-2019-10967 In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability ...
CVE-2019-10968 Philips Holter 2010 Plus, all versions. A vulnerability has been identified that may allow system op...
CVE-2019-10969 Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature...
CVE-2019-10970 In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have nev...
M
CVE-2019-10971 The application (Network Configurator for DeviceNet Safety 3.41 and prior) searches for resources by...
M
CVE-2019-10972 Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability can be triggered w...
CVE-2019-10973 Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to th...
S
CVE-2019-10974 NREL EnergyPlus, Versions 8.6.0 and possibly prior versions, The application fails to prevent an exc...
CVE-2019-10975 An out-of-bounds read vulnerability has been identified in Fuji Electric Alpha7 PC Loader Versions 1...
S
CVE-2019-10976 Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when ...
CVE-2019-10977 In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an...
CVE-2019-10978 Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow mul...
CVE-2019-10979 SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded c...
CVE-2019-10980 A type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially cra...
CVE-2019-10981 In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified th...
S
CVE-2019-10982 Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple heap-based buffer overf...
S
CVE-2019-10983 In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack...
CVE-2019-10984 Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow mul...
CVE-2019-10985 In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of ...
CVE-2019-10987 In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused...
CVE-2019-10988 In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems s...
M
CVE-2019-10989 In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are...
CVE-2019-10990 Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a ha...
M
CVE-2019-10991 In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities a...
CVE-2019-10992 Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple out-of-bounds read vuln...
S
CVE-2019-10993 In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities ...
CVE-2019-10994 Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds re...
CVE-2019-10995 ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts th...
CVE-2019-10996 Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow mul...
CVE-2019-10997 An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 ...
M
CVE-2019-10998 An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 ...
M
CVE-2019-10999 The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera...
E
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.