CVE-2019-11xxx

There are 866 CVE in this subgroup.
Last updated: 
← Back to 2019
ID Summary Flags Max Score
CVE-2019-11000 An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9....
CVE-2019-11001 On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticate...
KEV E
CVE-2019-11002 In Materialize through 1.0.0, XSS is possible via the Tooltip feature....
E
CVE-2019-11003 In Materialize through 1.0.0, XSS is possible via the Autocomplete feature....
E
CVE-2019-11004 In Materialize through 1.0.0, XSS is possible via the Toast feature....
E
CVE-2019-11005 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function S...
E
CVE-2019-11006 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function R...
E
CVE-2019-11007 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGIma...
CVE-2019-11008 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function Wr...
E
CVE-2019-11009 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function R...
E
CVE-2019-11010 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of c...
S
CVE-2019-11011 Akamai CloudTest before 58.30 allows remote code execution....
CVE-2019-11013 Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful expl...
E
CVE-2019-11014 The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application...
E
CVE-2019-11015 A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacke...
E
CVE-2019-11016 Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect....
CVE-2019-11017 On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in th...
E
CVE-2019-11018 application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an admini...
E
CVE-2019-11019 Lack of authentication in case-exporting components in DDRT Dashcom Live through 2019-05-08 allows a...
CVE-2019-11020 Lack of authentication in file-viewing components in DDRT Dashcom Live 2019-05-09 allows anyone to r...
CVE-2019-11021 admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading ...
CVE-2019-11023 The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL point...
E
CVE-2019-11024 The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion....
E
CVE-2019-11025 In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the ...
E
CVE-2019-11026 FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a cal...
E
CVE-2019-11027 Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by...
CVE-2019-11028 GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing authenticated attackers to upl...
CVE-2019-11029 Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download() method of AutoUpdateServic...
CVE-2019-11030 Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCry...
CVE-2019-11031 Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateServ...
CVE-2019-11032 In EasyToRecruit (E2R) before 2.11, the upload feature and the Candidate Profile Management feature ...
CVE-2019-11033 Applaud HCM 4.0.42+ uses HTML tag fields for HTML inputs in a form. This leads to an XSS vulnerabili...
CVE-2019-11034 Heap over-read in PHP EXIF extension
S
CVE-2019-11035 Heap over-read in PHP EXIF extension
E S
CVE-2019-11036 Heap over-read in PHP EXIF extension
CVE-2019-11037 Out of bounds memory write in PHP Imagick extension
CVE-2019-11038 Uninitialized read in gdImageCreateFromXbm
E
CVE-2019-11039 Out-of-bounds read in iconv.c
E S
CVE-2019-11040 Heap buffer overflow in EXIF extension
E
CVE-2019-11041 heap-buffer-overflow on exif_scan_thumbnail in EXIF extension
E S
CVE-2019-11042 heap-buffer-overflow on exif_process_user_comment in EXIF extension
E S
CVE-2019-11043 Underflow in PHP-FPM can lead to RCE
KEV E S
CVE-2019-11044 link() silently truncates after a null byte on Windows
E S
CVE-2019-11045 DirectoryIterator class silently truncates after a null byte
E S
CVE-2019-11046 Buffer underflow in bc_shift_addsub
S
CVE-2019-11047 Heap-buffer-overflow READ in exif
E S
CVE-2019-11048 Temporary files are not cleaned after OOM when parsing HTTP request data
E M
CVE-2019-11049 mail() may release string with refcount==1 twice
S
CVE-2019-11050 Use-after-free in exif parsing under memory sanitizer
E S
CVE-2019-11057 SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute...
E
CVE-2019-11059 Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer o...
S
CVE-2019-11060 HG100 contains an Uncontrolled Resource Consumption vulnerability
CVE-2019-11061 HG100 has a broken access control vulnerability in its Web API Server
E
CVE-2019-11062 SUNNET WMPro v5.0 and v5.1 has OS Command Injection
E
CVE-2019-11063 SmartHome application has a broken access control vulnerability in its Web API Server
E
CVE-2019-11064 A vulnerability of remote credential disclosure was discovered in Advan VD-1
E
CVE-2019-11065 Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-i...
S
CVE-2019-11066 openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using...
CVE-2019-11068 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and ...
S
CVE-2019-11069 Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used....
S
CVE-2019-11070 WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy sett...
S
CVE-2019-11071 SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code ...
S
CVE-2019-11072 lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a ...
E S
CVE-2019-11073 A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows...
E
CVE-2019-11074 A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below...
E
CVE-2019-11076 Cribl UI 1.5.0 allows remote attackers to run arbitrary commands via an unauthenticated web request....
E
CVE-2019-11077 FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/a...
E
CVE-2019-11078 MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI....
E
CVE-2019-11080 Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserial...
E
CVE-2019-11081 A default username and password in Dentsply Sirona Sidexis 4.3.1 and earlier allows an attacker to g...
M
CVE-2019-11082 core/api/datasets/internal/actions/Explode.java in the Dataset API in DKPro Core through 1.10.0 allo...
S
CVE-2019-11084 GAuth 0.9.9 beta has stored XSS that shows a popup repeatedly and discloses cookies....
CVE-2019-11085 Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before versi...
S
CVE-2019-11086 Insufficient input validation in subsystem for Intel(R) AMT before version 12.0.45 may allow an unau...
CVE-2019-11087 Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, ...
CVE-2019-11088 Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22....
CVE-2019-11089 Insufficient input validation in Kernel Mode module for Intel(R) Graphics Driver before version 25.2...
CVE-2019-11090 Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70,...
CVE-2019-11091 Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocess...
CVE-2019-11092 Insufficient password protection in the attestation database for Open CIT may allow an authenticated...
CVE-2019-11093 Unquoted service path in the installer for the Intel(R) SCS Discovery Utility version 12.0.0.129 and...
S
CVE-2019-11094 Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated us...
CVE-2019-11095 Insufficient access control in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may ...
CVE-2019-11096 Insufficient memory protection for Intel(R) Ethernet I218 Adapter driver for Windows* 10 before vers...
S
CVE-2019-11097 Improper directory permissions in the installer for Intel(R) Management Engine Consumer Driver for W...
CVE-2019-11098 Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentia...
CVE-2019-11099 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-11100 Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 1...
CVE-2019-11101 Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, ...
CVE-2019-11102 Insufficient input validation in Intel(R) DAL software for Intel(R) CSME before versions 11.8.70, 11...
CVE-2019-11103 Insufficient input validation in firmware update software for Intel(R) CSME before versions 12.0.45,...
CVE-2019-11104 Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70...
CVE-2019-11105 Logic issue in subsystem for Intel(R) CSME before versions 12.0.45, 13.0.10 and 14.0.10 may allow a ...
CVE-2019-11106 Insufficient session validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45,...
CVE-2019-11107 Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an ...
CVE-2019-11108 Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.10 may...
CVE-2019-11109 Logic issue in the subsystem for Intel(R) SPS before versions SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00...
CVE-2019-11110 Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70...
CVE-2019-11111 Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 ...
CVE-2019-11112 Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 2...
CVE-2019-11113 Buffer overflow in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6618 (DC...
CVE-2019-11114 Insufficient input validation in Intel(R) Driver & Support Assistant version 19.3.12.3 and before ma...
CVE-2019-11115 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-11116 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-11117 Improper permissions in the installer for Intel(R) Omni-Path Fabric Manager GUI before version 10.9....
S
CVE-2019-11118 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-11119 Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may al...
S
CVE-2019-11120 Insufficient path checking in the installer for Intel(R) Active System Console before version 8.0 Bu...
CVE-2019-11121 Improper file permissions in the installer for the Intel(R) Media SDK for Windows before version 201...
S
CVE-2019-11122 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-11123 Insufficient session validation in system firmware for Intel(R) NUC Kit may allow a privileged user ...
S
CVE-2019-11124 Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to poten...
S
CVE-2019-11125 Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to...
S
CVE-2019-11126 Pointer corruption in system firmware for Intel(R) NUC Kit may allow a privileged user to potentiall...
S
CVE-2019-11127 Buffer overflow in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially e...
S
CVE-2019-11128 Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to...
S
CVE-2019-11129 Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to poten...
S
CVE-2019-11130 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-11131 Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may...
CVE-2019-11132 Cross site scripting in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12...
CVE-2019-11133 Improper access control in the Intel(R) Processor Diagnostic Tool before version 4.1.2.24 may allow ...
S
CVE-2019-11134 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-11135 TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authentic...
S
CVE-2019-11136 Insufficient access control in system firmware for Intel(R) Xeon(R) Scalable Processors, 2nd Generat...
CVE-2019-11137 Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) ...
CVE-2019-11138 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-11139 Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Pro...
CVE-2019-11140 Insufficient session validation in system firmware for Intel(R) NUC may allow a privileged user to p...
S
CVE-2019-11141 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-11142 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-11143 Improper permissions in the software installer for Intel(R) Authenticate before 3.8 may allow an aut...
S
CVE-2019-11144 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-11145 Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authen...
S
CVE-2019-11146 Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authen...
S
CVE-2019-11147 Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME bef...
CVE-2019-11148 Improper permissions in the installer for Intel(R) Remote Displays SDK before version 2.0.1 R2 may a...
S
CVE-2019-11149 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-11150 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-11151 Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user t...
CVE-2019-11152 Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user t...
CVE-2019-11153 Memory corruption issues in Intel(R) PROSet/Wireless WiFi Software extension DLL before version 21.4...
CVE-2019-11154 Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may al...
CVE-2019-11155 Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may al...
CVE-2019-11156 Logic errors in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticat...
CVE-2019-11157 Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged us...
CVE-2019-11158 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-11159 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-11160 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-11161 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-11162 Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvemen...
S
CVE-2019-11163 Insufficient access control in a hardware abstraction driver for Intel(R) Processor Identification U...
S
CVE-2019-11164 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-11165 Improper conditions check in the Linux kernel driver for the Intel(R) FPGA SDK for OpenCL(TM) Pro Ed...
S
CVE-2019-11166 Improper file permissions in the installer for Intel(R) Easy Streaming Wizard before version 2.1.073...
S
CVE-2019-11167 Improper file permission in software installer for Intel(R) Smart Connect Technology for Intel(R) NU...
CVE-2019-11168 Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an un...
CVE-2019-11169 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-11170 Authentication bypass in Intel(R) Baseboard Management Controller firmware may allow an unauthentica...
CVE-2019-11171 Heap corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated us...
CVE-2019-11172 Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated ...
CVE-2019-11173 Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an un...
CVE-2019-11174 Insufficient access control in Intel(R) Baseboard Management Controller firmware may allow an unauth...
CVE-2019-11175 Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unau...
CVE-2019-11176 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-11177 Unhandled exception in Intel(R) Baseboard Management Controller firmware may allow an unauthenticate...
CVE-2019-11178 Stack overflow in Intel(R) Baseboard Management Controller firmware may allow an authenticated user ...
CVE-2019-11179 Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an auth...
CVE-2019-11180 Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unau...
CVE-2019-11181 Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated ...
CVE-2019-11182 Memory corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated ...
CVE-2019-11183 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-11184 A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allo...
CVE-2019-11185 The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload v...
E
CVE-2019-11187 Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to ...
S
CVE-2019-11189 Authentication Bypass by Spoofing in org.onosproject.acl (access control) and org.onosproject.mobili...
CVE-2019-11190 The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) b...
E S
CVE-2019-11191 The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows loc...
E
CVE-2019-11193 The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USE...
E
CVE-2019-11196 An authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management...
E
CVE-2019-11198 Multiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote a...
CVE-2019-11199 Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allow...
E
CVE-2019-11200 Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a du...
E
CVE-2019-11201 Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites...
E
CVE-2019-11202 An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1...
CVE-2019-11203 TIBCO ActiveMatrix BPM Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities
S
CVE-2019-11204 TIBCO Spotfire Statistics Services Exposes Sensitive Files
S
CVE-2019-11205 TIBCO Spotfire Server Exposes Multiple Reflected Cross-Site Scripting Vulnerabilities
S
CVE-2019-11206 TIBCO Spotfire Server Vulnerabilities With Integrity of Comments and Bookmarks
S
CVE-2019-11207 TIBCO LogLogic Log Management Intelligence Multiple Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) Vulnerabilities
S
CVE-2019-11208 TIBCO API Exchange Processes OAuth Incorrectly
S
CVE-2019-11209 TIBCO FTL Escalation Of Privileges for Realm Configuration
S
CVE-2019-11210 TIBCO Enterprise Runtime for R Server Exposes Remote Code Execution
S
CVE-2019-11211 TIBCO Enterprise Runtime for R Server Running On Linux With Containerized TERR Service Vulnerable To Remote Code Execution
S
CVE-2019-11212 TIBCO MDM Exposes Cross-Site Scripting Vulnerabilities
S
CVE-2019-11213 In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to...
CVE-2019-11215 In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitr...
CVE-2019-11216 BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can i...
E
CVE-2019-11217 The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary c...
S
CVE-2019-11218 Improper handling of extra parameters in the AccountController (User Profile edit) in Jakub Chodouns...
CVE-2019-11219 The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology ...
CVE-2019-11220 An authentication flaw in Shenzhen Yunni Technology iLnkP2P allows remote attackers to actively inte...
CVE-2019-11221 GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c....
E
CVE-2019-11222 gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature...
E S
CVE-2019-11223 An Unrestricted File Upload Vulnerability in the SupportCandy plugin through 2.0.0 for WordPress all...
E
CVE-2019-11224 HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command Injection....
E
CVE-2019-11226 CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content M...
E
CVE-2019-11228 repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the form.MirrorAddr...
S
CVE-2019-11229 models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL sett...
E
CVE-2019-11230 In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary ...
E
CVE-2019-11231 An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-...
E
CVE-2019-11232 EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information (Password) without ...
E
CVE-2019-11233 EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information without being authe...
E
CVE-2019-11234 FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Drag...
CVE-2019-11235 FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is withi...
S
CVE-2019-11236 In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker control...
E
CVE-2019-11242 A man-in-the-middle vulnerability related to vCenter access was found in Cohesity DataPlatform versi...
CVE-2019-11243 In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of...
M
CVE-2019-11244 kubectl creates world-writeable cached schema files
M
CVE-2019-11245 kubelet-started container uid changes to root after first restart or if image is already pulled to the node
E S
CVE-2019-11246 kubectl cp allows symlink directory traversal
S
CVE-2019-11247 Kubernetes kube-apiserver allows access to custom resources via wrong scope
M
CVE-2019-11248 Kubernetes kubelet exposes /debug/pprof info on healthz port
S
CVE-2019-11249 kubectl cp allows symlink directory traversal
S
CVE-2019-11250 Kubernetes client-go logs authorization headers at debug verbosity levels
M
CVE-2019-11251 kubectl cp allows symlink directory traversal
CVE-2019-11252 Credential leakage when failing to mount
S
CVE-2019-11253 Kubernetes API Server JSON/YAML parsing vulnerable to resource exhaustion attack
E M
CVE-2019-11254 Kubernetes API Server denial of service vulnerability from malicious YAML payloads
CVE-2019-11255 Kubernetes CSI volume snapshot, cloning and resizing features can result in unauthorized volume data access or mutation
M
CVE-2019-11256 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this ...
R
CVE-2019-11257 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this ...
R
CVE-2019-11258 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this ...
R
CVE-2019-11259 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this ...
R
CVE-2019-11260 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this ...
R
CVE-2019-11261 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this ...
R
CVE-2019-11262 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this ...
R
CVE-2019-11263 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this ...
R
CVE-2019-11264 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this ...
R
CVE-2019-11265 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this ...
R
CVE-2019-11266 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this ...
R
CVE-2019-11267 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this ...
R
CVE-2019-11268 UAA SQL Identity Zone Vulnerability
CVE-2019-11269 Open Redirector in spring-security-oauth2
CVE-2019-11270 UAA clients.write vulnerability
CVE-2019-11271 Bosh Deployment logs leak sensitive information
CVE-2019-11272 PlaintextPasswordEncoder authenticates encoded passwords that are null
CVE-2019-11273 PKS Telemetry logs credentials
CVE-2019-11274 UAA SCIM Filter XSS
CVE-2019-11275 CSV Injection in usage report downloaded from Pivotal Application Manager
CVE-2019-11276 Apps Manager sends tokens to Spring apps via HTTP
CVE-2019-11277 Volume Services is vulnerable to an LDAP injection attack
CVE-2019-11278 Privilege Escalation via Blind SCIM Injection in UAA
CVE-2019-11279 Privilege Escalation via Scope Manipulation in UAA
CVE-2019-11280 Privilege escalation through the invitations service
CVE-2019-11281 RabbitMQ XSS attack
CVE-2019-11282 UAA is vulnerable to a Blind SCIM injection leading to information disclosure
CVE-2019-11283 Password leak in smbdriver logs
CVE-2019-11284 Reactor Netty authentication leak in redirects
CVE-2019-11285 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2019-11286 JMX Credential Deserialization in GemFire
CVE-2019-11287 RabbitMQ Web Management Plugin DoS via heap overflow
E
CVE-2019-11288 tcServer JMX Socket Listener Registry Rebinding Local Privilege Escalation
CVE-2019-11289 A forged route service request using an invalid nonce can cause the gorouter to panic and crash
CVE-2019-11290 Cloud Foundry UAA logs query parameters in tomcat access file
CVE-2019-11291 RabbitMQ XSS attack via federation and shovel endpoints
CVE-2019-11292 Pivotal Ops Manager logs query parameters in tomcat access file
CVE-2019-11293 UAA logs all query parameters with debug logging level
CVE-2019-11294 CAPI leaks service broker URLs and GUIDs to space developers
CVE-2019-11295 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11296 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11297 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11298 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11299 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11300 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11301 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11302 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11303 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11304 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11305 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11306 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11307 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11308 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11309 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11310 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11311 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11312 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11313 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11314 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11315 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11316 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11317 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2019-11318 Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS....
S
CVE-2019-11319 An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the functi...
E
CVE-2019-11320 In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_mgt.html web page to launch te...
E
CVE-2019-11321 An issue was discovered in Motorola CX2 1.01 and M2 1.01. The router opens TCP port 8010. Users can ...
E
CVE-2019-11322 An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the functi...
E
CVE-2019-11323 HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and...
CVE-2019-11324 The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA ce...
S
CVE-2019-11325 An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component inc...
S
CVE-2019-11326 An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The ...
CVE-2019-11327 An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The ...
E
CVE-2019-11328 An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network acces...
E
CVE-2019-11331 Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed po...
CVE-2019-11332 MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-m...
E
CVE-2019-11334 An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0...
E
CVE-2019-11336 Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when...
E
CVE-2019-11338 libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which a...
S
CVE-2019-11339 The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4...
S
CVE-2019-11340 util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based...
S
CVE-2019-11341 On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture with...
E
CVE-2019-11343 Torpedo Query before 2.5.3 mishandles the LIKE operator in ConditionBuilder.java, LikeCondition.java...
S
CVE-2019-11344 data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a ....
E
CVE-2019-11345 Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS...
CVE-2019-11350 CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartex...
CVE-2019-11351 TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt framework....
CVE-2019-11353 The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands ...
E
CVE-2019-11354 The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title ...
E
CVE-2019-11355 An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the crea...
S
CVE-2019-11356 The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote...
CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(t...
E S
CVE-2019-11359 Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers...
E
CVE-2019-11360 A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) c...
E S
CVE-2019-11361 Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing ...
CVE-2019-11362 app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doRewar...
E S
CVE-2019-11363 A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to...
CVE-2019-11364 An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated atta...
CVE-2019-11365 An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet trigge...
E S
CVE-2019-11366 An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex befor...
E S
CVE-2019-11367 An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Auth...
E
CVE-2019-11368 Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr pa...
E
CVE-2019-11369 An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device s...
E
CVE-2019-11370 Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.htm...
E
CVE-2019-11371 BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow via a long prefix that is mishan...
CVE-2019-11372 An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in Medi...
E S
CVE-2019-11373 An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaA...
E S
CVE-2019-11374 74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=ad...
E
CVE-2019-11375 Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI....
E
CVE-2019-11376 SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a
E
CVE-2019-11377 wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/fi...
E
CVE-2019-11378 An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ di...
E
CVE-2019-11380 The master-password feature in the ES File Explorer File Manager application 4.2.0.1.3 for Android c...
CVE-2019-11383 An issue was discovered in the Medha WiFi FTP Server application 1.8.3 for Android. An attacker can ...
E
CVE-2019-11384 The Zalora application 6.15.1 for Android stores confidential information insecurely on the system (...
E
CVE-2019-11387 An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-A...
CVE-2019-11388 An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-932-A...
E
CVE-2019-11389 An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-A...
E
CVE-2019-11390 An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-A...
E
CVE-2019-11391 An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-A...
E
CVE-2019-11392 BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd....
E
CVE-2019-11393 An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users...
E
CVE-2019-11395 A buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long s...
E
CVE-2019-11396 An issue was discovered in Avira Free Security Suite 10. The permissive access rights on the Softwar...
CVE-2019-11397 GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 (when used with .NET Framew...
CVE-2019-11398 Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attacke...
E
CVE-2019-11399 An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 dev...
CVE-2019-11400 An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 dev...
CVE-2019-11401 A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code...
E
CVE-2019-11402 In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an ...
CVE-2019-11403 In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back w...
CVE-2019-11404 arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compiling and building the publishe...
E S
CVE-2019-11405 OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build....
E
CVE-2019-11406 Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter....
E S
CVE-2019-11407 app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an inf...
S
CVE-2019-11408 XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remot...
E S
CVE-2019-11409 app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command i...
E S
CVE-2019-11410 app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulner...
S
CVE-2019-11411 An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in ...
S
CVE-2019-11412 An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid st...
S
CVE-2019-11413 An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match function...
S
CVE-2019-11414 An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is cha...
E
CVE-2019-11415 An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A malformed login request allows remot...
E
CVE-2019-11416 A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the...
E
CVE-2019-11417 system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-lengt...
CVE-2019-11418 apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the S...
CVE-2019-11419 vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows...
E
CVE-2019-11426 An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via...
E
CVE-2019-11427 An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/ap...
E
CVE-2019-11428 I, Librarian 4.10 has XSS via the export.php export_files parameter....
E
CVE-2019-11429 CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro)...
E
CVE-2019-11444 An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script ...
E
CVE-2019-11445 OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root dire...
E
CVE-2019-11446 An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server wi...
E
CVE-2019-11447 An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the...
E
CVE-2019-11448 An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthentica...
E
CVE-2019-11449 I, Librarian 4.10 has XSS via the notes.php notes parameter....
E
CVE-2019-11450 whatsns 4.0 allows index.php?question/ajaxadd.html title SQL injection....
E
CVE-2019-11451 whatsns 4.0 allows index.php?inform/add.html qid SQL injection....
E
CVE-2019-11452 whatsns 4.0 allows index.php?admin_category/remove.html cid[] SQL injection....
E
CVE-2019-11454 Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a r...
E S
CVE-2019-11455 A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote aut...
E S
CVE-2019-11456 Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code....
E
CVE-2019-11457 Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/set...
CVE-2019-11458 An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified inte...
S
CVE-2019-11459 The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend ...
S
CVE-2019-11460 An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prio...
S
CVE-2019-11461 An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromis...
CVE-2019-11463 A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive ...
E S
CVE-2019-11464 Some enterprises require that REST API endpoints include security-related headers in REST responses....
CVE-2019-11465 An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connection...
CVE-2019-11466 In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an H...
CVE-2019-11467 In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using coll...
CVE-2019-11469 Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL ...
E
CVE-2019-11470 The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-servi...
E S
CVE-2019-11471 libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h ...
E S
CVE-2019-11472 ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows a...
E S
CVE-2019-11473 coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds r...
S
CVE-2019-11474 coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point ...
S
CVE-2019-11476 Integer overflow in whoopsie results in out-of-bounds heap write
E
CVE-2019-11477 Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs
S
CVE-2019-11478 SACK can cause extensive memory use via fragmented resend queue
S
CVE-2019-11479 Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows ...
S
CVE-2019-11480 Ubuntu kernel snap build process could use unauthenticated sources
E
CVE-2019-11481 Apport reads arbitrary files if ~/.config/apport/settings is a symlink
CVE-2019-11482 Race condition between reading current working directory and writing a core dump
CVE-2019-11483 Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used ...
CVE-2019-11484 Integer overflow in bson_ensure_space
CVE-2019-11485 apport created lock file in wrong directory
CVE-2019-11486 The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 h...
S
CVE-2019-11487 The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-...
E S
CVE-2019-11488 Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise bef...
E
CVE-2019-11489 Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise befo...
E
CVE-2019-11490 An issue was discovered in Npcap 0.992. Sending a malformed .pcap file with the loopback adapter usi...
E S
CVE-2019-11492 ProjectSend before r1070 writes user passwords to the server logs....
CVE-2019-11493 VeryPDF 4.1 has a Memory Overflow leading to Code Execution because pdfocx!CxImageTIF::operator in p...
E
CVE-2019-11494 In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the c...
CVE-2019-11495 In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. ...
CVE-2019-11496 In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that a...
CVE-2019-11497 In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the ref...
CVE-2019-11498 WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditiona...
E S
CVE-2019-11499 In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH ...
CVE-2019-11500 In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol proces...
E S
CVE-2019-11502 snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and...
E S
CVE-2019-11503 snap-confine as included in snapd before 2.39 did not guard against symlink races when performing th...
E S
CVE-2019-11504 Zotonic before version 0.47 has mod_admin XSS....
E
CVE-2019-11505 In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overf...
E S
CVE-2019-11506 In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer over...
E S
CVE-2019-11507 In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue...
E S
CVE-2019-11508 In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1,...
E S
CVE-2019-11509 In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1,...
CVE-2019-11510 In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9...
KEV E S
CVE-2019-11511 Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API....
CVE-2019-11512 Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5....
CVE-2019-11513 The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a R...
E
CVE-2019-11514 User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user e...
S
CVE-2019-11515 core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path travers...
E
CVE-2019-11516 An issue was discovered in the Bluetooth component of the Cypress (formerly owned by Broadcom) Wirel...
CVE-2019-11517 WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as re...
E
CVE-2019-11518 An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows AID[] SQL Injection because the cla...
E
CVE-2019-11519 Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce through 4.10 allows XXE vi...
E S
CVE-2019-11521 OX App Suite 7.10.1 allows Content Spoofing....
CVE-2019-11522 OX App Suite 7.10.0 to 7.10.2 allows XSS....
E
CVE-2019-11523 Anviz Global M3 Outdoor RFID Access Control executes any command received from any source. No authen...
E M
CVE-2019-11526 An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via s...
E
CVE-2019-11527 An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injectio...
E
CVE-2019-11528 An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user ...
E
CVE-2019-11533 Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 allows remote attackers to inje...
CVE-2019-11535 Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 th...
CVE-2019-11536 Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3....
CVE-2019-11537 In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and...
E
CVE-2019-11538 In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX befor...
E
CVE-2019-11539 In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX befor...
KEV E
CVE-2019-11540 In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse...
E
CVE-2019-11541 In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX b...
CVE-2019-11542 In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX befor...
E
CVE-2019-11543 XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4,...
CVE-2019-11544 An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 1...
E
CVE-2019-11545 An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2...
E
CVE-2019-11546 An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9...
E
CVE-2019-11547 An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9...
E
CVE-2019-11548 An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect A...
E
CVE-2019-11549 An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9...
E
CVE-2019-11550 Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certifica...
S
CVE-2019-11551 In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can ...
CVE-2019-11552 Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8...
E
CVE-2019-11553 In Code42 for Enterprise through 6.8.4, an administrator without web restore permission but with the...
CVE-2019-11554 The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe ...
CVE-2019-11555 The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2...
S
CVE-2019-11556 Pagure before 5.6 allows XSS via the templates/blame.html blame view....
S
CVE-2019-11557 The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/a...
E
CVE-2019-11559 A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16.1 allows remote attackers to ...
E
CVE-2019-11560 A buffer overflow vulnerability in the streaming server provided by hisilicon in HI3516 models allow...
CVE-2019-11561 The Chuango 433 MHz burglar-alarm product line is vulnerable to a Denial of Service attack. When the...
CVE-2019-11563 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2019-11564 A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitr...
E
CVE-2019-11565 Server Side Request Forgery (SSRF) exists in the Print My Blog plugin before 1.6.7 for WordPress via...
E S
CVE-2019-11567 An issue was discovered in AikCms v2.0. There is a SQL Injection vulnerability via $_GET['del'], as ...
E
CVE-2019-11568 An issue was discovered in AikCms v2.0. There is a File upload vulnerability, as demonstrated by an ...
E
CVE-2019-11569 Veeam ONE Reporter 9.5.0.3201 allows CSRF....
E
CVE-2019-11574 An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related ...
E
CVE-2019-11576 Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's cred...
S
CVE-2019-11577 dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA address...
S
CVE-2019-11578 auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks....
S
CVE-2019-11579 dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED....
S
CVE-2019-11580 Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in r...
KEV E M
CVE-2019-11581 There was a server-side template injection vulnerability in Jira Server and Data Center, in the Cont...
KEV
CVE-2019-11582 An argument injection vulnerability in Atlassian Sourcetree for Windows's URI handlers, in all versi...
CVE-2019-11583 The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to...
CVE-2019-11584 The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject ar...
CVE-2019-11585 The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and...
CVE-2019-11586 The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2...
CVE-2019-11587 Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0...
CVE-2019-11588 The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0....
CVE-2019-11589 The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before versio...
CVE-2019-11590 The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php ...
E
CVE-2019-11591 The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-aja...
E
CVE-2019-11592 WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.ph...
E
CVE-2019-11593 In Adblock Plus before 3.5.2, the $rewrite filter option allows filter-list maintainers to run arbit...
M
CVE-2019-11594 In AdBlock before 3.45.0, the $rewrite filter option allows filter-list maintainers to run arbitrary...
M
CVE-2019-11595 In uBlock before 0.9.5.15, the $rewrite filter option allows filter-list maintainers to run arbitrar...
E M
CVE-2019-11596 In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl...
E S
CVE-2019-11597 In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage o...
E
CVE-2019-11598 In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of...
E S
CVE-2019-11599 The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanis...
E S
CVE-2019-11600 A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote atta...
E
CVE-2019-11601 Path traversal in the backup & restore functionality of ProSyst mBS SDK and Bosch IoT Gateway Software
CVE-2019-11602 Leakage of stack traces in the backup & restore functionality of ProSyst mBS SDK and Bosch IoT Gateway Software
CVE-2019-11603 Path traversal in ProSyst mBS SDK and Bosch IoT Gateway Software
CVE-2019-11604 An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /servic...
E
CVE-2019-11605 An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x bef...
CVE-2019-11606 doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copyfile.php. A re...
E
CVE-2019-11607 doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copydir.php. A rem...
E
CVE-2019-11608 doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. A ...
E
CVE-2019-11609 doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/movefile.php. A re...
E
CVE-2019-11610 doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/downloaddir.php. A...
E
CVE-2019-11611 doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/download.php. A re...
E
CVE-2019-11612 doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/php/deletefile.php. A remote u...
E
CVE-2019-11613 doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/contactView.php. A remote...
E
CVE-2019-11614 doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/commentView.php. A remote...
E
CVE-2019-11615 /fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload vulnerability. A remote normal ...
E
CVE-2019-11616 doorGets 7.0 has a sensitive information disclosure vulnerability in /setup/temp/admin.php and /setu...
E
CVE-2019-11617 doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php. A rem...
E
CVE-2019-11618 doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vu...
E
CVE-2019-11619 doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.p...
E
CVE-2019-11620 doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest....
E
CVE-2019-11621 doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.p...
E
CVE-2019-11622 doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest....
E
CVE-2019-11623 doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.p...
E
CVE-2019-11624 doorGets 7.0 has an arbitrary file deletion vulnerability in /doorgets/app/requests/user/configurati...
E
CVE-2019-11625 doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/emailingRequest.php. A...
E
CVE-2019-11626 routers/ajaxRouter.php in doorGets 7.0 has a web site physical path leakage vulnerability, as demons...
E
CVE-2019-11627 gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell...
E
CVE-2019-11628 An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12....
CVE-2019-11629 Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS....
S
CVE-2019-11631 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2019-11632 In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user wit...
E
CVE-2019-11633 HoneyPress through 2016-09-27 can be fingerprinted by attackers because of the ingrained unique www....
CVE-2019-11634 Citrix Workspace App before 1904 for Windows has Incorrect Access Control....
KEV
CVE-2019-11636 Zcash 2.x allows an inexpensive approach to "fill all transactions of all blocks" and "prevent any r...
CVE-2019-11637 An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec...
E
CVE-2019-11638 An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec...
E
CVE-2019-11639 An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function ...
E
CVE-2019-11640 An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function r...
E
CVE-2019-11641 Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerprinting by including predictable...
CVE-2019-11642 A log poisoning vulnerability has been discovered in the OneShield Policy (Dragon Core) framework be...
CVE-2019-11643 Persistent XSS has been found in the OneShield Policy (Dragon Core) framework before 5.1.10. Remote ...
CVE-2019-11644 In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security befor...
CVE-2019-11646 Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Serv...
CVE-2019-11647 A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions pr...
CVE-2019-11648 An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions...
CVE-2019-11649 KM03461174 Micro Focus Fortify Software Security Center Server, CVE-2019-11649
CVE-2019-11650 A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework ver...
CVE-2019-11651 Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to versi...
CVE-2019-11652 A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) v...
CVE-2019-11653 Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerabili...
CVE-2019-11654 A path traversal vulnerability has been identified in Verastream Host Integrator
S
CVE-2019-11655 Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This...
CVE-2019-11656 Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotF...
CVE-2019-11657 Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product ve...
CVE-2019-11658 Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability w...
CVE-2019-11660 Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 1...
CVE-2019-11661 Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9....
CVE-2019-11662 Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, ...
CVE-2019-11663 Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager prod...
CVE-2019-11664 Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.3...
CVE-2019-11665 Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9....
CVE-2019-11666 Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.3...
CVE-2019-11667 Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51...
CVE-2019-11668 HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41,...
CVE-2019-11669 Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vul...
CVE-2019-11674 Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions p...
CVE-2019-11675 The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga acco...
M
CVE-2019-11676 The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnera...
CVE-2019-11677 The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is...
CVE-2019-11678 The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vul...
CVE-2019-11680 KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a web shell as a product catego...
S
CVE-2019-11682 A buffer overflow in the SMTP response service in MailCarrier 2.51 allows the attacker to execute ar...
E
CVE-2019-11683 udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remot...
S
CVE-2019-11684 Improper Access Control in Bosch Video Recording Manager
CVE-2019-11686 Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling al...
CVE-2019-11687 An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 201...
E
CVE-2019-11688 An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validatio...
E
CVE-2019-11689 An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validatio...
E
CVE-2019-11690 gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allow...
S
CVE-2019-11691 A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, ca...
CVE-2019-11692 A use-after-free vulnerability can occur when listeners are removed from the event listener manager ...
CVE-2019-11693 The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers o...
CVE-2019-11694 A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked t...
CVE-2019-11695 A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the ...
E
CVE-2019-11696 Files with the .JNLP extension used for "Java web start" applications are not treated as executable ...
E
CVE-2019-11697 If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extensi...
CVE-2019-11698 If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookm...
CVE-2019-11699 A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addres...
CVE-2019-11700 A hyperlink using the res: protocol can be used to open local files at a known location in Internet ...
CVE-2019-11701 The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) a...
CVE-2019-11702 A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open...
CVE-2019-11703 A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char...
E
CVE-2019-11704 A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_an...
E
CVE-2019-11705 A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_byday...
CVE-2019-11706 A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone...
CVE-2019-11707 A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array...
KEV
CVE-2019-11708 Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent ...
KEV
CVE-2019-11709 Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firef...
CVE-2019-11710 Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of ...
CVE-2019-11711 When an inner window is reused, it does not consider the use of document.domain for cross-origin pro...
CVE-2019-11712 POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can ...
CVE-2019-11713 A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still...
CVE-2019-11714 Necko can access a child on the wrong thread during UDP connections, resulting in a potentially expl...
CVE-2019-11715 Due to an error while parsing page content, it is possible for properly sanitized user input to be m...
CVE-2019-11716 Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not vi...
CVE-2019-11717 A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs ...
E
CVE-2019-11718 Activity Stream can display content from sent from the Snippet Service website. This content is writ...
CVE-2019-11719 When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to t...
CVE-2019-11720 Some unicode characters are incorrectly treated as whitespace during the parsing of web content inst...
CVE-2019-11721 The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. T...
E
CVE-2019-11722 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2019-11723 A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin...
CVE-2019-11724 Application permissions give additional remote troubleshooting permission to the site input.mozilla....
E
CVE-2019-11725 When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are display...
CVE-2019-11727 A vulnerability exists where it possible to force Network Security Services (NSS) to sign Certificat...
CVE-2019-11728 The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports...
CVE-2019-11729 Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperl...
CVE-2019-11730 A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs...
CVE-2019-11733 When a master password is set, it is required to be entered again before stored passwords can be acc...
CVE-2019-11734 Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of ...
CVE-2019-11735 Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firef...
CVE-2019-11736 The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the...
CVE-2019-11737 If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port ...
CVE-2019-11738 If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the...
E
CVE-2019-11739 Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included i...
CVE-2019-11740 Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ...
CVE-2019-11741 A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack o...
CVE-2019-11742 A same-origin policy violation occurs allowing the theft of cross-origin images through a combinatio...
CVE-2019-11743 Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specificati...
E
CVE-2019-11744 Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets w...
CVE-2019-11745 When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than ...
S
CVE-2019-11746 A use-after-free vulnerability can occur while manipulating video elements if the body is freed whil...
CVE-2019-11747 The "Forget about this site" feature in the History pane is intended to remove all saved user data t...
CVE-2019-11748 WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camer...
CVE-2019-11749 A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUs...
CVE-2019-11750 A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. Thi...
CVE-2019-11751 Logging-related command line parameters are not properly sanitized when Firefox is launched by anoth...
CVE-2019-11752 It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion...
CVE-2019-11753 The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it ...
CVE-2019-11754 When the pointer lock is enabled by a website though requestPointerLock(), no user notification is g...
CVE-2019-11755 A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was s...
CVE-2019-11756 Improper refcounting of soft token session objects could cause a use-after-free and crash (likely li...
CVE-2019-11757 When following the value's prototype chain, it was possible to retain a reference to a locale, delet...
CVE-2019-11758 Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total S...
E
CVE-2019-11759 An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored o...
CVE-2019-11760 A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a...
CVE-2019-11761 By using a form with a data URI it was possible to gain access to the privileged JSONView object tha...
CVE-2019-11762 If two same-origin documents set document.domain differently to become cross-origin, it was possible...
CVE-2019-11763 Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly...
CVE-2019-11764 Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firef...
E
CVE-2019-11765 A compromised content process could send a message to the parent process that would cause the 'Click...
CVE-2019-11766 dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCL...
S
CVE-2019-11767 Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files ...
CVE-2019-11768 An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially...
S
CVE-2019-11769 An issue was discovered in TeamViewer 14.2.2558. Updating the product as a non-administrative user r...
CVE-2019-11770 In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolvin...
E
CVE-2019-11771 AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection...
CVE-2019-11772 In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], int) method does not verify t...
CVE-2019-11773 Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection an...
CVE-2019-11774 Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize...
S
CVE-2019-11775 All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privat...
CVE-2019-11776 In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attack...
E
CVE-2019-11777 In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS a...
CVE-2019-11778 If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last wi...
CVE-2019-11779 In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet c...
CVE-2019-11780 Improper access control in the computed fields system of the framework of Odoo Community 13.0 and Od...
S
CVE-2019-11781 Improper input validation in portal component in Odoo Community 12.0 and earlier and Odoo Enterprise...
CVE-2019-11782 Improper access control in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, all...
CVE-2019-11783 Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and Odo...
CVE-2019-11784 Improper access control in mail module (notifications) in Odoo Community 14.0 and earlier and Odoo E...
CVE-2019-11785 Improper access control in mail module (followers) in Odoo Community 13.0 and earlier and Odoo Enter...
CVE-2019-11786 Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, all...
CVE-2019-11787 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2019-11788 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2019-11789 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2019-11790 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2019-11791 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2019-11792 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2019-11793 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2019-11794 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2019-11795 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2019-11796 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2019-11797 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2019-11798 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2019-11799 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2019-11800 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2019-11801 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2019-11802 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2019-11803 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2019-11804 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2019-11806 OX App Suite 7.10.1 and earlier has Insecure Permissions....
E
CVE-2019-11807 The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-ad...
E
CVE-2019-11808 Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's...
S
CVE-2019-11809 An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape...
CVE-2019-11810 An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when ...
S
CVE-2019-11811 An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted r...
S
CVE-2019-11812 A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. J...
S
CVE-2019-11813 An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. The...
S
CVE-2019-11814 An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS vi...
S
CVE-2019-11815 An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. Ther...
E S
CVE-2019-11816 Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3...
CVE-2019-11818 Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module Ne...
E
CVE-2019-11819 Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New ...
E
CVE-2019-11820 Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-062...
CVE-2019-11821 SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 ...
CVE-2019-11822 Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8...
CVE-2019-11823 CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 ...
E
CVE-2019-11824 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2019-11825 Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allo...
CVE-2019-11826 Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0...
CVE-2019-11827 Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2...
CVE-2019-11828 Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote...
CVE-2019-11829 OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1...
CVE-2019-11830 PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 ...
CVE-2019-11831 The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TY...
CVE-2019-11832 TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not proper...
CVE-2019-11833 fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in th...
S
CVE-2019-11834 cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal....
E S
CVE-2019-11835 cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments....
E S
CVE-2019-11836 The Rediffmail (aka com.rediff.mail.and) application 2.2.6 for Android has cleartext mail content in...
E
CVE-2019-11837 njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative ...
E
CVE-2019-11838 njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a...
E
CVE-2019-11839 njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a r...
E
CVE-2019-11840 An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0...
S
CVE-2019-11841 A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go ...
E
CVE-2019-11842 An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number gen...
CVE-2019-11843 The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web scri...
CVE-2019-11844 An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/add...
CVE-2019-11845 An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/add...
E
CVE-2019-11846 /servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection....
E
CVE-2019-11847 ALEOS User Root Shell Escalation
CVE-2019-11848 ALEOS AT Command API Abuse
CVE-2019-11849 ALEOS AT API Stack Overflow
CVE-2019-11850 ALEOS AT Command Stack Overflow
CVE-2019-11851 The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10...
CVE-2019-11852 ALEOS ACEView Service Out-Of-Bounds Read
CVE-2019-11853 ALEOS AT Command Injections
CVE-2019-11855 ALEOS LAN-Side RPC Server
CVE-2019-11856 ALEOS ACEView Message Replay
CVE-2019-11857 ALEOS AceManager Information Disclosure
CVE-2019-11858 ALEOS Multiple Web UI vulnerabilities
CVE-2019-11859 ALEOS SMS Handler Buffer Overflow
CVE-2019-11862 ALEOS SSH Service Allows Traffic Proxying
M
CVE-2019-11867 Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to do any size checking on an in...
CVE-2019-11868 See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call a...
CVE-2019-11869 The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that is_ad...
E
CVE-2019-11870 Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_...
CVE-2019-11871 The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for editors or admins....
CVE-2019-11872 The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it all...
E
CVE-2019-11873 wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is gr...
S
CVE-2019-11875 In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0.8445, a vulnerability in acces...
E
CVE-2019-11876 In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/compo...
E
CVE-2019-11877 XSS on the PIX-Link Repeater/Router LV-WR09 with firmware v28K.MiniRouter.20180616 allows attackers ...
CVE-2019-11878 An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 cameras. An ...
E
CVE-2019-11879 The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to c...
CVE-2019-11880 CommSy through 8.6.5 has SQL Injection via the cid parameter. This is fixed in 9.2....
CVE-2019-11881 A vulnerability exists in Rancher before 2.2.4 in the login component, where the errorMsg parameter ...
E
CVE-2019-11884 The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allow...
S
CVE-2019-11885 eyeDisk implements the unlock feature by sending a cleartext password. The password can be discovere...
E
CVE-2019-11886 The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme-customizer) plugin before 7.2...
E
CVE-2019-11887 SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote cod...
CVE-2019-11888 Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with ...
S
CVE-2019-11889 Sony BRAVIA Smart TV devices allow remote attackers to cause a denial of service (device hang) via a...
CVE-2019-11890 Sony Bravia Smart TV devices allow remote attackers to cause a denial of service (device hang or reb...
CVE-2019-11891 Incorrect privilege assignment in the app pairing mechanism of the Bosch Smart Home Controller (SHC)
CVE-2019-11892 Improper access control in the JSON-RPC interface of the Bosch Smart Home Controller (SHC)
CVE-2019-11893 Incorrect privilege assignment in the app permission update API of the Bosch Smart Home Controller (SHC)
CVE-2019-11894 Improper access control in the backup mechanism of the Bosch Smart Home Controller (SHC)
CVE-2019-11895 Improper access control in the JSON-RPC interface of the Bosch Smart Home Controller (SHC)
CVE-2019-11896 Incorrect pviilege assignment in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC)
CVE-2019-11897 Server-side request forgery in the backup & restore functionality of ProSyst mBS SDK and Bosch IoT Gateway Software
CVE-2019-11898 Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE ser...
CVE-2019-11899 An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows ...
CVE-2019-11921 An out of bounds write is possible via a specially crafted packet in certain configurations of Proxy...
S
CVE-2019-11922 A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could all...
S
CVE-2019-11923 In Mcrouter prior to v0.41.0, the deprecated ASCII parser would allocate a buffer to a user-specifie...
S
CVE-2019-11924 A peer could send empty handshake fragments containing only padding which would be kept in memory un...
S
CVE-2019-11925 Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could a...
S
CVE-2019-11926 Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension co...
S
CVE-2019-11927 An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-o...
CVE-2019-11928 An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed cross-s...
CVE-2019-11929 Insufficient boundary checks when formatting numbers in number_format allows read/write access to ou...
S
CVE-2019-11930 An invalid free in mb_detect_order can cause the application to crash or potentially result in remot...
S
CVE-2019-11931 A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file...
CVE-2019-11932 A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable lib...
E S
CVE-2019-11933 A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android...
CVE-2019-11934 Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket. This...
S
CVE-2019-11935 Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bou...
S
CVE-2019-11936 Various APC functions accept keys containing null bytes as input, leading to premature truncation of...
S
CVE-2019-11937 In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could resu...
S
CVE-2019-11938 Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes l...
S
CVE-2019-11939 Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes...
S
CVE-2019-11940 In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header tab...
S
CVE-2019-11941 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11942 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11943 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11944 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11945 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11946 A remote credential disclosure vulnerability was identified in HPE Intelligent Management Center (IM...
CVE-2019-11947 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11948 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11949 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11950 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11951 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11952 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11953 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11954 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11955 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11956 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11957 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11958 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11959 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11960 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11961 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11962 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11963 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11964 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11965 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11966 A remote privilege escalation vulnerability was identified in HPE Intelligent Management Center (IMC...
CVE-2019-11967 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11968 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11969 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11970 A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IM...
CVE-2019-11971 A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IM...
CVE-2019-11972 A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IM...
CVE-2019-11973 A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IM...
CVE-2019-11974 A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IM...
CVE-2019-11975 A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IM...
CVE-2019-11976 A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IM...
CVE-2019-11977 A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IM...
CVE-2019-11978 A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IM...
CVE-2019-11979 A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IM...
CVE-2019-11980 A remote code exection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT ...
CVE-2019-11981 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11984. Reason: This candidat...
R
CVE-2019-11982 A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) ea...
CVE-2019-11983 A remote buffer overflow vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier...
CVE-2019-11984 A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IM...
CVE-2019-11985 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11986 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT...
CVE-2019-11987 A security vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 could allow local unauthori...
CVE-2019-11988 A Remote Unauthorized Access vulnerability was identified in HPE Smart Update Manager (SUM) earlier ...
CVE-2019-11989 A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be ex...
CVE-2019-11990 Security vulnerabilities in HPE UIoT versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 could allow...
CVE-2019-11991 HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) version 4.1 through 4.4. HPE 3...
CVE-2019-11992 A security vulnerability in HPE OneView for VMware vCenter 9.5 could be exploited remotely to allow ...
CVE-2019-11993 A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10,...
CVE-2019-11994 A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10,...
CVE-2019-11995 Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unauthorized remote access and acce...
CVE-2019-11996 Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi arr...
CVE-2019-11997 A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM)...
CVE-2019-11998 HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input valida...
CVE-2019-11999 Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) result...
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.