| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2019-12000 | HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior... | | |
| CVE-2019-12001 | A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA ... | | |
| CVE-2019-12002 | A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA ... | | |
| CVE-2019-12003 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12004 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12005 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12006 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12007 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12008 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12009 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12010 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12011 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12012 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12013 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12014 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12015 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12016 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12017 | A remote code execution vulnerability exists in MapR CLDB code, specifically in the JSON framework t... | | |
| CVE-2019-12018 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12019 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12020 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12021 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12022 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12023 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12024 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12025 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12026 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12027 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12028 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12029 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12030 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12031 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12032 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12033 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12034 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12035 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12036 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12037 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12038 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12039 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12040 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-12041 | lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a ... | E | |
| CVE-2019-12042 | Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global... | E | |
| CVE-2019-12043 | In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, which allows attackers to trigge... | E | |
| CVE-2019-12044 | A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.... | S | |
| CVE-2019-12046 | LemonLDAP::NG -2.0.3 has Incorrect Access Control.... | E | |
| CVE-2019-12047 | Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbi... | E | |
| CVE-2019-12067 | The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NU... | S | |
| CVE-2019-12068 | In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10... | S | |
| CVE-2019-12083 | The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method whi... | E M | |
| CVE-2019-12086 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Defau... | E S | |
| CVE-2019-12087 | Samsung S9+, S10, and XCover 4 P(9.0) devices can become temporarily inoperable because of an unprot... | E | |
| CVE-2019-12091 | Netskope client command injections vulnerability | S | |
| CVE-2019-12094 | Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_n... | E | |
| CVE-2019-12095 | Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CS... | E | |
| CVE-2019-12097 | Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoopback.exe before running it, wh... | | |
| CVE-2019-12098 | In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exch... | S | |
| CVE-2019-12099 | In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code ... | E S | |
| CVE-2019-12101 | coap_decode_option in coap.c in LibNyoci 0.07.00rc1 mishandles certain packets with "Uri-Path: (null... | E | |
| CVE-2019-12102 | Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodu... | | |
| CVE-2019-12103 | The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affecte... | S | |
| CVE-2019-12104 | The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affecte... | E S | |
| CVE-2019-12105 | In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: ... | S | |
| CVE-2019-12106 | The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker ... | E S | |
| CVE-2019-12107 | The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote at... | E S | |
| CVE-2019-12108 | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer der... | E S | |
| CVE-2019-12109 | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer der... | E S | |
| CVE-2019-12110 | An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a ... | E S | |
| CVE-2019-12111 | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer der... | E S | |
| CVE-2019-12112 | An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename ... | E S | |
| CVE-2019-12113 | An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module... | E S | |
| CVE-2019-12114 | An issue was discovered in ONAP HOLMES before Dublin. By accessing port 9202 of dep-holmes-engine-mg... | E S | |
| CVE-2019-12115 | An issue was discovered in ONAP SDC through Dublin. By accessing port 4000 of demo-sdc-sdc-be pod, a... | E S | |
| CVE-2019-12116 | An issue was discovered in ONAP SDC through Dublin. By accessing port 6000 of demo-sdc-sdc-fe pod, a... | E S | |
| CVE-2019-12117 | An issue was discovered in ONAP SDC through Dublin. By accessing port 4001 of demo-sdc-sdc-onboardin... | E S | |
| CVE-2019-12118 | An issue was discovered in ONAP SDC through Dublin. By accessing port 7001 of demo-sdc-sdc-wfd-be po... | E S | |
| CVE-2019-12119 | An issue was discovered in ONAP SDC through Dublin. By accessing port 7000 of demo-sdc-sdc-wfd-fe po... | E S | |
| CVE-2019-12120 | An issue was discovered in ONAP VNFSDK through Dublin. By accessing port 8000 of demo-vnfsdk-vnfsdk,... | E S | |
| CVE-2019-12121 | An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ... | E S | |
| CVE-2019-12122 | An issue was discovered in ONAP Portal through Dublin. By executing a call to ONAPPORTAL/portalApi/l... | E S | |
| CVE-2019-12123 | An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted modul... | E S | |
| CVE-2019-12124 | An issue was discovered in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interfac... | E S | |
| CVE-2019-12125 | In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, ... | | |
| CVE-2019-12126 | In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 302... | | |
| CVE-2019-12127 | In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 3028... | | |
| CVE-2019-12128 | In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281... | | |
| CVE-2019-12129 | In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 3028... | | |
| CVE-2019-12130 | In ONAP CLI through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 3028... | | |
| CVE-2019-12131 | An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID param... | E S | |
| CVE-2019-12132 | An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filenam... | E S | |
| CVE-2019-12133 | Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissio... | | |
| CVE-2019-12134 | CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in Workd... | | |
| CVE-2019-12135 | An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and ear... | | |
| CVE-2019-12136 | There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SR... | E | |
| CVE-2019-12137 | Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a fi... | E | |
| CVE-2019-12138 | MacDown 0.7.1 allows directory traversal, for execution of arbitrary programs, via a file:/// or ../... | E | |
| CVE-2019-12139 | An XSS issue was discovered in the Admin UI in eZ Platform 2.x. This affects ezplatform-admin-ui 1.3... | | |
| CVE-2019-12143 | A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 20... | | |
| CVE-2019-12144 | An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. At... | | |
| CVE-2019-12145 | A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 20... | | |
| CVE-2019-12146 | A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 20... | | |
| CVE-2019-12147 | The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument In... | E | |
| CVE-2019-12148 | The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authenti... | E | |
| CVE-2019-12149 | SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.... | | |
| CVE-2019-12150 | Karamasoft UltimateEditor 1 does not ensure that an uploaded file is an image or document (neither f... | E | |
| CVE-2019-12153 | Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, all... | | |
| CVE-2019-12154 | XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply... | | |
| CVE-2019-12155 | interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer derefe... | E S | |
| CVE-2019-12156 | Server metadata could be exposed because one of the error messages reflected the whole response back... | | |
| CVE-2019-12157 | In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC comm... | | |
| CVE-2019-12158 | GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflow via a long extension.... | | |
| CVE-2019-12159 | GoHTTP through 2017-07-25 has a stack-based buffer over-read in the scan function (when called from ... | | |
| CVE-2019-12160 | GoHTTP through 2017-07-25 has a sendHeader use-after-free.... | E | |
| CVE-2019-12161 | WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal enc... | | |
| CVE-2019-12162 | Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before... | | |
| CVE-2019-12163 | GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information... | E | |
| CVE-2019-12164 | ubuntu-server.js in Status React Native Desktop before v0.57.8_mobile_ui allows Remote Code Executio... | S | |
| CVE-2019-12165 | MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier... | | |
| CVE-2019-12167 | httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via th... | | |
| CVE-2019-12168 | Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command She... | | |
| CVE-2019-12169 | ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code executio... | E | |
| CVE-2019-12170 | ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (... | E | |
| CVE-2019-12171 | Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.1... | E | |
| CVE-2019-12172 | Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF... | E | |
| CVE-2019-12173 | MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HR... | E | |
| CVE-2019-12174 | hide.me before 2.4.4 on macOS suffers from a privilege escalation vulnerability in the connectWithEx... | E | |
| CVE-2019-12175 | In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in... | | |
| CVE-2019-12176 | Privilege escalation in the "HTC Account Service" and "ViveportDesktopService" in HTC VIVEPORT befor... | | |
| CVE-2019-12177 | Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC V... | E | |
| CVE-2019-12180 | An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When o... | E | |
| CVE-2019-12181 | A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.... | E | |
| CVE-2019-12182 | Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remot... | E | |
| CVE-2019-12183 | Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 series allows remote attackers to r... | E | |
| CVE-2019-12184 | There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named... | E | |
| CVE-2019-12185 | eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php ... | E | |
| CVE-2019-12186 | An issue was discovered in Sylius products. Missing input sanitization in sylius/sylius 1.0.x throug... | | |
| CVE-2019-12189 | An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do s... | E | |
| CVE-2019-12190 | XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testa... | E | |
| CVE-2019-12193 | H3C H3Cloud OS all versions allows SQL injection via the ear/grid_event sidx parameter.... | E | |
| CVE-2019-12195 | TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the... | | |
| CVE-2019-12196 | A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine N... | | |
| CVE-2019-12198 | In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header.... | E | |
| CVE-2019-12203 | SilverStripe through 4.3.3 allows session fixation in the "change password" form.... | | |
| CVE-2019-12204 | In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can l... | | |
| CVE-2019-12205 | SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS.... | | |
| CVE-2019-12206 | njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.... | E | |
| CVE-2019-12207 | njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_ut... | E | |
| CVE-2019-12208 | njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in nj... | E | |
| CVE-2019-12209 | Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_k... | E S | |
| CVE-2019-12210 | In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_f... | E S | |
| CVE-2019-12211 | When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cp... | E | |
| CVE-2019-12212 | When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeated... | E | |
| CVE-2019-12213 | When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp al... | E | |
| CVE-2019-12214 | In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_... | E | |
| CVE-2019-12215 | A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a part... | E | |
| CVE-2019-12216 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunctio... | E | |
| CVE-2019-12217 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunctio... | E | |
| CVE-2019-12218 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunctio... | E | |
| CVE-2019-12219 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunctio... | E | |
| CVE-2019-12220 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunctio... | E | |
| CVE-2019-12221 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunctio... | E | |
| CVE-2019-12222 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bou... | E | |
| CVE-2019-12223 | An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other S... | E | |
| CVE-2019-12239 | The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to r... | E | |
| CVE-2019-12240 | The Virim plugin 0.4 for WordPress allows Insecure Deserialization via s_values, t_values, or c_valu... | E | |
| CVE-2019-12241 | The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source coo... | E | |
| CVE-2019-12243 | Istio 1.1.x through 1.1.6 has Incorrect Access Control.... | E | |
| CVE-2019-12245 | SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loa... | | |
| CVE-2019-12246 | SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools.... | | |
| CVE-2019-12247 | QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the ... | S | |
| CVE-2019-12248 | An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition ... | | |
| CVE-2019-12250 | IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions... | E | |
| CVE-2019-12251 | sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue... | E | |
| CVE-2019-12252 | In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can vie... | | |
| CVE-2019-12253 | my little forum before 2.4.20 allows CSRF to delete posts, as demonstrated by mode=posting&delete_po... | E | |
| CVE-2019-12254 | TECSON/GOK: Improper Authentication and Access Control on multiple devices | S | |
| CVE-2019-12255 | Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET securi... | E | |
| CVE-2019-12256 | Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET securi... | | |
| CVE-2019-12257 | Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an I... | | |
| CVE-2019-12258 | Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET securi... | | |
| CVE-2019-12259 | Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client componen... | | |
| CVE-2019-12260 | Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an... | | |
| CVE-2019-12261 | Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4).... | | |
| CVE-2019-12262 | Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client componen... | | |
| CVE-2019-12263 | Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is... | | |
| CVE-2019-12264 | Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignm... | | |
| CVE-2019-12265 | Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client compon... | | |
| CVE-2019-12266 | Stack buffer overflow in Wyze Cam Pan v2, Cam v2 and Cam v3 | S | |
| CVE-2019-12269 | Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cau... | E | |
| CVE-2019-12270 | OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by def... | M | |
| CVE-2019-12271 | Sandline Centraleyezer (On Premises) allows unrestricted File Upload with a dangerous type, because ... | E | |
| CVE-2019-12272 | In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/... | S | |
| CVE-2019-12273 | OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and... | E | |
| CVE-2019-12274 | In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin acc... | | |
| CVE-2019-12276 | A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in G... | | |
| CVE-2019-12277 | Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks f... | S | |
| CVE-2019-12278 | Opera through 53 on Android allows Address Bar Spoofing. Characters from several languages are displ... | E | |
| CVE-2019-12279 | Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the res... | E | |
| CVE-2019-12280 | PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.... | | |
| CVE-2019-12288 | An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V (C38S... | | |
| CVE-2019-12289 | An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 ... | | |
| CVE-2019-12290 | GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when... | S | |
| CVE-2019-12291 | HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL ... | S | |
| CVE-2019-12292 | Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control.... | | |
| CVE-2019-12293 | In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stre... | E | |
| CVE-2019-12295 | In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash.... | S | |
| CVE-2019-12297 | An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an Exte... | E | |
| CVE-2019-12298 | Leanify 0.4.3 allows remote attackers to trigger an out-of-bounds write (1024 bytes) via a modified ... | | |
| CVE-2019-12299 | Sandline Centraleyezer (On Premises) allows Stored XSS using HTML entities in the name field of the ... | E | |
| CVE-2019-12300 | Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth a... | S | |
| CVE-2019-12301 | The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server w... | | |
| CVE-2019-12303 | In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files... | | |
| CVE-2019-12305 | In EZCast Pro II, the administrator password md5 hash is provided upon a web request. This hash can ... | | |
| CVE-2019-12308 | An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The c... | | |
| CVE-2019-12309 | dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create fil... | S | |
| CVE-2019-12310 | ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory tra... | E | |
| CVE-2019-12311 | Sandline Centraleyezer (On Premises) allows Unrestricted File Upload leading to Stored XSS. An HTML ... | E | |
| CVE-2019-12312 | In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigg... | E S | |
| CVE-2019-12313 | XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HT... | S | |
| CVE-2019-12314 | Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W... | E | |
| CVE-2019-12315 | Samsung SCX-824 printers allow a reflected Cross-Site-Scripting (XSS) vulnerability that can be trig... | | |
| CVE-2019-12321 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-12317. Reason: This candidat... | R | |
| CVE-2019-12323 | The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS.... | E | |
| CVE-2019-12324 | A command injection (missing input validation) issue in the IP address field for the logging server ... | E | |
| CVE-2019-12325 | The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities ... | E | |
| CVE-2019-12326 | Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.... | E | |
| CVE-2019-12327 | Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow an attacker to get access to th... | E | |
| CVE-2019-12328 | A command injection (missing input validation) issue in the remote phonebook configuration URI in th... | E M | |
| CVE-2019-12331 | PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from a... | E | |
| CVE-2019-12345 | XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress.... | | |
| CVE-2019-12346 | In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint... | E | |
| CVE-2019-12347 | In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name... | E S | |
| CVE-2019-12348 | An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or ... | E | |
| CVE-2019-12349 | An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id para... | E | |
| CVE-2019-12350 | An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id paramete... | E | |
| CVE-2019-12351 | An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter v... | E | |
| CVE-2019-12352 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendmail.php... | E | |
| CVE-2019-12353 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dl_sendmail.... | E | |
| CVE-2019-12354 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/showbad.php ... | E | |
| CVE-2019-12355 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_print.php... | E | |
| CVE-2019-12356 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_download.... | E | |
| CVE-2019-12357 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php ... | E | |
| CVE-2019-12358 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendsms.php ... | E | |
| CVE-2019-12359 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/ztliuyan_sen... | E | |
| CVE-2019-12360 | A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.... | | |
| CVE-2019-12361 | EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF p... | E | |
| CVE-2019-12362 | EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php.... | E | |
| CVE-2019-12363 | An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacke... | E | |
| CVE-2019-12365 | The Newton application through 10.0.23 for Android allows XSS via an event attribute and arbitrary f... | E | |
| CVE-2019-12366 | The Nine application through 4.5.3a for Android allows XSS via an event attribute and arbitrary file... | E | |
| CVE-2019-12367 | The BlueMail application through 1.9.5.36 for Android allows XSS via an event attribute and arbitrar... | E | |
| CVE-2019-12368 | The Edison Mail application through 1.7.1 for Android allows XSS via an event attribute and arbitrar... | E | |
| CVE-2019-12369 | The TypeApp application through 1.9.5.35 for Android allows XSS via an event attribute and arbitrary... | E | |
| CVE-2019-12370 | The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file... | E | |
| CVE-2019-12372 | Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via the User ID parameter to the ... | E | |
| CVE-2019-12373 | Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint ... | | |
| CVE-2019-12374 | A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager)... | E | |
| CVE-2019-12375 | Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service ... | | |
| CVE-2019-12376 | Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 1... | E | |
| CVE-2019-12377 | A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka End... | E | |
| CVE-2019-12378 | An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.... | S | |
| CVE-2019-12379 | An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel thr... | S | |
| CVE-2019-12380 | **DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_ef... | S | |
| CVE-2019-12381 | An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5... | S | |
| CVE-2019-12382 | An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux ke... | S | |
| CVE-2019-12383 | Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to de... | S | |
| CVE-2019-12384 | FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by ... | S | |
| CVE-2019-12385 | An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, ... | E | |
| CVE-2019-12386 | An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay... | E | |
| CVE-2019-12387 | In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an... | E S | |
| CVE-2019-12388 | Anviz access control devices perform cleartext transmission of sensitive information (passwords/pins... | | |
| CVE-2019-12389 | Anviz access control devices expose credentials (names and passwords) by allowing remote attackers t... | | |
| CVE-2019-12390 | Anviz access control devices expose private Information (pin code and name) by allowing remote attac... | | |
| CVE-2019-12391 | The Anviz Management System for access control has insufficient logging for device events such as do... | | |
| CVE-2019-12392 | Anviz access control devices allow remote attackers to issue commands without a password.... | | |
| CVE-2019-12393 | Anviz access control devices are vulnerable to replay attacks which could allow attackers to interce... | | |
| CVE-2019-12394 | Anviz access control devices allow unverified password change which allows remote attackers to chang... | | |
| CVE-2019-12395 | In Webbukkit Dynmap 3.0-beta-3 or below, due to a missing login check in servlet/MapStorageHandler.j... | E S | |
| CVE-2019-12396 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-5440. Reason: This candidate... | R | |
| CVE-2019-12397 | Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting ... | | |
| CVE-2019-12398 | In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edi... | | |
| CVE-2019-12399 | When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configur... | S | |
| CVE-2019-12400 | In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed... | S | |
| CVE-2019-12401 | Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource c... | E | |
| CVE-2019-12402 | The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get int... | | |
| CVE-2019-12403 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-12404 | On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger... | | |
| CVE-2019-12405 | Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is en... | | |
| CVE-2019-12406 | Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a ... | S | |
| CVE-2019-12407 | On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger... | | |
| CVE-2019-12408 | It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementation... | | |
| CVE-2019-12409 | The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OP... | E | |
| CVE-2019-12410 | While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apac... | | |
| CVE-2019-12411 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-12412 | A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference a null pointer leading to a pr... | | |
| CVE-2019-12413 | In Apache Incubator Superset before 0.31 user could query database metadata information from a datab... | | |
| CVE-2019-12414 | In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on... | | |
| CVE-2019-12415 | In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Ex... | | |
| CVE-2019-12416 | we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active ... | E | |
| CVE-2019-12417 | A malicious admin user could edit the state of objects in the Airflow metadata database to execute a... | | |
| CVE-2019-12418 | When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX ... | S | |
| CVE-2019-12419 | Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully... | S | |
| CVE-2019-12420 | In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. U... | | |
| CVE-2019-12421 | When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions... | | |
| CVE-2019-12422 | Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susc... | | |
| CVE-2019-12423 | Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public ... | S | |
| CVE-2019-12424 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-12425 | Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host... | | |
| CVE-2019-12426 | an unauthenticated user could get access to information of some backend screens by invoking setSessi... | | |
| CVE-2019-12427 | Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Conso... | | |
| CVE-2019-12428 | An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could by... | | |
| CVE-2019-12429 | An issue was discovered in GitLab Community and Enterprise Edition 11.9 through 11.11. Unprivileged ... | | |
| CVE-2019-12430 | An issue was discovered in GitLab Community and Enterprise Edition 11.11. A specially crafted payloa... | | |
| CVE-2019-12431 | An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted us... | | |
| CVE-2019-12432 | An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member us... | | |
| CVE-2019-12433 | An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11. It has Improp... | | |
| CVE-2019-12434 | An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could g... | | |
| CVE-2019-12435 | Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial ... | | |
| CVE-2019-12436 | Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of... | | |
| CVE-2019-12437 | In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the ris... | | |
| CVE-2019-12439 | bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In s... | S | |
| CVE-2019-12440 | The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inje... | S | |
| CVE-2019-12441 | An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. The protected ... | | |
| CVE-2019-12442 | An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page conta... | | |
| CVE-2019-12443 | An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple feat... | | |
| CVE-2019-12444 | An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages con... | | |
| CVE-2019-12445 | An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious us... | | |
| CVE-2019-12446 | An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Info... | | |
| CVE-2019-12447 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles fi... | S | |
| CVE-2019-12448 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race cond... | | |
| CVE-2019-12449 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a ... | S | |
| CVE-2019-12450 | file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict fil... | S | |
| CVE-2019-12452 | types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API i... | E S | |
| CVE-2019-12453 | In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missi... | | |
| CVE-2019-12454 | An issue was discovered in wcd9335_codec_enable_dec in sound/soc/codecs/wcd9335.c in the Linux kerne... | S | |
| CVE-2019-12455 | An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel... | S | |
| CVE-2019-12456 | An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_c... | S | |
| CVE-2019-12457 | FileRun 2019.05.21 allows images/extjs Directory Listing. This issue has been fixed in FileRun 2019.... | E | |
| CVE-2019-12458 | FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has been fixed in FileRun 2019.06... | E | |
| CVE-2019-12459 | FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. This issue has been ... | E | |
| CVE-2019-12460 | Web Port 1.19.1 allows XSS via the /access/setup type parameter.... | E | |
| CVE-2019-12461 | Web Port 1.19.1 allows XSS via the /log type parameter.... | E | |
| CVE-2019-12463 | An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/... | E | |
| CVE-2019-12464 | An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal ... | E | |
| CVE-2019-12465 | An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajax_rulesugg... | E | |
| CVE-2019-12466 | Wikimedia MediaWiki through 1.32.1 allows CSRF.... | S | |
| CVE-2019-12467 | MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:Chan... | S | |
| CVE-2019-12468 | An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Di... | S | |
| CVE-2019-12469 | MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTag... | | |
| CVE-2019-12470 | Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete pa... | | |
| CVE-2019-12471 | Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent accou... | S | |
| CVE-2019-12472 | An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It... | S | |
| CVE-2019-12473 | Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could c... | S | |
| CVE-2019-12474 | Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that inc... | S | |
| CVE-2019-12475 | In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validati... | | |
| CVE-2019-12476 | An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSe... | E | |
| CVE-2019-12477 | Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local ... | E | |
| CVE-2019-12479 | An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.... | E | |
| CVE-2019-12480 | BACnet Protocol Stack through 0.8.6 has a segmentation fault leading to denial of service in BACnet ... | E | |
| CVE-2019-12481 | An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function GetESD at... | E | |
| CVE-2019-12482 | An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gf_isom_g... | E | |
| CVE-2019-12483 | An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_... | E | |
| CVE-2019-12489 | An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices.... | E | |
| CVE-2019-12490 | An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. Reverse tabnabbing can occur b... | E | |
| CVE-2019-12491 | OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with roo... | S | |
| CVE-2019-12492 | Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128 allows ar... | M | |
| CVE-2019-12493 | A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.0... | E | |
| CVE-2019-12494 | In Gardener before 0.20.0, incorrect access control in seed clusters allows information disclosure b... | | |
| CVE-2019-12495 | An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source fi... | E S | |
| CVE-2019-12496 | An issue was discovered in Hybrid Group Gobot before 1.13.0. The mqtt subsystem skips verification o... | S | |
| CVE-2019-12497 | An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition ... | | |
| CVE-2019-12498 | The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without i... | S | |
| CVE-2019-12499 | Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host b... | S | |
| CVE-2019-12500 | The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "suddenly accelerate" commands. T... | E | |
| CVE-2019-12502 | There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by addi... | E | |
| CVE-2019-12503 | Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST... | | |
| CVE-2019-12504 | Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP2002 is ... | | |
| CVE-2019-12505 | Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP1001 v1.... | | |
| CVE-2019-12506 | Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Lase... | E | |
| CVE-2019-12507 | An XSS vulnerability exists in PHPRelativePath (aka Relative Path) through 1.0.2 via the RelativePat... | S | |
| CVE-2019-12510 | Auth Bypass Via X-Forwarded-For Header in SOAP API | E | |
| CVE-2019-12511 | Root Command Injection via MAC Address in SOAP API | E | |
| CVE-2019-12512 | Stored XSS via X-Forwarded-For Header During Incorrect Login | E | |
| CVE-2019-12513 | Stored XSS via DHCP Discover Request Hostname | E | |
| CVE-2019-12515 | There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Strea... | E | |
| CVE-2019-12516 | The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demo... | | |
| CVE-2019-12517 | An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. The save_quiz_sco... | E | |
| CVE-2019-12518 | Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer over... | E | |
| CVE-2019-12519 | An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Sq... | | |
| CVE-2019-12520 | An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache... | S | |
| CVE-2019-12521 | An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements i... | S | |
| CVE-2019-12522 | An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child process... | | |
| CVE-2019-12523 | An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP reque... | | |
| CVE-2019-12524 | An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its ru... | | |
| CVE-2019-12525 | An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured ... | S | |
| CVE-2019-12526 | An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-base... | | |
| CVE-2019-12527 | An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHea... | S | |
| CVE-2019-12528 | An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure o... | | |
| CVE-2019-12529 | An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. W... | S | |
| CVE-2019-12530 | Incorrect access control was discovered in the stdonato Dashboard plugin through 0.9.7 for GLPI, aff... | S | |
| CVE-2019-12532 | Improper access control in the Insyde software tools may allow an authenticated user to potentially ... | | |
| CVE-2019-12537 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search f... | E | |
| CVE-2019-12538 | An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.d... | E | |
| CVE-2019-12539 | An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XS... | E | |
| CVE-2019-12540 | An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.d... | E | |
| CVE-2019-12541 | An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSear... | E | |
| CVE-2019-12542 | An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do u... | E | |
| CVE-2019-12543 | An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequ... | E | |
| CVE-2019-12548 | Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file w... | S | |
| CVE-2019-12549 | WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded p... | | |
| CVE-2019-12550 | WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded u... | | |
| CVE-2019-12551 | In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of t... | E | |
| CVE-2019-12552 | In SweetScape 010 Editor 9.0.1, an integer overflow during the initialization of variables could all... | E | |
| CVE-2019-12553 | In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of t... | E | |
| CVE-2019-12554 | In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of t... | E | |
| CVE-2019-12555 | In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of t... | E | |
| CVE-2019-12562 | Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to stor... | E | |
| CVE-2019-12564 | In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brut... | E | |
| CVE-2019-12566 | The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics... | E S | |
| CVE-2019-12567 | Stack-based overflow vulnerability in the logMess function in Open TFTP Server MT 1.65 and earlier a... | S | |
| CVE-2019-12568 | Stack-based overflow vulnerability in the logMess function in Open TFTP Server SP 1.66 and earlier a... | S | |
| CVE-2019-12569 | A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbi... | | |
| CVE-2019-12570 | A SQL injection vulnerability in the Xpert Solution "Server Status by Hostname/IP" plugin 4.6 for Wo... | E | |
| CVE-2019-12571 | A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v0.9.8 beta (buil... | E | |
| CVE-2019-12572 | A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 0236... | E | |
| CVE-2019-12573 | A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and... | E | |
| CVE-2019-12574 | A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v1.0 for Windows ... | E | |
| CVE-2019-12575 | A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux cou... | E | |
| CVE-2019-12576 | A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for macOS cou... | E | |
| CVE-2019-12577 | A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for macOS cou... | E | |
| CVE-2019-12578 | A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux cou... | E | |
| CVE-2019-12579 | A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and... | E | |
| CVE-2019-12581 | A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in sel... | E S | |
| CVE-2019-12582 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-12583. Reason: This candidat... | R | |
| CVE-2019-12583 | Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices al... | E S | |
| CVE-2019-12584 | Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue i... | S | |
| CVE-2019-12585 | Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary C... | S | |
| CVE-2019-12586 | The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 thr... | E S | |
| CVE-2019-12587 | The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 thr... | E S | |
| CVE-2019-12588 | The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not val... | E | |
| CVE-2019-12589 | In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intend... | E S | |
| CVE-2019-12591 | NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve ... | | |
| CVE-2019-12592 | A universal Cross-site scripting (UXSS) vulnerability in the Evernote Web Clipper extension before 7... | | |
| CVE-2019-12593 | IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/cale... | E | |
| CVE-2019-12594 | DOSBox 0.74-2 has Incorrect Access Control.... | | |
| CVE-2019-12595 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsNa... | E | |
| CVE-2019-12596 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do wit... | E | |
| CVE-2019-12597 | An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.js... | E | |
| CVE-2019-12598 | SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (... | | |
| CVE-2019-12599 | SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection.... | | |
| CVE-2019-12600 | SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (... | | |
| CVE-2019-12601 | SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (... | | |
| CVE-2019-12611 | An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the ge... | | |
| CVE-2019-12612 | An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an atta... | | |
| CVE-2019-12613 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-12614 | An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the ... | S | |
| CVE-2019-12615 | An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel ... | S | |
| CVE-2019-12616 | An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacke... | S | |
| CVE-2019-12617 | In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through ... | | |
| CVE-2019-12618 | HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.... | | |
| CVE-2019-12619 | Cisco SD-WAN Solution SQL Injection Vulnerability | | |
| CVE-2019-12620 | Cisco HyperFlex Software Counter Value Injection Vulnerability | | |
| CVE-2019-12621 | Cisco HyperFlex Static SSL Key Vulnerability | | |
| CVE-2019-12622 | Cisco RoomOS Software Privilege Escalation Vulnerability | | |
| CVE-2019-12623 | Cisco Enterprise Network Functions Virtualization Infrastructure Software File Enumeration Vulnerability | | |
| CVE-2019-12624 | Cisco IOS XE NGWC Legacy Wireless Device Manager GUI Cross-Site Request Forgery Vulnerability | | |
| CVE-2019-12625 | ClamAV Zip Bomb Vulnerability | M | |
| CVE-2019-12626 | Cisco Unified Contact Center Express Stored Cross-Site Scripting Vulnerability | | |
| CVE-2019-12627 | Cisco Firepower Threat Defense Software Information Disclosure Vulnerability | | |
| CVE-2019-12629 | Cisco SD-WAN vManage Command Injection Vulnerability | | |
| CVE-2019-12630 | Cisco Security Manager Java Deserialization Vulnerability | | |
| CVE-2019-12631 | Cisco Identity Services Engine Cross-Site Scripting Vulnerability | | |
| CVE-2019-12632 | Cisco Finesse Request Processing Server-Side Request Forgery Vulnerability | | |
| CVE-2019-12633 | Cisco Unified Contact Center Express Request Processing Server-Side Request Forgery Vulnerability | | |
| CVE-2019-12634 | Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Denial of Service Vulnerability | | |
| CVE-2019-12635 | Cisco Content Security Management Appliance Information Disclosure Vulnerability | | |
| CVE-2019-12636 | Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability | | |
| CVE-2019-12637 | Cisco Identity Services Engine Multiple Stored Cross-Site Scripting Vulnerabilities | | |
| CVE-2019-12638 | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability | | |
| CVE-2019-12643 | Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability | | |
| CVE-2019-12644 | Cisco Identity Services Engine Cross-Site Scripting Vulnerability | | |
| CVE-2019-12645 | Cisco Jabber Client Framework for Mac Code Execution Vulnerability | | |
| CVE-2019-12646 | Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability | | |
| CVE-2019-12647 | Cisco IOS and IOS XE Software IP Ident Denial of Service Vulnerability | | |
| CVE-2019-12648 | Cisco IOx for IOS Software Guest Operating System Unauthorized Access Vulnerability | | |
| CVE-2019-12649 | Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability | | |
| CVE-2019-12650 | Cisco IOS XE Software Web UI Command Injection Vulnerabilities | | |
| CVE-2019-12651 | Cisco IOS XE Software Web UI Command Injection Vulnerabilities | M | |
| CVE-2019-12652 | Cisco Catalyst 4000 Series Switches TCP Denial of Service Vulnerability | | |
| CVE-2019-12653 | Cisco IOS XE Software Raw Socket Transport Denial of Service Vulnerability | | |
| CVE-2019-12654 | Cisco IOS and IOS XE Software Session Initiation Protocol Denial of Service Vulnerability | | |
| CVE-2019-12655 | Cisco IOS XE Software FTP Application Layer Gateway for NAT, NAT64, and ZBFW Denial of Service Vulnerability | | |
| CVE-2019-12656 | Cisco IOx Application Environment Denial of Service Vulnerability | | |
| CVE-2019-12657 | Cisco IOS XE Software Unified Threat Defense Denial of Service Vulnerability | | |
| CVE-2019-12658 | Cisco IOS XE Software Filesystem Exhaustion Denial of Service Vulnerability | | |
| CVE-2019-12659 | Cisco IOS XE Software HTTP Server Denial of Service Vulnerability | | |
| CVE-2019-12660 | Cisco IOS XE Software ASIC Register Write Vulnerability | | |
| CVE-2019-12661 | Cisco IOS XE Software Virtualization Manager CLI Command Injection Vulnerability | | |
| CVE-2019-12662 | Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability | | |
| CVE-2019-12663 | Cisco IOS XE Software TrustSec Protected Access Credential Provisioning Denial of Service Vulnerability | | |
| CVE-2019-12664 | Cisco IOS XE Software ISDN Data Leak Vulnerability | | |
| CVE-2019-12665 | Cisco IOS and IOS XE Software HTTP Client Information Disclosure Vulnerability | | |
| CVE-2019-12666 | Cisco IOS XE Software Path Traversal Vulnerability | | |
| CVE-2019-12667 | Cisco IOS XE Software Stored Cross-Site Scripting Vulnerability | | |
| CVE-2019-12668 | Cisco IOS and IOS XE Software Stored Banner Cross-Site Scripting Vulnerability | | |
| CVE-2019-12669 | Cisco IOS and IOS XE Software Change of Authorization Denial of Service Vulnerability | | |
| CVE-2019-12670 | Cisco IOS XE Software IOx Guest Shell Namespace Protection Vulnerability | | |
| CVE-2019-12671 | Cisco IOS XE Software Consent Token Bypass Vulnerability | | |
| CVE-2019-12672 | Cisco IOS XE Software Arbitrary Code Execution Vulnerability | | |
| CVE-2019-12673 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability | | |
| CVE-2019-12674 | Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities | | |
| CVE-2019-12675 | Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities | | |
| CVE-2019-12676 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF LSA Processing Denial of Service Vulnerability | | |
| CVE-2019-12677 | Cisco Adaptive Security Appliance Software SSL VPN Denial of Service Vulnerability | | |
| CVE-2019-12678 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SIP Inspection Denial of Service Vulnerability | | |
| CVE-2019-12679 | Cisco Firepower Management Center SQL Injection Vulnerabilities | | |
| CVE-2019-12680 | Cisco Firepower Management Center SQL Injection Vulnerabilities | | |
| CVE-2019-12681 | Cisco Firepower Management Center SQL Injection Vulnerabilities | | |
| CVE-2019-12682 | Cisco Firepower Management Center SQL Injection Vulnerabilities | | |
| CVE-2019-12683 | Cisco Firepower Management Center SQL Injection Vulnerabilities | | |
| CVE-2019-12684 | Cisco Firepower Management Center SQL Injection Vulnerabilities | | |
| CVE-2019-12685 | Cisco Firepower Management Center SQL Injection Vulnerabilities | | |
| CVE-2019-12686 | Cisco Firepower Management Center SQL Injection Vulnerabilities | | |
| CVE-2019-12687 | Cisco Firepower Management Center Remote Code Execution Vulnerability | | |
| CVE-2019-12688 | Cisco Firepower Management Center Remote Code Execution Vulnerability | | |
| CVE-2019-12689 | Cisco Firepower Management Center Remote Code Execution Vulnerability | | |
| CVE-2019-12690 | Cisco Firepower Management Center Command Injection Vulnerability | | |
| CVE-2019-12691 | Cisco Firepower Management Center Directory Traversal Vulnerability | | |
| CVE-2019-12693 | Cisco Adaptive Security Appliance Software Secure Copy Denial of Service Vulnerability | | |
| CVE-2019-12694 | Cisco Firepower Threat Defense Software Command Injection Vulnerability | | |
| CVE-2019-12695 | Cisco Adaptive Security Appliance and Firepower Threat Defense Software WebVPN Cross-Site Scripting Vulnerability | | |
| CVE-2019-12696 | Cisco Firepower System Software Detection Engine RTF and RAR Malware and File Policy Bypass Vulnerabilities | | |
| CVE-2019-12697 | Cisco Firepower System Software Detection Engine RTF and RAR Malware and File Policy Bypass Vulnerabilities | | |
| CVE-2019-12698 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN CPU Denial of Service Vulnerability | | |
| CVE-2019-12699 | Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities | | |
| CVE-2019-12700 | Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability | | |
| CVE-2019-12701 | Cisco Firepower Management Center Software File and Malware Policy Bypass Vulnerability | | |
| CVE-2019-12702 | Cisco SPA100 Series Analog Telephone Adapters Reflected Cross-Site Scripting Vulnerability | | |
| CVE-2019-12703 | Cisco SPA122 ATA with Router Devices DHCP Services Cross-Site Scripting Vulnerability | | |
| CVE-2019-12704 | Cisco SPA100 Series Analog Telephone Adapters Web-Based Management Interface File Disclosure Vulnerability | | |
| CVE-2019-12705 | Cisco Expressway Series and TelePresence Video Communication Server Cross-Site Scripting Vulnerability | | |
| CVE-2019-12706 | Cisco Email Security Appliance Filter Bypass Vulnerability | | |
| CVE-2019-12707 | Multiple Cisco Unified Communications Products Cross-Site Scripting Vulnerability | | |
| CVE-2019-12708 | Cisco SPA100 Series Analog Telephone Adapters Administrative Credentials Information Disclosure Vulnerability | | |
| CVE-2019-12709 | Cisco IOS XR Software for Cisco ASR 9000 VMAN CLI Privilege Escalation Vulnerability | | |
| CVE-2019-12710 | Cisco Unified Communications Manager SQL Injection Vulnerability | | |
| CVE-2019-12711 | Cisco Unified Communications Manager XML External Expansion Vulnerability | | |
| CVE-2019-12712 | Cisco Prime Infrastructure Cross-Site Scripting Vulnerability | | |
| CVE-2019-12713 | Cisco Prime Infrastructure Cross-Site Scripting Vulnerability | | |
| CVE-2019-12714 | Cisco IC3000 Industrial Compute Gateway Denial of Service Vulnerability | | |
| CVE-2019-12715 | Cisco Unified Communications Manager Cross-Site Scripting Vulnerability | | |
| CVE-2019-12716 | Cisco Unified Communications Manager Cross-Site Scripting Vulnerability | | |
| CVE-2019-12717 | Cisco NX-OS Software Virtualization Manager Command Injection Vulnerability | | |
| CVE-2019-12718 | Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability | | |
| CVE-2019-12719 | An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1... | E | |
| CVE-2019-12720 | AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd param... | E | |
| CVE-2019-12723 | An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection ... | | |
| CVE-2019-12724 | An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS att... | S | |
| CVE-2019-12725 | Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occur... | E | |
| CVE-2019-12727 | On Ubiquiti airCam 3.1.4 devices, a Denial of Service vulnerability exists in the RTSP Service provi... | E | |
| CVE-2019-12728 | Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' ap... | E | |
| CVE-2019-12730 | aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check fo... | S | |
| CVE-2019-12731 | The Windows versions of Snapview Mikogo, versions before 5.10.2 are affected by insecure implementat... | | |
| CVE-2019-12732 | The Chartkick gem through 3.1.0 for Ruby allows XSS.... | E | |
| CVE-2019-12733 | SiteVision 4 allows Remote Code Execution.... | E | |
| CVE-2019-12734 | SiteVision 4 has Incorrect Access Control.... | E | |
| CVE-2019-12735 | getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrar... | E S | |
| CVE-2019-12736 | JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the... | | |
| CVE-2019-12737 | UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictab... | | |
| CVE-2019-12739 | lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remo... | E | |
| CVE-2019-12741 | XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attac... | S | |
| CVE-2019-12742 | Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including ... | S | |
| CVE-2019-12743 | HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts exist... | | |
| CVE-2019-12744 | SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PH... | E | |
| CVE-2019-12745 | out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name fi... | E | |
| CVE-2019-12746 | An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 ... | S | |
| CVE-2019-12747 | TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.... | | |
| CVE-2019-12748 | TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS.... | | |
| CVE-2019-12749 | dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Cano... | M | |
| CVE-2019-12750 | Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Sma... | | |
| CVE-2019-12751 | Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerabil... | M | |
| CVE-2019-12752 | The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vuln... | M | |
| CVE-2019-12753 | An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a ... | | |
| CVE-2019-12754 | Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a c... | | |
| CVE-2019-12755 | Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue,... | | |
| CVE-2019-12756 | Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection by... | S | |
| CVE-2019-12757 | Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protecti... | | |
| CVE-2019-12758 | Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vu... | E | |
| CVE-2019-12759 | Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), pri... | S | |
| CVE-2019-12760 | A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from t... | E | |
| CVE-2019-12761 | A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category ele... | E | |
| CVE-2019-12762 | Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal betwee... | | |
| CVE-2019-12763 | The Security Camera CZ application through 1.6.8 for Android stores potentially sensitive recorded v... | | |
| CVE-2019-12764 | An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be ma... | | |
| CVE-2019-12765 | An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to ... | | |
| CVE-2019-12766 | An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter ... | | |
| CVE-2019-12767 | An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. Attackers can execut... | | |
| CVE-2019-12768 | An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Att... | | |
| CVE-2019-12769 | SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cro... | | |
| CVE-2019-12771 | Command injection is possible in ThinStation through 6.1.1 via shell metacharacters after the cgi-bi... | E | |
| CVE-2019-12773 | An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter... | | |
| CVE-2019-12774 | A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTT... | E | |
| CVE-2019-12775 | An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with fir... | E | |
| CVE-2019-12776 | An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with fir... | E | |
| CVE-2019-12777 | An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with fir... | E | |
| CVE-2019-12779 | libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it ... | E S | |
| CVE-2019-12780 | The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL ... | E | |
| CVE-2019-12781 | An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An H... | S | |
| CVE-2019-12782 | An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 (before... | | |
| CVE-2019-12783 | An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accep... | | |
| CVE-2019-12784 | An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept ... | | |
| CVE-2019-12786 | An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a comman... | E | |
| CVE-2019-12787 | An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a comman... | E | |
| CVE-2019-12788 | An issue was discovered in Photodex ProShow Producer v9.0.3797 (an application that runs with Admini... | E | |
| CVE-2019-12789 | An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By a... | E | |
| CVE-2019-12790 | In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar functio... | E | |
| CVE-2019-12791 | A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows... | E | |
| CVE-2019-12792 | A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote... | E | |
| CVE-2019-12794 | An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins... | S | |
| CVE-2019-12795 | daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before ... | S | |
| CVE-2019-12797 | A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary command... | | |
| CVE-2019-12798 | An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c does not restrict regular expres... | | |
| CVE-2019-12799 | In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a P... | S | |
| CVE-2019-12801 | out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payloa... | | |
| CVE-2019-12802 | In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing contex... | E S | |
| CVE-2019-12803 | Hunesion i-oneNet unrestricted file upload vulnerability | | |
| CVE-2019-12804 | Hunesion i-oneNet Missing Support for Integrity Check vulnerability | | |
| CVE-2019-12805 | NC Launcher 2 Arbitrary Command Injection Vulnerability | | |
| CVE-2019-12806 | UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can o... | | |
| CVE-2019-12807 | Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by impr... | | |
| CVE-2019-12808 | ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability... | | |
| CVE-2019-12809 | Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that could ... | | |
| CVE-2019-12810 | A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A ... | | |
| CVE-2019-12811 | ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to execute arbitrary command via ... | | |
| CVE-2019-12812 | MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbitrary command via specifically... | | |
| CVE-2019-12813 | An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt use... | E | |
| CVE-2019-12814 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Defa... | S | |
| CVE-2019-12815 | An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code exec... | E S | |
| CVE-2019-12816 | Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileg... | S | |
| CVE-2019-12817 | arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where... | S | |
| CVE-2019-12818 | An issue was discovered in the Linux kernel before 4.20.15. The nfc_llcp_build_tlv function in net/n... | S | |
| CVE-2019-12819 | An issue was discovered in the Linux kernel before 5.0. The function __mdiobus_register() in drivers... | S | |
| CVE-2019-12820 | A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions pe... | | |
| CVE-2019-12821 | A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while addi... | | |
| CVE-2019-12822 | In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability cau... | S | |
| CVE-2019-12823 | Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS.... | S | |
| CVE-2019-12825 | Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12... | | |
| CVE-2019-12826 | A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic p... | E | |
| CVE-2019-12827 | Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.... | | |
| CVE-2019-12828 | An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of th... | E | |
| CVE-2019-12829 | radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of ... | E | |
| CVE-2019-12830 | In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer... | E | |
| CVE-2019-12831 | In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads... | E | |
| CVE-2019-12834 | In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into ... | E | |
| CVE-2019-12835 | formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::w... | E | |
| CVE-2019-12836 | The Bobronix JEditor editor before 3.0.6 for Jira allows an attacker to add a URL/Link (to an existi... | E | |
| CVE-2019-12837 | The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal informatio... | E | |
| CVE-2019-12838 | SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.... | | |
| CVE-2019-12839 | In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration... | E S | |
| CVE-2019-12840 | In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary c... | E | |
| CVE-2019-12841 | Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was... | | |
| CVE-2019-12842 | A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fi... | | |
| CVE-2019-12843 | A possible stored JavaScript injection requiring a deliberate server administrator action was detect... | | |
| CVE-2019-12844 | A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issu... | | |
| CVE-2019-12845 | The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts... | | |
| CVE-2019-12846 | A user without the required permissions could gain access to some JetBrains TeamCity settings. The i... | | |
| CVE-2019-12847 | In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleart... | | |
| CVE-2019-12850 | A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168.... | | |
| CVE-2019-12851 | A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was... | | |
| CVE-2019-12852 | An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrain... | | |
| CVE-2019-12854 | Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memor... | S | |
| CVE-2019-12855 | In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certifica... | S | |
| CVE-2019-12863 | SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by admin... | E | |
| CVE-2019-12864 | SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage,... | E | |
| CVE-2019-12865 | In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.... | E | |
| CVE-2019-12866 | An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was po... | | |
| CVE-2019-12867 | Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The is... | | |
| CVE-2019-12868 | app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator becaus... | S | |
| CVE-2019-12869 | An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and C... | | |
| CVE-2019-12870 | An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and C... | | |
| CVE-2019-12871 | An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and C... | | |
| CVE-2019-12872 | dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the rol... | | |
| CVE-2019-12874 | An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media... | | |
| CVE-2019-12875 | Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrus... | S | |
| CVE-2019-12876 | Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Ins... | E | |
| CVE-2019-12880 | BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allow... | | |
| CVE-2019-12881 | i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on ... | E | |
| CVE-2019-12882 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-12887 | KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2).... | | |
| CVE-2019-12888 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-12887. Reason: This candidat... | R | |
| CVE-2019-12889 | An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. A user with ... | E | |
| CVE-2019-12890 | RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote att... | E | |
| CVE-2019-12893 | Alternate Pic View 2.600 has a User Mode Write AV starting at PicViewer!PerfgrapFinalize+0x000000000... | E | |
| CVE-2019-12894 | Alternate Pic View 2.600 has a Read Access Violation at the Instruction Pointer after a call from Pi... | E | |
| CVE-2019-12895 | In Alternate Pic View 2.600, the Exception Handler Chain is Corrupted starting at PicViewer!Perfgrap... | E | |
| CVE-2019-12896 | Edraw Max 7.9.3 has Heap Corruption starting at ntdll!RtlpNtMakeTemporaryKey+0x0000000000001a77.... | E | |
| CVE-2019-12897 | Edraw Max 7.9.3 has a Read Access Violation at the Instruction Pointer after a call from ObjectModul... | E | |
| CVE-2019-12898 | Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at image00400000+0x000000... | E | |
| CVE-2019-12899 | Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at ntdll!RtlQueueWorkItem... | E | |
| CVE-2019-12900 | BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many... | S | |
| CVE-2019-12901 | Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privi... | | |
| CVE-2019-12902 | Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. This allows a new u... | | |
| CVE-2019-12903 | Pydio Cells before 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails to ... | | |
| CVE-2019-12904 | In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel att... | S | |
| CVE-2019-12905 | FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. This i... | E | |
| CVE-2019-12911 | Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such a... | | |
| CVE-2019-12912 | Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outloo... | | |
| CVE-2019-12913 | Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outloo... | | |
| CVE-2019-12914 | Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such a... | | |
| CVE-2019-12915 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-12916 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-12917 | A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.31... | | |
| CVE-2019-12918 | Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection... | | |
| CVE-2019-12919 | On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the local net... | | |
| CVE-2019-12920 | On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network c... | | |
| CVE-2019-12921 | In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitra... | | |
| CVE-2019-12922 | A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.... | E S | |
| CVE-2019-12923 | In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection m... | | |
| CVE-2019-12924 | MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks th... | | |
| CVE-2019-12925 | MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues, with whic... | | |
| CVE-2019-12926 | MailEnable Enterprise Premium 10.23 did not use appropriate access control checks in a number of are... | | |
| CVE-2019-12927 | MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS... | | |
| CVE-2019-12928 | The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, whi... | E | |
| CVE-2019-12929 | The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows ... | E | |
| CVE-2019-12930 | A cross-site scripting (XSS) vulnerability in noMenu() and noSubMenu() in core/navigation/MENU.php i... | S | |
| CVE-2019-12932 | A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in t... | | |
| CVE-2019-12933 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11877. Reason: This candidat... | R | |
| CVE-2019-12934 | An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/opti... | E | |
| CVE-2019-12935 | Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI.... | E | |
| CVE-2019-12936 | BlueStacks App Player 2, 3, and 4 before 4.90 allows DNS Rebinding for attacks on exposed IPC functi... | | |
| CVE-2019-12937 | apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow allowing local privilege escal... | E | |
| CVE-2019-12938 | The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which... | E | |
| CVE-2019-12939 | LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse param... | E | |
| CVE-2019-12940 | LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledge... | E | |
| CVE-2019-12941 | AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force att... | E | |
| CVE-2019-12942 | TTLock devices do not properly block guest access in certain situations where the network connection... | | |
| CVE-2019-12943 | TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control... | | |
| CVE-2019-12944 | Glue Smart Lock 2.7.8 devices do not properly block guest access in certain situations where the net... | | |
| CVE-2019-12945 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-12946 | Elcom CMS before 10.7 has SQL Injection via EventSearchByState.aspx and EventSearchAdv.aspx.... | | |
| CVE-2019-12948 | A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and ... | | |
| CVE-2019-12949 | In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into cli... | E | |
| CVE-2019-12950 | An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" fea... | E | |
| CVE-2019-12951 | An issue was discovered in Mongoose before 6.15. The parse_mqtt() function in mg_mqtt.c has a critic... | S | |
| CVE-2019-12953 | Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid ... | | |
| CVE-2019-12954 | SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by ... | E | |
| CVE-2019-12957 | In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiTyp... | E | |
| CVE-2019-12958 | In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in f... | E | |
| CVE-2019-12959 | Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for th... | | |
| CVE-2019-12960 | LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php v... | E | |
| CVE-2019-12961 | LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function.... | E | |
| CVE-2019-12962 | LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTT... | E | |
| CVE-2019-12963 | LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action.... | E | |
| CVE-2019-12964 | LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject.... | E | |
| CVE-2019-12966 | FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demon... | E | |
| CVE-2019-12967 | Stephan Mooltipass Moolticute through 0.42.1 (and possibly earlier versions) has Incorrect Access Co... | E S | |
| CVE-2019-12968 | A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive) di... | S | |
| CVE-2019-12970 | XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling ... | E | |
| CVE-2019-12971 | BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload of a File with a Dangerous Ty... | E | |
| CVE-2019-12972 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in ... | E S | |
| CVE-2019-12973 | In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c.... | S | |
| CVE-2019-12974 | A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVID... | S | |
| CVE-2019-12975 | ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.... | S | |
| CVE-2019-12976 | ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.... | E S | |
| CVE-2019-12977 | ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the WriteJP2Image function ... | S | |
| CVE-2019-12978 | ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function... | S | |
| CVE-2019-12979 | ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings funct... | S | |
| CVE-2019-12980 | In Ming (aka libming) 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in ... | S | |
| CVE-2019-12981 | Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability in the function SWFShape_setLeftFillSt... | S | |
| CVE-2019-12982 | Ming (aka libming) 0.4.8 has a heap buffer overflow and underflow in the decompileCAST function in u... | S | |
| CVE-2019-12983 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11884. Reason: This candidat... | R | |
| CVE-2019-12984 | A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/net... | S | |
| CVE-2019-12985 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Val... | E | |
| CVE-2019-12986 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Val... | E | |
| CVE-2019-12987 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Val... | E | |
| CVE-2019-12988 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Val... | E | |
| CVE-2019-12989 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.... | KEV E | |
| CVE-2019-12990 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Travers... | E | |
| CVE-2019-12991 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Val... | KEV E | |
| CVE-2019-12992 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Val... | E | |
| CVE-2019-12994 | Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the A... | | |
| CVE-2019-12995 | Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" i... | | |
| CVE-2019-12996 | In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML inp... | | |
| CVE-2019-12997 | In Loopchain through 2.2.1.3, an attacker can escalate privileges from a low-privilege shell by chan... | E S | |
| CVE-2019-12998 | c-lightning before 0.7.1 allows attackers to trigger loss of funds because of Incorrect Access Contr... | E S | |
| CVE-2019-12999 | Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger loss of funds because of Incor... | E S |