CVE-2019-13xxx

There are 715 CVE in this subgroup.
Last updated: 
← Back to 2019
ID Summary Flags Max Score
CVE-2019-13000 Eclair through 0.3 allows attackers to trigger loss of funds because of Incorrect Access Control. NO...
E S
CVE-2019-13001 An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. Gi...
CVE-2019-13002 An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. Unauthorize...
CVE-2019-13003 An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. One of the parsers...
CVE-2019-13004 An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. When specif...
CVE-2019-13005 An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The ...
CVE-2019-13006 An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. Users wit...
CVE-2019-13007 An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an adm...
CVE-2019-13009 An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded file...
CVE-2019-13010 An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0.2. The color codes decoder was...
CVE-2019-13011 An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a u...
CVE-2019-13012 The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_f...
S
CVE-2019-13013 Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privi...
CVE-2019-13014 Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operati...
CVE-2019-13020 The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has ...
CVE-2019-13021 The administrative passwords for all versions of Bond JetSelect are stored within an unprotected fil...
E
CVE-2019-13022 Bond JetSelect (all versions) has an issue in the Java class (ENCtool.jar) and corresponding passwor...
E
CVE-2019-13023 An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web...
CVE-2019-13024 Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacke...
E
CVE-2019-13025 Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of I...
E
CVE-2019-13026 OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading...
CVE-2019-13027 Realization Concerto Critical Chain Planner (aka CCPM) 5.10.8071 has SQL Injection in at least in th...
E
CVE-2019-13028 An incorrect implementation of a local web server in eID client (Windows version before 3.1.2, Linux...
E
CVE-2019-13029 Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 b...
CVE-2019-13030 eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled...
E
CVE-2019-13031 LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to...
CVE-2019-13032 An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRe...
CVE-2019-13033 In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list wh...
CVE-2019-13035 Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permiss...
CVE-2019-13038 mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrat...
S
CVE-2019-13044 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2019-13045 Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use afte...
S
CVE-2019-13046 linker/linker.c in ToaruOS through 1.10.9 has insecure LD_LIBRARY_PATH handling in setuid applicatio...
E
CVE-2019-13047 kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in sys_sysfunc case 9 fo...
E
CVE-2019-13048 kernel/sys/syscall.c in ToaruOS through 1.10.9 allows a denial of service upon a critical error in c...
E
CVE-2019-13049 An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows users to map arbitrary kernel page...
E
CVE-2019-13050 Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG thr...
E M
CVE-2019-13051 Pi-Hole 4.3 allows Command Injection....
S
CVE-2019-13052 Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffe...
E
CVE-2019-13053 Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a...
E
CVE-2019-13054 The Logitech R500 presentation clicker allows attackers to determine the AES key, leading to keystro...
E
CVE-2019-13055 Certain Logitech Unifying devices allow attackers to dump AES keys and addresses, leading to the cap...
E
CVE-2019-13056 An issue was discovered in CyberPanel through 1.8.4. On the user edit page, an attacker can edit the...
E
CVE-2019-13057 An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator deleg...
S
CVE-2019-13063 Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on t...
E
CVE-2019-13066 Sahi Pro 8.0.0 has a script manager arena located at _s_/dyn/pro/DBReports with many different areas...
E
CVE-2019-13067 njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This ...
E
CVE-2019-13068 public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drill...
CVE-2019-13069 extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escala...
E
CVE-2019-13070 A stored XSS vulnerability in the Agent/Center component of CyberPower PowerPanel Business Edition 3...
E
CVE-2019-13071 CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacke...
E
CVE-2019-13072 Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed an...
E S
CVE-2019-13074 A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to...
CVE-2019-13075 Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to d...
E
CVE-2019-13076 Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An aut...
CVE-2019-13077 Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_...
CVE-2019-13078 Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An aut...
CVE-2019-13079 Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An aut...
CVE-2019-13080 Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG i...
CVE-2019-13081 Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the titl...
CVE-2019-13082 Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated fil...
E
CVE-2019-13083 XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000384e2a....
E
CVE-2019-13084 XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000026b739....
E
CVE-2019-13085 XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000030ecfa....
E
CVE-2019-13086 core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by send...
E
CVE-2019-13096 TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. ...
E
CVE-2019-13097 The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently veri...
E
CVE-2019-13098 The user password via the registration form of TronLink Wallet 2.2.0 is stored in the log when the c...
E
CVE-2019-13099 The Momo application 2.1.9 for Android stores confidential information insecurely on the system (i.e...
E
CVE-2019-13100 The Send Anywhere application 9.4.18 for Android stores confidential information insecurely on the s...
E
CVE-2019-13101 An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be access...
CVE-2019-13103 A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc...
S
CVE-2019-13104 In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite...
S
CVE-2019-13105 Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when list...
S
CVE-2019-13106 Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted e...
S
CVE-2019-13107 Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, ...
S
CVE-2019-13108 An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV...
E S
CVE-2019-13109 An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV...
E S
CVE-2019-13110 A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allow...
E S
CVE-2019-13111 A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a den...
E S
CVE-2019-13112 A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attac...
E
CVE-2019-13113 Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure...
E S
CVE-2019-13114 http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash du...
E S
CVE-2019-13115 In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has a...
E
CVE-2019-13116 The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arb...
E
CVE-2019-13117 In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitiali...
S
CVE-2019-13118 In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was ...
S
CVE-2019-13120 Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resul...
CVE-2019-13121 An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integra...
CVE-2019-13122 A Cross Site Scripting (XSS) vulnerability exists in the template tag used to render message ids in ...
CVE-2019-13123 Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhaust...
S
CVE-2019-13124 Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhaust...
S
CVE-2019-13125 HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via...
E
CVE-2019-13126 An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by send...
S
CVE-2019-13127 An issue was discovered in mxGraph through 4.0.0, related to the "draw.io Diagrams" plugin before 8....
E S
CVE-2019-13128 An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injecti...
E
CVE-2019-13129 On the Motorola router CX2L MWR04L 1.01, there is a stack consumption (infinite recursion) issue in ...
E
CVE-2019-13131 Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attacke...
E
CVE-2019-13132 In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated...
CVE-2019-13133 ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/b...
S
CVE-2019-13134 ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/...
S
CVE-2019-13135 ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUT...
S
CVE-2019-13136 ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStre...
E S
CVE-2019-13137 ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps...
E S
CVE-2019-13139 In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for...
E S
CVE-2019-13140 Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allo...
E
CVE-2019-13142 The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) in Razer Surround 1.1.63.0 run...
CVE-2019-13143 An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth R...
E
CVE-2019-13144 myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. This is fixed in 1.5....
CVE-2019-13145 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2019-13146 The field_test gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a ...
E
CVE-2019-13147 In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2l...
E
CVE-2019-13148 An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection...
CVE-2019-13149 An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection...
CVE-2019-13150 An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection...
CVE-2019-13151 An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection...
CVE-2019-13152 An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection...
CVE-2019-13153 An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection...
CVE-2019-13154 An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection...
CVE-2019-13155 An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection...
CVE-2019-13156 NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers ...
CVE-2019-13157 nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory...
CVE-2019-13161 An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 1...
CVE-2019-13163 The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Devel...
CVE-2019-13164 qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained f...
S
CVE-2019-13165 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vuln...
CVE-2019-13166 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Loca...
CVE-2019-13167 Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320...
CVE-2019-13168 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vuln...
CVE-2019-13169 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vuln...
CVE-2019-13170 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoi...
CVE-2019-13171 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-base...
CVE-2019-13172 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vuln...
CVE-2019-13173 fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a ha...
S
CVE-2019-13175 Read the Docs before 3.5.1 has an Open Redirect if certain user-defined redirects are used. This aff...
CVE-2019-13176 An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12....
E
CVE-2019-13177 verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 reli...
E S
CVE-2019-13178 modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition betwee...
E
CVE-2019-13179 Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mod...
E
CVE-2019-13181 A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7....
CVE-2019-13182 A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Serv...
CVE-2019-13183 Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin...
CVE-2019-13186 In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. An attacker can u...
E
CVE-2019-13187 The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated ...
E
CVE-2019-13188 In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire a...
E
CVE-2019-13189 In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet pa...
E
CVE-2019-13190 In Knowage through 6.1.1, the sign up page does not invalidate a valid CAPTCHA token. This allows fo...
CVE-2019-13191 A SQL injection vulnerability in IntraMaps MapControl 8 allows attackers to execute arbitrary SQL co...
E
CVE-2019-13192 Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulner...
E
CVE-2019-13193 Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulne...
E
CVE-2019-13194 Some Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclos...
E
CVE-2019-13195 The web application of some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was vuln...
CVE-2019-13196 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overf...
CVE-2019-13197 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overf...
CVE-2019-13198 The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was a...
CVE-2019-13199 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism...
CVE-2019-13200 The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was a...
CVE-2019-13201 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overf...
CVE-2019-13202 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overf...
CVE-2019-13203 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by an integer ove...
CVE-2019-13204 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by multiple buffe...
CVE-2019-13205 All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.7...
CVE-2019-13206 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overf...
CVE-2019-13207 nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() f...
E
CVE-2019-13208 WavesSysSvc in Waves MAXX Audio allows privilege escalation because the General registry key has Ful...
E
CVE-2019-13209 Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an expl...
CVE-2019-13217 A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an atta...
S
CVE-2019-13218 Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker t...
S
CVE-2019-13219 A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an att...
S
CVE-2019-13220 Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 ...
S
CVE-2019-13221 A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an...
S
CVE-2019-13222 An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 ...
S
CVE-2019-13223 A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an atta...
S
CVE-2019-13224 A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially...
S
CVE-2019-13225 A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potenti...
S
CVE-2019-13226 deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/ in t...
S
CVE-2019-13227 In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log a...
S
CVE-2019-13228 deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to downl...
S
CVE-2019-13229 deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo()...
S
CVE-2019-13232 Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of ...
CVE-2019-13233 In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access t...
E S
CVE-2019-13234 In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine....
E S
CVE-2019-13235 In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form....
E S
CVE-2019-13236 In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored X...
E S
CVE-2019-13237 In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusio...
E S
CVE-2019-13238 An issue was discovered in Bento4 1.5.1.0. A memory allocation failure is unhandled in Core/Ap4SdpAt...
E
CVE-2019-13239 inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture....
E S
CVE-2019-13240 An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is pos...
E S
CVE-2019-13241 FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arb...
E
CVE-2019-13242 IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x0000000000013a98....
E
CVE-2019-13243 IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00000000000249c6....
E
CVE-2019-13244 FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x0000000000002d7d....
E
CVE-2019-13245 FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a95b1....
E
CVE-2019-13246 FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a9601....
E
CVE-2019-13247 ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000024ed....
E
CVE-2019-13248 ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x0000000000002450....
E
CVE-2019-13249 ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000...
E
CVE-2019-13250 ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000...
E
CVE-2019-13251 ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000...
E
CVE-2019-13252 ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000001...
E
CVE-2019-13253 XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000385474....
E
CVE-2019-13254 XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e808....
E
CVE-2019-13255 XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327464....
E
CVE-2019-13256 XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e849....
E
CVE-2019-13257 XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003273aa....
E
CVE-2019-13258 XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328165....
E
CVE-2019-13259 XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e566....
E
CVE-2019-13260 XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327a07....
E
CVE-2019-13261 XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384....
E
CVE-2019-13262 XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb....
E
CVE-2019-13263 D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a gues...
E
CVE-2019-13264 D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a gues...
E
CVE-2019-13265 D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a gues...
E
CVE-2019-13266 TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a ho...
E
CVE-2019-13267 TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a ho...
E
CVE-2019-13268 TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a ho...
E
CVE-2019-13269 Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a gues...
E
CVE-2019-13270 Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a gues...
E
CVE-2019-13271 Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a gues...
E
CVE-2019-13272 In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the cr...
KEV E S
CVE-2019-13273 In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overf...
CVE-2019-13274 In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient f...
CVE-2019-13275 An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/h...
E S
CVE-2019-13276 TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow...
E
CVE-2019-13277 TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows an unauthenticated attacker to ...
E
CVE-2019-13278 TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections w...
E
CVE-2019-13279 TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer o...
E
CVE-2019-13280 TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow...
E
CVE-2019-13281 In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stre...
E
CVE-2019-13282 In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in F...
E
CVE-2019-13283 In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse i...
E
CVE-2019-13285 CoSoSys Endpoint Protector 5.1.0.2 allows Host Header Injection....
E
CVE-2019-13286 In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionS...
E
CVE-2019-13287 In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdj...
E
CVE-2019-13288 In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a craft...
E
CVE-2019-13289 In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() locate...
E
CVE-2019-13290 Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list...
E
CVE-2019-13291 In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() locate...
E
CVE-2019-13292 A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 for...
E
CVE-2019-13294 AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do n...
E
CVE-2019-13295 ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThre...
E S
CVE-2019-13296 ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLILi...
E S
CVE-2019-13297 ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThre...
E S
CVE-2019-13298 ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixel...
E S
CVE-2019-13299 ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixe...
E S
CVE-2019-13300 ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImage...
E S
CVE-2019-13301 ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error....
E S
CVE-2019-13302 ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages....
E S
CVE-2019-13303 ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeIma...
E S
CVE-2019-13304 ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because ...
E S
CVE-2019-13305 ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because ...
E S
CVE-2019-13306 ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because ...
E S
CVE-2019-13307 ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImage...
E S
CVE-2019-13308 ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage....
E S
CVE-2019-13309 ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchIm...
E S
CVE-2019-13310 ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/m...
E S
CVE-2019-13311 ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error....
E S
CVE-2019-13312 block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read....
CVE-2019-13313 libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials...
S
CVE-2019-13314 virt-bootstrap 1.1.0 allows local users to discover a root password by listing a process, because th...
E
CVE-2019-13315 This vulnerability allows remote atackers to execute arbitrary code on affected installations of Fox...
CVE-2019-13316 This vulnerability allows remote atackers to execute arbitrary code on affected installations of Fox...
CVE-2019-13317 This vulnerability allows remote atackers to execute arbitrary code on affected installations of Fox...
CVE-2019-13318 This vulnerability allows remote attackers to disclose sensitive information on affected installatio...
CVE-2019-13319 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2019-13320 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2019-13321 This vulnerability allows network adjacent attackers to execute arbitrary code on affected installat...
CVE-2019-13322 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ...
CVE-2019-13323 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2019-13324 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2019-13325 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2019-13326 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2019-13327 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2019-13328 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2019-13329 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2019-13330 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2019-13331 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2019-13332 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2019-13333 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2019-13334 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2019-13335 SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF....
CVE-2019-13336 The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote attackers to launch commands with no...
E
CVE-2019-13337 In WESEEK GROWI before 3.5.0, the site-wide basic authentication can be bypassed by adding a URL par...
CVE-2019-13338 In WESEEK GROWI before 3.5.0, a remote attacker can obtain the password hash of the creator of a pag...
CVE-2019-13339 In MiniCMS V1.10, stored XSS was found in mc-admin/page-edit.php (content box), which can be used to...
CVE-2019-13340 In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker ca...
E
CVE-2019-13341 In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php (comment box), which can be used to get ...
E
CVE-2019-13343 Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentica...
E S
CVE-2019-13344 An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPr...
E
CVE-2019-13345 The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter....
E S
CVE-2019-13346 In MyT 1.5.1, the User[username] parameter has XSS....
E
CVE-2019-13347 An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affec...
CVE-2019-13348 In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access t...
E
CVE-2019-13349 In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user pa...
E
CVE-2019-13351 posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as distributed with alsa-plugins 1.1....
E S
CVE-2019-13352 WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support ...
E
CVE-2019-13354 The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution ba...
CVE-2019-13355 In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\Total...
E
CVE-2019-13356 In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\Total...
E
CVE-2019-13357 In Total Defense Anti-virus 9.0.0.773, resource acquisition from the untrusted search path C:\ used ...
E
CVE-2019-13358 lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on ...
E
CVE-2019-13359 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal use...
E
CVE-2019-13360 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authenticat...
E
CVE-2019-13361 Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an attacker on the same Wi-Fi ne...
CVE-2019-13362 Codedoc v3.2 has a stack-based buffer overflow in add_variable in codedoc.c, related to codedoc_strl...
E
CVE-2019-13363 admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, ...
E
CVE-2019-13364 admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, com...
E
CVE-2019-13367 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2019-13368 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2019-13369 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2019-13370 index.php/admin/permissions in Ignited CMS through 2017-02-19 allows CSRF to add an administrator....
E
CVE-2019-13372 /web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA...
E
CVE-2019-13373 An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input d...
S
CVE-2019-13374 A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central...
S
CVE-2019-13375 A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in Pa...
S
CVE-2019-13376 phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging ...
E
CVE-2019-13377 The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable ...
S
CVE-2019-13379 On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface ...
E
CVE-2019-13380 KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from websites is mishandled in the ...
CVE-2019-13381 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2019-13382 UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation ...
E
CVE-2019-13383 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to c...
E
CVE-2019-13385 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure...
E
CVE-2019-13386 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanage...
E
CVE-2019-13387 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (para...
E
CVE-2019-13389 RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-...
S
CVE-2019-13390 In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c....
E
CVE-2019-13391 In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read...
E S
CVE-2019-13392 A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attack...
E
CVE-2019-13393 The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphras...
E
CVE-2019-13394 The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over clearte...
E
CVE-2019-13395 The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An a...
E
CVE-2019-13396 FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_includ...
E
CVE-2019-13397 Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker to gain admin privileges by i...
CVE-2019-13398 Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a craft...
E
CVE-2019-13399 Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrat...
E
CVE-2019-13400 Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface creden...
E
CVE-2019-13401 Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/....
E
CVE-2019-13402 /usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB...
E
CVE-2019-13403 Temenos CWX version 8.9 has an Broken Access Control vulnerability in the module /CWX/Employee/Emplo...
E
CVE-2019-13404 The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which ...
CVE-2019-13405 Advan VD-1 allows a remote user to enable Android Debug Bridge without any authentication
E
CVE-2019-13406 Advan VD-1 has a vulnerability that allows remote arbitrary APK installation
E
CVE-2019-13407 Advan VD-1 has a reflected XSS vulnerability in page cgibin/ssi.cgi
E
CVE-2019-13408 Advan VD-1 allows users to download arbitrary files
E
CVE-2019-13409 A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19)
CVE-2019-13410 TOPMeeting version before version 8.8 (2019/08/19) allows an attacker to obtain sensitive information
CVE-2019-13411 A remote command execution vulnerability was discovered in HiNet GPON firmware < I040GWR190731 port 3097
CVE-2019-13412 A vulnerability was discovered in HiNet GPON firmware < I040GWR190731 that allows an attacker to read arbitrary files
CVE-2019-13413 The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection via inc/rencontre_widget.php....
S
CVE-2019-13414 The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/rencontre_widget.php....
S
CVE-2019-13415 Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenti...
CVE-2019-13416 Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenti...
CVE-2019-13417 Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but...
CVE-2019-13418 Search Guard versions before 24.0 had an issue that values of string arrays in documents are not pro...
CVE-2019-13419 Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised...
CVE-2019-13420 Search Guard versions before 21.0 had an timing side channel issue when using the internal user data...
CVE-2019-13421 Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcryp...
E
CVE-2019-13422 Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker...
CVE-2019-13423 Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenti...
CVE-2019-13445 An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-...
E S
CVE-2019-13446 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2019-13447 An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because o...
CVE-2019-13448 An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because o...
CVE-2019-13449 In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual ...
E
CVE-2019-13450 In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can forc...
E
CVE-2019-13451 In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c....
CVE-2019-13452 In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c....
CVE-2019-13453 Zipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infin...
S
CVE-2019-13454 ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/l...
E S
CVE-2019-13455 In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgm...
E
CVE-2019-13456 In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the pa...
E S
CVE-2019-13457 An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user ca...
CVE-2019-13458 An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edit...
S
CVE-2019-13461 In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affe...
E
CVE-2019-13462 Lansweeper before 7.1.117.4 allows unauthenticated SQL injection....
E
CVE-2019-13463 An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3...
S
CVE-2019-13464 An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of...
E
CVE-2019-13465 An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-...
CVE-2019-13466 Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect...
S
CVE-2019-13467 Description: Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 a...
S
CVE-2019-13470 MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling....
CVE-2019-13472 PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the index.php file....
E
CVE-2019-13473 TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200...
E
CVE-2019-13474 TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200...
E
CVE-2019-13475 In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows re...
E
CVE-2019-13476 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a lo...
E
CVE-2019-13477 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function al...
E
CVE-2019-13478 The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in ter...
CVE-2019-13481 An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command in...
E
CVE-2019-13482 An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command in...
E
CVE-2019-13483 Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before...
CVE-2019-13484 In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of   exp...
CVE-2019-13485 In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer co...
CVE-2019-13486 In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component bec...
CVE-2019-13488 A cross-site scripting (XSS) vulnerability in static/js/trape.js in Trape through 2019-05-08 allows ...
E
CVE-2019-13489 Trape through 2019-05-08 has SQL injection via the data[2] variable in core/db.py, as demonstrated b...
CVE-2019-13493 In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenti...
E
CVE-2019-13494 nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0.9 has a stack-based buffer ove...
E
CVE-2019-13495 In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues al...
E
CVE-2019-13496 One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a ma...
E
CVE-2019-13497 One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests....
E
CVE-2019-13498 One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which ma...
E
CVE-2019-13503 mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read....
E
CVE-2019-13504 There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.2...
E S
CVE-2019-13505 The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonst...
E
CVE-2019-13506 @nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandles object keys, leading to XSS....
S
CVE-2019-13507 hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection....
E
CVE-2019-13508 FreeTDS through 1.1.11 has a Buffer Overflow....
CVE-2019-13509 In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03....
CVE-2019-13510 Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE...
M
CVE-2019-13511 Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION E...
M
CVE-2019-13512 Fuji Electric FRENIC Loader 3.5.0.0 and prior is vulnerable to an out-of-bounds read vulnerability, ...
M
CVE-2019-13513 In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted...
M
CVE-2019-13514 In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted...
M
CVE-2019-13515 OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information....
M
CVE-2019-13516 In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cros...
M
CVE-2019-13517 In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Version...
M
CVE-2019-13518 An attacker could use a specially crafted project file to overflow the buffer and execute code under...
CVE-2019-13519 A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simul...
CVE-2019-13520 Multiple buffer overflow issues have been identified in Alpha5 Smart Loader: All versions prior to 4...
M
CVE-2019-13521 A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simul...
CVE-2019-13522 An attacker could use a specially crafted project file to corrupt the memory and execute code under ...
CVE-2019-13523 In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected ...
M
CVE-2019-13524 GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions ...
S
CVE-2019-13525 In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected ...
CVE-2019-13526 Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authenticatio...
CVE-2019-13527 In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a mali...
CVE-2019-13528 A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3...
M
CVE-2019-13529 An attacker could send a malicious link to an authenticated operator, which may allow remote attacke...
CVE-2019-13530 Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A...
M
CVE-2019-13531 Medtronic Valleylab FT10 and LS10 Improper Authentication
S
CVE-2019-13532 CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted...
S
CVE-2019-13533 In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monit...
CVE-2019-13534 Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A...
M
CVE-2019-13535 Medtronic Valleylab FT10 and LS10 Protection Mechanism Failure
S
CVE-2019-13536 Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-based buffer overflow vulnerabili...
M
CVE-2019-13537 The IEC870IP driver for AVEVA’s Vijeo Citect and Citect SCADA and Schneider Electric’s Power SCADA O...
CVE-2019-13538 3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows ...
CVE-2019-13539 Medtronic Valleylab FT10 and FX8 Reversible One-way Hash
S
CVE-2019-13540 Delta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-based buffer overflow vulnerabil...
M
CVE-2019-13541 In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been iden...
M
CVE-2019-13542 3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows...
CVE-2019-13543 Medtronic Valleylab FT10 and FX8 Use of Hard-coded Credentials
S
CVE-2019-13544 Delta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-bounds write vulnerabilities ma...
M
CVE-2019-13545 In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to writ...
M
CVE-2019-13546 In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal a...
CVE-2019-13547 Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyon...
M
CVE-2019-13548 CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted...
S
CVE-2019-13549 Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The...
CVE-2019-13550 In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacke...
CVE-2019-13551 Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a l...
M
CVE-2019-13552 In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a la...
CVE-2019-13553 Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The...
CVE-2019-13554 GE Mark VIe Controller has an unsecured Telnet protocol that may allow a user to create an authentic...
CVE-2019-13555 In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/...
CVE-2019-13556 In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caus...
CVE-2019-13557 In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerabi...
CVE-2019-13558 In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper contr...
CVE-2019-13559 GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-use...
CVE-2019-13560 D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via ...
E
CVE-2019-13561 D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands ...
E
CVE-2019-13562 D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response....
E
CVE-2019-13563 D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console....
E
CVE-2019-13564 XSS exists in Ping Identity Agentless Integration Kit before 1.5....
E
CVE-2019-13565 An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session en...
S
CVE-2019-13566 An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-...
S
CVE-2019-13567 The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerabili...
E
CVE-2019-13568 CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memo...
S
CVE-2019-13569 A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4...
CVE-2019-13570 The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection....
CVE-2019-13571 A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for ...
E
CVE-2019-13572 The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection....
S
CVE-2019-13573 A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3...
S
CVE-2019-13574 In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause ...
E S
CVE-2019-13575 A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. ...
S
CVE-2019-13577 SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthenticated Remote Buffer Overflo...
E
CVE-2019-13578 A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. ...
S
CVE-2019-13581 An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model...
CVE-2019-13582 An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model...
CVE-2019-13584 The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 allows Directory Traversa...
E
CVE-2019-13585 The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via...
E
CVE-2019-13588 A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX b...
S
CVE-2019-13589 The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor...
E
CVE-2019-13590 An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an in...
E
CVE-2019-13594 In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, whic...
CVE-2019-13597 _s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to r...
E
CVE-2019-13598 LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitra...
E
CVE-2019-13599 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to c...
E
CVE-2019-13602 An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player...
CVE-2019-13603 An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerpr...
E
CVE-2019-13604 There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 F...
E
CVE-2019-13605 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypas...
E
CVE-2019-13607 The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by...
E
CVE-2019-13608 Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0...
KEV M
CVE-2019-13611 An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking ...
S
CVE-2019-13612 MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by default for e-mail messages larg...
CVE-2019-13613 CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wireless Router Archer Router versi...
E
CVE-2019-13614 CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in TP-Link Archer C1200 1.0.0 Build 2018...
E
CVE-2019-13615 libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, ...
E
CVE-2019-13616 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-rea...
E
CVE-2019-13617 njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprin...
E
CVE-2019-13618 In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demons...
E S
CVE-2019-13619 In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and relate...
E
CVE-2019-13623 In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app....
E
CVE-2019-13624 In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles...
S
CVE-2019-13625 NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as d...
E
CVE-2019-13626 SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM...
E
CVE-2019-13627 It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Ver...
CVE-2019-13628 wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --e...
CVE-2019-13629 MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allow...
CVE-2019-13631 In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a m...
S
CVE-2019-13633 Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScri...
E
CVE-2019-13635 The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFastestCache.php and inc/cache.ph...
S
CVE-2019-13636 In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than inpu...
S
CVE-2019-13637 In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted sy...
CVE-2019-13638 GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening...
S
CVE-2019-13640 In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/applicati...
E
CVE-2019-13643 Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and injec...
E
CVE-2019-13644 Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied d...
E S
CVE-2019-13645 Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied d...
E S
CVE-2019-13646 Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplie...
E S
CVE-2019-13647 Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied d...
E S
CVE-2019-13648 In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is dis...
S
CVE-2019-13649 TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow externalPort OS Command Injection ...
E
CVE-2019-13650 TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow internalPort OS Command Injection ...
E
CVE-2019-13651 TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow portMappingProtocol OS Command Inj...
E
CVE-2019-13652 TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection (...
E
CVE-2019-13653 TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow triggerPort OS Command Injection (...
CVE-2019-13655 Imgix through 2019-06-19 allows remote attackers to cause a denial of service (resource consumption)...
CVE-2019-13656 An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Worklo...
CVE-2019-13657 CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credentia...
CVE-2019-13658 CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a rem...
CVE-2019-13659 IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform ...
CVE-2019-13660 UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof no...
CVE-2019-13661 UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof no...
CVE-2019-13662 Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remo...
CVE-2019-13663 IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform ...
CVE-2019-13664 Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote att...
CVE-2019-13665 Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to ...
CVE-2019-13666 Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak...
CVE-2019-13667 Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remo...
CVE-2019-13668 Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a ...
CVE-2019-13669 Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote atta...
CVE-2019-13670 Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote a...
CVE-2019-13671 UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof secur...
CVE-2019-13672 Incorrect security UI in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to...
CVE-2019-13673 Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a rem...
CVE-2019-13674 IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform ...
CVE-2019-13675 Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote a...
CVE-2019-13676 Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote ...
CVE-2019-13677 Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a r...
CVE-2019-13678 Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attac...
CVE-2019-13679 Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote at...
CVE-2019-13680 Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker...
CVE-2019-13681 Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote at...
CVE-2019-13682 Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75...
CVE-2019-13683 Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a ...
CVE-2019-13684 Inappropriate implementation in JavaScript in Google Chrome prior to 72.0.3626.81 allowed a remote a...
CVE-2019-13685 Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to p...
CVE-2019-13686 Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to p...
CVE-2019-13687 Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentia...
CVE-2019-13688 Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentia...
CVE-2019-13689 Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remo...
E S
CVE-2019-13690 Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remo...
E S
CVE-2019-13691 Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allo...
CVE-2019-13692 Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remo...
CVE-2019-13693 Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who ha...
CVE-2019-13694 Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potent...
CVE-2019-13695 Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker...
CVE-2019-13696 Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to po...
CVE-2019-13697 Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed ...
CVE-2019-13698 Out of bounds memory access in JavaScript in Google Chrome prior to 73.0.3683.103 allowed a remote a...
CVE-2019-13699 Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had com...
CVE-2019-13700 Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remo...
CVE-2019-13701 Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attac...
CVE-2019-13702 Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed ...
CVE-2019-13703 Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 all...
CVE-2019-13704 Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remot...
CVE-2019-13705 Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an atta...
CVE-2019-13706 Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attack...
CVE-2019-13707 Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904...
CVE-2019-13708 Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a r...
CVE-2019-13709 Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote...
CVE-2019-13710 Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allow...
CVE-2019-13711 Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remot...
CVE-2019-13713 Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remot...
CVE-2019-13714 Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78....
CVE-2019-13715 Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed...
CVE-2019-13716 Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a ...
CVE-2019-13717 Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote at...
CVE-2019-13718 Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote atta...
CVE-2019-13719 Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote at...
CVE-2019-13720 Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to poten...
KEV E
CVE-2019-13721 Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potenti...
CVE-2019-13722 Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attac...
CVE-2019-13723 Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who...
CVE-2019-13724 Out of bounds memory access in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote...
CVE-2019-13725 Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to exec...
CVE-2019-13726 Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker...
CVE-2019-13727 Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remot...
CVE-2019-13728 Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker t...
CVE-2019-13729 Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to pot...
E
CVE-2019-13730 Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to pot...
S
CVE-2019-13732 Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to poten...
CVE-2019-13734 Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to po...
S
CVE-2019-13735 Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker t...
CVE-2019-13736 Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to poten...
CVE-2019-13737 Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a rem...
CVE-2019-13738 Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remot...
CVE-2019-13739 Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote a...
S
CVE-2019-13740 Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to...
CVE-2019-13741 Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a...
CVE-2019-13742 Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote atta...
CVE-2019-13743 Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a...
CVE-2019-13744 Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote a...
CVE-2019-13745 Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote att...
E S
CVE-2019-13746 Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote a...
CVE-2019-13747 Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote a...
CVE-2019-13748 Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a ...
S
CVE-2019-13749 Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote atta...
CVE-2019-13750 Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attac...
CVE-2019-13751 Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obt...
CVE-2019-13752 Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obt...
CVE-2019-13753 Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obt...
CVE-2019-13754 Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remot...
CVE-2019-13755 Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remot...
CVE-2019-13756 Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker t...
CVE-2019-13757 Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to...
CVE-2019-13758 Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allo...
CVE-2019-13759 Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attac...
E
CVE-2019-13761 Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to...
CVE-2019-13762 Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allow...
CVE-2019-13763 Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote ...
CVE-2019-13764 Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to pot...
E S
CVE-2019-13765 Use-after-free in content delivery manager in Google Chrome prior to 78.0.3904.70 allowed a remote a...
CVE-2019-13766 Use-after-free in accessibility in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to ...
CVE-2019-13767 Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who ...
CVE-2019-13768 Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potent...
E
CVE-2019-13776 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2019-13915 b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker...
E
CVE-2019-13916 An issue was discovered in Cypress (formerly Broadcom) WICED Studio 6.2 CYW20735B1 and CYW20819A1. A...
E
CVE-2019-13917 Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual config...
S
CVE-2019-13918 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The w...
S
CVE-2019-13919 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some ...
S
CVE-2019-13920 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some ...
S
CVE-2019-13921 A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions < SP3 Update 1). Aff...
CVE-2019-13922 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An at...
S
CVE-2019-13923 A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integ...
CVE-2019-13924 A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versi...
CVE-2019-13925 A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S61...
CVE-2019-13926 A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S61...
CVE-2019-13927 A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100...
CVE-2019-13929 A vulnerability has been identified in SIMATIC IT UADM (All versions < V1.3). An authenticated remot...
CVE-2019-13930 A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow ...
CVE-2019-13931 A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow ...
CVE-2019-13932 A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web application requests c...
CVE-2019-13933 A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204...
CVE-2019-13934 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i...
CVE-2019-13935 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i...
CVE-2019-13936 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i...
CVE-2019-13939 A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital E...
CVE-2019-13940 A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17),...
CVE-2019-13941 A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00...
CVE-2019-13942 A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethe...
CVE-2019-13943 A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethe...
CVE-2019-13944 A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethe...
CVE-2019-13945 A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versi...
CVE-2019-13946 Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation wh...
CVE-2019-13947 A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user...
CVE-2019-13948 SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.p...
E
CVE-2019-13949 SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.ph...
E
CVE-2019-13950 index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment....
E
CVE-2019-13951 The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.x before 3.2.1 has a stack-based buffer overf...
E
CVE-2019-13952 The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and 3.x before 3.2.1 has a stack-b...
E S
CVE-2019-13953 An exploitable authentication bypass vulnerability exists in the Bluetooth Low Energy (BLE) authenti...
CVE-2019-13954 Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By send...
CVE-2019-13955 Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sendi...
CVE-2019-13956 Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary PHP code via a modified langu...
E
CVE-2019-13957 In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSea...
CVE-2019-13959 In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reallocation failures, leading to a...
E
CVE-2019-13960 In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progres...
E S
CVE-2019-13961 A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files...
E
CVE-2019-13962 lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a h...
E
CVE-2019-13965 Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTo...
CVE-2019-13966 In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML f...
CVE-2019-13967 iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of service (application outage) v...
CVE-2019-13969 Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index...
E
CVE-2019-13970 In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules...
E S
CVE-2019-13971 OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request....
E
CVE-2019-13972 LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to ...
E
CVE-2019-13973 LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix...
E
CVE-2019-13974 LayerBB 1.1.3 allows conversations.php/cmd/new CSRF....
S
CVE-2019-13975 eGain Chat 15.0.3 allows HTML Injection....
CVE-2019-13976 eGain Chat 15.0.3 allows unrestricted file upload....
CVE-2019-13977 index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=deleg...
E
CVE-2019-13978 Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request....
E
CVE-2019-13979 In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/original...
E
CVE-2019-13980 In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server ...
E
CVE-2019-13981 In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a fi...
E
CVE-2019-13982 interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 does not sanitize Markdown text...
S
CVE-2019-13983 Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA i...
S
CVE-2019-13984 Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MI...
E
CVE-2019-13988 Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers to read log files via a Direc...
CVE-2019-13989 dpic 2019.06.20 has a Stack-based Buffer Overflow in the wfloat() function in main.c....
E
CVE-2019-13990 initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3...
S
CVE-2019-13991 Embedded systems based on Arduino before Rev3 allow remote attackers to send data to LEDs (directly ...
CVE-2019-13992 u'Out of bound memory access if stack push and pop operation are performed without doing a bound che...
CVE-2019-13993 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-13994 u'Lack of check that the current received data fragment size of a particular packet that are read fr...
CVE-2019-13995 u'Lack of integer overflow check for addition of fragment size and remaining size that are read from...
CVE-2019-13996 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-13997 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-13998 u'Lack of check that the TX FIFO write and read indices that are read from shared RAM are less than ...
CVE-2019-13999 u'Lack of check for integer overflow for round up and addition operations result into memory corrupt...
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.