| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2019-14000 | Lack of check that the RX FIFO write index that is read from shared RAM is less than the FIFO size r... | | |
| CVE-2019-14001 | Wrong public key usage from existing oem_keystore for hash generation in Snapdragon Auto, Snapdragon... | S | |
| CVE-2019-14002 | APKs without proper permission may bind to CallEnhancementService and can lead to unauthorized acces... | | |
| CVE-2019-14003 | Null pointer exception can happen while parsing invalid MKV clip where cue information is parsed bef... | S | |
| CVE-2019-14004 | Buffer overflow occurs while processing invalid MKV clip, which has invalid EBML size in Snapdragon ... | S | |
| CVE-2019-14005 | Buffer overflow occur while playing the clip which is nonstandard due to lack of check of size durat... | S | |
| CVE-2019-14006 | Buffer overflow occur while playing the clip which is nonstandard due to lack of offset length check... | | |
| CVE-2019-14007 | Due to the use of non-time-constant comparison functions there is issue in timing side channels whic... | | |
| CVE-2019-14008 | Possible null pointer dereference issue in location assistance data processing due to missing null c... | | |
| CVE-2019-14009 | Out of bound memory access while processing TZ command handler due to improper input validation on r... | | |
| CVE-2019-14010 | The device may enter into error state when some tool or application gets failure at 1st buffer map a... | S | |
| CVE-2019-14011 | Multiple Read overflows issue due to improper length check while decoding 3G attach accept/ SMS/ pdn... | | |
| CVE-2019-14012 | Possibility of null pointer deference as the array of video codecs from media info is referenced wit... | | |
| CVE-2019-14013 | While parsing invalid super index table, elements within super index table may exceed total chunk si... | | |
| CVE-2019-14014 | Possible buffer overflow when byte array receives incorrect input from reading source as array is no... | | |
| CVE-2019-14015 | A stack-based buffer overflow exists in the initialization of the identification stage due to lack o... | | |
| CVE-2019-14016 | Integer overflow occurs while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon C... | S | |
| CVE-2019-14017 | Heap buffer overflow can occur while parsing invalid MKV clip which is not standard and have invalid... | S | |
| CVE-2019-14018 | Possible out of bound array access as there is no check on carrier index passed in Snapdragon Auto, ... | | |
| CVE-2019-14019 | Multiple Read overflows issue due to improper length check while decoding RAU accept/PDN disconnect ... | | |
| CVE-2019-14020 | Multiple Read overflows issue due to improper length check while decoding dedicated_eps_bearer_req/ ... | | |
| CVE-2019-14021 | Possible buffer overrun when processing EFS filename and payload sent over diag interface due to lac... | | |
| CVE-2019-14022 | Error occurs While extracting the ipv6_header having an invalid length due to lack of length check i... | | |
| CVE-2019-14023 | String format issue will occur while processing HLOS data as there is no user input validation to en... | S | |
| CVE-2019-14024 | Possible stack-use-after-scope issue in NFC usecase for card emulation in Snapdragon Auto, Snapdrago... | S | |
| CVE-2019-14025 | u'When a new session is created, Object is returned that contains TZ addresses and it get passed to ... | | |
| CVE-2019-14026 | Possible buffer overflow in WLAN WMI handler due to lack of ssid length check when copying data in S... | | |
| CVE-2019-14027 | Buffer overflow due to lack of upper bound check on channel length which is used for a loop. in Snap... | | |
| CVE-2019-14028 | Buffer overwrite during memcpy due to lack of check on SSID length validation in Snapdragon Auto, Sn... | | |
| CVE-2019-14029 | Use-after-free in graphics module due to destroying already queued syncobj in error case in Snapdrag... | S | |
| CVE-2019-14030 | The size of a buffer is determined by addition and multiplications operations that have the potentia... | | |
| CVE-2019-14031 | Buffer overflow can occur while parsing RSN IE containing list of PMK ID`s which are more than the b... | | |
| CVE-2019-14032 | Memory use after free issue in audio due to lack of resource control in Snapdragon Auto, Snapdragon ... | S | |
| CVE-2019-14033 | Multiple Read overflows issue due to improper length check while decoding tau reject/tau accept/deta... | | |
| CVE-2019-14034 | Use after free while processing eeprom query as there is a chance to not unlock mutex after error oc... | S | |
| CVE-2019-14036 | Possible buffer overflow issue in error processing due to improper validation of array index value i... | S | |
| CVE-2019-14037 | Close and bind operations done on a socket can lead to a Use-After-Free condition. in Snapdragon Aut... | S | |
| CVE-2019-14038 | Buffer over-read in ADSP parse function due to lack of check for availability of sufficient data pay... | S | |
| CVE-2019-14039 | Out of bound read in adm call back function due to incorrect boundary check for payload in command r... | S | |
| CVE-2019-14040 | Using memory after being freed in qsee due to wrong implementation can lead to unexpected behavior s... | S | |
| CVE-2019-14041 | During listener modified response processing, a buffer overrun occurs due to lack of buffer size ver... | S | |
| CVE-2019-14042 | Out of bound read in in fingerprint application due to requested data assigned to a local buffer wit... | | |
| CVE-2019-14043 | Out of bound read in Fingerprint application due to requested data is being used without length chec... | | |
| CVE-2019-14044 | Out of bound access due to access of uninitialized memory segment in an array of pointers while norm... | S | |
| CVE-2019-14045 | Possible buffer overflow while processing clientlog and serverlog due to lack of validation of data ... | | |
| CVE-2019-14046 | Out of bound access while allocating memory for an array in camera due to improper validation of ele... | S | |
| CVE-2019-14047 | While IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior t... | | |
| CVE-2019-14048 | Possible out of bound memory access while playing a crafted clip in media player in Snapdragon Auto,... | | |
| CVE-2019-14049 | Stage-2 fault will occur while writing to an ION system allocation which has been assigned to non-HL... | S | |
| CVE-2019-14050 | Out-of-bound writes occurs due to lack of check of buffer size will cause buffer overflow only in 32... | | |
| CVE-2019-14051 | Subsequent additions performed during Module loading while allocating the memory would lead to integ... | | |
| CVE-2019-14052 | u'Accessing an uninitialized data structure could result in partially copying of contents and thus i... | | |
| CVE-2019-14053 | When attempting to create a new XFRM policy, a stack out-of-bounds read will occur if the user provi... | S | |
| CVE-2019-14054 | Improper permissions in XBL_SEC region enable user to update XBL_SEC code and data and divert the RA... | | |
| CVE-2019-14055 | Possibility of use-after-free and double free because of not marking buffer as NULL after freeing ca... | S | |
| CVE-2019-14056 | u'Possible integer overflow in API due to lack of check on large oid range count in cert extension f... | | |
| CVE-2019-14057 | Buffer Over read of codec private data while parsing an mkv file due to lack of check of buffer size... | | |
| CVE-2019-14058 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14060 | Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is l... | | |
| CVE-2019-14061 | Null-pointer dereference can occur while accessing the segment element info when it is not allocated... | | |
| CVE-2019-14062 | Buffer overflows while decoding setup message from Network due to lack of check of IE message length... | | |
| CVE-2019-14063 | Out of bound access due to Invalid inputs to dapm mux settings which results into kernel failure in ... | S | |
| CVE-2019-14064 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14065 | u'Pointer double free in HavenSvc due to not setting the pointer to NULL after freeing it' in Snapdr... | | |
| CVE-2019-14066 | Integer overflow in calculating estimated output buffer size when getting a list of installed Featur... | | |
| CVE-2019-14067 | Using non-time-constant functions like memcmp to compare sensitive data can lead to information leak... | | |
| CVE-2019-14068 | Out of bound access in msm routing due to lack of check of size before accessing in Snapdragon Auto,... | S | |
| CVE-2019-14070 | Possible use after free issue in pcm volume controls due to race condition exist in private data use... | S | |
| CVE-2019-14071 | Compromised reset handler may bypass access control due to AC config is being reset if debug path is... | | |
| CVE-2019-14072 | Unhandled paging request is observed due to dereferencing an already freed object because of race co... | | |
| CVE-2019-14073 | Copying RTCP messages into the output buffer without checking the destination buffer size which coul... | | |
| CVE-2019-14074 | u'Heap overflow in diag command handler due to lack of check of packet length received from user' in... | | |
| CVE-2019-14075 | Null pointer dereference issue in radio interface layer due to lack of null check in sapmodule destr... | | |
| CVE-2019-14076 | Buffer overflow occurs while processing an subsample data length out of range due to lack of user in... | | |
| CVE-2019-14077 | Out of bound memory access while processing ese transmit command due to passing Response buffer rece... | | |
| CVE-2019-14078 | Out of bound memory access while processing qpay due to not validating length of the response buffer... | | |
| CVE-2019-14079 | Access to the uninitialized variable when the driver tries to unmap the dma buffer of a request whic... | | |
| CVE-2019-14080 | Out of bound write can happen due to lack of check of array index value while parsing SDP attribute ... | | |
| CVE-2019-14081 | Buffer Over-read when WLAN module gets a WMI message for SAR limits with invalid number of limits to... | | |
| CVE-2019-14082 | Potential buffer over-read due to lack of bound check of memory offset passed in WLAN firmware in Sn... | | |
| CVE-2019-14083 | While parsing Service Descriptor Extended Attribute received as part of SDF frame, there is a possib... | | |
| CVE-2019-14084 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14085 | Possible Integer underflow in WLAN function due to lack of check of data received from user side in ... | | |
| CVE-2019-14086 | Possible integer overflow while checking the length of frame which is a 32 bit integer and is added ... | | |
| CVE-2019-14087 | Failure in buffer management while accessing handle for HDR blit when color modes not supported by d... | S | |
| CVE-2019-14088 | Possible use after free issue while CRM is accessing the link pointer from device private data due t... | S | |
| CVE-2019-14089 | u'Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly a... | | |
| CVE-2019-14091 | Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdr... | | |
| CVE-2019-14092 | System Services exports services without permission protect and can lead to information exposure in ... | | |
| CVE-2019-14093 | Array out of bound access can occur in display module due to lack of bound check on input parcel rec... | S | |
| CVE-2019-14094 | Integer overflow in diag command handler when user inputs a large value for number of tasks field in... | | |
| CVE-2019-14095 | Buffer overflow occurs while processing LMP packet in which name length parameter exceeds value spec... | | |
| CVE-2019-14096 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14097 | Possible buffer overflow in WLAN Parser due to lack of length check when copying data in Snapdragon ... | | |
| CVE-2019-14098 | Possible buffer overflow in data offload handler due to lack of check of keydata length when copying... | | |
| CVE-2019-14099 | Device misbehavior may be observed when incorrect offset, length or number of buffers is passed by u... | S | |
| CVE-2019-14100 | Register write via debugfs is disabled by default to prevent register writing via debugfs. in Snapdr... | S | |
| CVE-2019-14101 | Out of bounds read can happen in diag event set mask command handler when user provided length in th... | | |
| CVE-2019-14102 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14103 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14104 | Slab-out-of-bounds access can occur if the context pointer is invalid due to lack of null check on p... | S | |
| CVE-2019-14105 | Kernel was reading the CSL defined reserved field as uint16 instead of uint32 which could lead to me... | | |
| CVE-2019-14106 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14107 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14109 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14110 | Buffer overflow can occur in function wlan firmware while copying association frame content if frame... | | |
| CVE-2019-14111 | Possible buffer overflow while handling NAN reception of NMF in Snapdragon Auto, Snapdragon Compute,... | | |
| CVE-2019-14112 | Potential buffer overflow while processing CBF frames due to lack of check of buffer length before c... | | |
| CVE-2019-14113 | Buffer overflow can occur in In WLAN firmware while unwraping data using CCMP cipher suite during pa... | | |
| CVE-2019-14114 | Buffer overflow in WLAN firmware while parsing GTK IE containing GTK key having length more than the... | | |
| CVE-2019-14115 | u'Information disclosure issue occurs as in current logic as secure touch is released without cleari... | | |
| CVE-2019-14116 | Privilege escalation by using an altered debug policy image can occur as the XPU protecting the debu... | | |
| CVE-2019-14117 | u'Whenever the page list is updated via privileged user, the previous list elements are freed but ar... | S | |
| CVE-2019-14118 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14119 | u'While processing SMCInvoke asynchronous message header, message count is modified leading to a TOC... | | |
| CVE-2019-14122 | Memory failure in SKB if it fails to to add the requested padding to the skb in low memory targets o... | S | |
| CVE-2019-14123 | Possible buffer overflow and over read possible due to missing bounds checks for fixed limits if we ... | | |
| CVE-2019-14124 | Memory failure in content protection module due to not having pointer within the scope in Snapdragon... | | |
| CVE-2019-14125 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14126 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14127 | Possible buffer overflow while playing mkv clip due to lack of validation of atom size buffer in Sna... | | |
| CVE-2019-14128 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14130 | Memory corruption can occurs in trusted application if offset size from HLOS is more than actual map... | | |
| CVE-2019-14131 | Out of bound write can occur in radio measurement request if STA receives multiple invalid rrm measu... | S | |
| CVE-2019-14132 | Buffer over-write when this 0-byte buffer is typecasted to some other structure and hence memory cor... | S | |
| CVE-2019-14133 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14134 | Possible out of bound access in WLAN handler when the received value of length in rx path is shorter... | | |
| CVE-2019-14135 | Possible integer overflow to buffer overflow in WLAN while parsing nonstandard NAN IE messages. in S... | | |
| CVE-2019-14136 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14137 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14138 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14139 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14140 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14141 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14142 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14143 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14144 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14145 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14146 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14147 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14148 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14149 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14150 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14151 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14152 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14153 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14154 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14155 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14156 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14157 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14158 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14159 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14160 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14161 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14162 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14163 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14164 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14165 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14166 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14167 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14168 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14169 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14170 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14171 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14172 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14173 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14174 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14175 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14176 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14177 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14178 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14179 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14180 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14181 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14182 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14183 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14184 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14185 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14186 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14187 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14188 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14189 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14190 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14191 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14192 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a U... | | |
| CVE-2019-14193 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalida... | | |
| CVE-2019-14194 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed le... | | |
| CVE-2019-14195 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated... | | |
| CVE-2019-14196 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed le... | | |
| CVE-2019-14197 | An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_... | | |
| CVE-2019-14198 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed le... | | |
| CVE-2019-14199 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a U... | | |
| CVE-2019-14200 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in thi... | | |
| CVE-2019-14201 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in thi... | | |
| CVE-2019-14202 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in thi... | | |
| CVE-2019-14203 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in thi... | | |
| CVE-2019-14204 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in thi... | | |
| CVE-2019-14205 | A Local File Inclusion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress... | E | |
| CVE-2019-14206 | An Arbitrary File Deletion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordP... | E | |
| CVE-2019-14207 | An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling ... | S | |
| CVE-2019-14208 | An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a NUL... | S | |
| CVE-2019-14209 | An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Heap ... | S | |
| CVE-2019-14210 | An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Memor... | S | |
| CVE-2019-14211 | An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the la... | | |
| CVE-2019-14212 | An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling ... | S | |
| CVE-2019-14213 | An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the re... | S | |
| CVE-2019-14214 | An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a Jav... | S | |
| CVE-2019-14215 | An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling ... | S | |
| CVE-2019-14216 | An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for Wo... | E S | |
| CVE-2019-14220 | An issue was discovered in BlueStacks 4.110 and below on macOS and on 4.120 and below on Windows. Bl... | S | |
| CVE-2019-14221 | 1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report opera... | E | |
| CVE-2019-14222 | An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, re... | E | |
| CVE-2019-14223 | An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alf... | E | |
| CVE-2019-14224 | An issue was discovered in Alfresco Community Edition 5.2 201707. By leveraging multiple components ... | E | |
| CVE-2019-14225 | OX App Suite 7.10.1 and 7.10.2 allows SSRF.... | E | |
| CVE-2019-14226 | OX App Suite through 7.10.2 has Insecure Permissions.... | E | |
| CVE-2019-14227 | OX App Suite 7.10.1 and 7.10.2 allows XSS.... | E | |
| CVE-2019-14228 | Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based XSS via the username parameter... | E | |
| CVE-2019-14230 | An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.7 for WordPress. One c... | E | |
| CVE-2019-14231 | An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.2 for WordPress. One c... | E | |
| CVE-2019-14232 | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4... | S | |
| CVE-2019-14233 | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4... | S | |
| CVE-2019-14234 | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4... | | |
| CVE-2019-14235 | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4... | S | |
| CVE-2019-14236 | On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary ... | E M | |
| CVE-2019-14237 | On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software ... | E M | |
| CVE-2019-14238 | On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP p... | E M | |
| CVE-2019-14239 | On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software ... | E M | |
| CVE-2019-14240 | WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via t... | | |
| CVE-2019-14241 | HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related t... | E | |
| CVE-2019-14242 | An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool vers... | | |
| CVE-2019-14243 | headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyp... | E S | |
| CVE-2019-14245 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an ... | E | |
| CVE-2019-14246 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an ... | E | |
| CVE-2019-14247 | The scan() function in mad.c in mpg321 0.3.2 allows remote attackers to trigger an out-of-bounds wri... | E | |
| CVE-2019-14248 | In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in ... | E | |
| CVE-2019-14249 | dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service... | S | |
| CVE-2019-14250 | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_mat... | E | |
| CVE-2019-14251 | An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functi... | E | |
| CVE-2019-14252 | An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as ... | E | |
| CVE-2019-14253 | An issue was discovered in servletcontroller in the secure portal in Publisure 2.1.2. One can bypass... | E | |
| CVE-2019-14254 | An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sa... | E | |
| CVE-2019-14255 | A Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote at... | E M | |
| CVE-2019-14257 | pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redire... | E | |
| CVE-2019-14258 | The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information di... | E M | |
| CVE-2019-14259 | On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input va... | E | |
| CVE-2019-14260 | On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13... | E | |
| CVE-2019-14261 | An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due to an insufficient implementa... | | |
| CVE-2019-14262 | MetadataExtractor 2.1.0 allows stack consumption.... | S | |
| CVE-2019-14266 | OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of th... | E | |
| CVE-2019-14267 | PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxre... | E | |
| CVE-2019-14268 | In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authentica... | | |
| CVE-2019-14270 | Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6870, and Comodo Internet Secur... | E | |
| CVE-2019-14271 | In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can oc... | | |
| CVE-2019-14272 | In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.... | | |
| CVE-2019-14273 | In SilverStripe assets 4.0, there is broken access control on files.... | | |
| CVE-2019-14274 | MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c.... | E | |
| CVE-2019-14275 | Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.... | E | |
| CVE-2019-14276 | WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body.... | S | |
| CVE-2019-14277 | Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnera... | E | |
| CVE-2019-14278 | In Knowage through 6.1.1, an unauthenticated user can enumerated valid usernames via the ChangePwdSe... | | |
| CVE-2019-14280 | In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user... | | |
| CVE-2019-14281 | The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor ... | | |
| CVE-2019-14282 | The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution ba... | | |
| CVE-2019-14283 | In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect ... | S | |
| CVE-2019-14284 | In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_... | S | |
| CVE-2019-14286 | In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-gra... | S | |
| CVE-2019-14287 | In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain poli... | E S | |
| CVE-2019-14288 | An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::c... | E | |
| CVE-2019-14289 | An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::c... | E | |
| CVE-2019-14290 | An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMesh... | E | |
| CVE-2019-14291 | An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMesh... | E | |
| CVE-2019-14292 | An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMesh... | E | |
| CVE-2019-14293 | An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMesh... | E | |
| CVE-2019-14294 | An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillRe... | E | |
| CVE-2019-14295 | An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 allows remote attacke... | E S | |
| CVE-2019-14296 | canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (SEGV or ... | E S | |
| CVE-2019-14297 | Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to set... | E | |
| CVE-2019-14298 | Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or ... | E | |
| CVE-2019-14299 | Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some R... | | |
| CVE-2019-14300 | Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an at... | | |
| CVE-2019-14301 | Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2).... | | |
| CVE-2019-14302 | On Ricoh SP C250DN 1.06 devices, a debug port can be used.... | | |
| CVE-2019-14303 | Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). Some Ricoh printers were affect... | | |
| CVE-2019-14304 | Ricoh SP C250DN 1.06 devices allow CSRF.... | | |
| CVE-2019-14305 | Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDN... | | |
| CVE-2019-14306 | Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of 2).... | | |
| CVE-2019-14307 | Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, whic... | | |
| CVE-2019-14308 | Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker t... | | |
| CVE-2019-14309 | Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcode... | | |
| CVE-2019-14310 | Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets... | | |
| CVE-2019-14312 | Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source... | E S | |
| CVE-2019-14313 | A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. ... | S | |
| CVE-2019-14314 | A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPre... | | |
| CVE-2019-14315 | A cross-site scripting (XSS) vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2... | E | |
| CVE-2019-14317 | wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This ... | S | |
| CVE-2019-14318 | Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows... | E S | |
| CVE-2019-14319 | The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmi... | | |
| CVE-2019-14322 | In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windo... | E | |
| CVE-2019-14323 | SSDP Responder 1.x through 1.5 mishandles incoming network messages, leading to a stack-based buffer... | E S | |
| CVE-2019-14326 | An issue was discovered in AndyOS Andy versions up to 46.11.113. By default, it starts telnet and ss... | E | |
| CVE-2019-14327 | A CSRF vulnerability in Settings form in the Custom Simple Rss plugin 2.0.6 for WordPress allows att... | | |
| CVE-2019-14328 | The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation sectio... | E | |
| CVE-2019-14329 | An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of us... | E S | |
| CVE-2019-14330 | An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user... | E S | |
| CVE-2019-14331 | An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user... | E S | |
| CVE-2019-14332 | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is us... | E | |
| CVE-2019-14333 | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a ... | E | |
| CVE-2019-14334 | An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices... | E | |
| CVE-2019-14335 | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is po... | | |
| CVE-2019-14336 | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is po... | E | |
| CVE-2019-14337 | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an... | E | |
| CVE-2019-14338 | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a ... | E | |
| CVE-2019-14339 | The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android d... | E | |
| CVE-2019-14343 | TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI.... | E S | |
| CVE-2019-14344 | TemaTres 3.0 has reflected XSS via the replace_string or search_string parameter to the vocab/admin.... | S | |
| CVE-2019-14345 | TemaTres 3.0 allows remote unprivileged users to create an administrator account... | S | |
| CVE-2019-14346 | Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password.... | E | |
| CVE-2019-14347 | Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or develo... | E | |
| CVE-2019-14348 | The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete data... | E | |
| CVE-2019-14349 | EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in... | E | |
| CVE-2019-14350 | EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Kno... | E | |
| CVE-2019-14351 | EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker ca... | E | |
| CVE-2019-14352 | In Joget Workflow 6.0.20, CSV Injection, also known as Formula Injection, exists, as demonstrated by... | E | |
| CVE-2019-14353 | On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The pow... | E M | |
| CVE-2019-14354 | On Ledger Nano S and Nano X devices, a side channel for the row-based OLED display was found. The po... | | |
| CVE-2019-14355 | On ShapeShift KeepKey devices, a side channel for the row-based OLED display was found. The power co... | | |
| CVE-2019-14356 | On Coldcard MK1 and MK2 devices, a side channel for the row-based OLED display was found. The power ... | E S | |
| CVE-2019-14357 | On Mooltipass Mini devices, a side channel for the row-based OLED display was found. The power consu... | | |
| CVE-2019-14358 | On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power consump... | E | |
| CVE-2019-14359 | On BC Vault devices, a side channel for the row-based SSD1309 OLED display was found. The power cons... | E | |
| CVE-2019-14360 | On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The p... | E | |
| CVE-2019-14361 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-14439. Reason: This candidat... | R | |
| CVE-2019-14362 | Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow ... | E S | |
| CVE-2019-14363 | A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmwar... | E | |
| CVE-2019-14364 | An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an a... | | |
| CVE-2019-14365 | The Intercom plugin through 1.2.1 for WordPress leaks a Slack Access Token in source code. An attack... | | |
| CVE-2019-14366 | WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access Token in source code. An attack... | | |
| CVE-2019-14367 | Slack-Chat through 1.5.5 leaks a Slack Access Token in source code. An attacker can obtain a lot of ... | S | |
| CVE-2019-14368 | Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp... | E | |
| CVE-2019-14369 | Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denia... | E | |
| CVE-2019-14370 | In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cp... | E | |
| CVE-2019-14371 | An issue was discovered in Libav 12.3. There is an infinite loop in the function mov_probe in the fi... | E | |
| CVE-2019-14372 | In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c.... | E | |
| CVE-2019-14373 | An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF... | E | |
| CVE-2019-14378 | ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because... | S | |
| CVE-2019-14379 | SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when eh... | S | |
| CVE-2019-14380 | libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 fi... | S | |
| CVE-2019-14381 | libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento fro... | | |
| CVE-2019-14382 | DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.... | S | |
| CVE-2019-14383 | J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.... | S | |
| CVE-2019-14386 | cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504).... | | |
| CVE-2019-14387 | cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506).... | | |
| CVE-2019-14388 | cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SE... | | |
| CVE-2019-14389 | cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510).... | | |
| CVE-2019-14390 | cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512).... | | |
| CVE-2019-14391 | cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514).... | | |
| CVE-2019-14392 | cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispat... | | |
| CVE-2019-14393 | cPanel before 80.0.5 allows local code execution in the context of a different cPanel account becaus... | | |
| CVE-2019-14394 | cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_... | | |
| CVE-2019-14395 | cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494).... | | |
| CVE-2019-14396 | API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495).... | | |
| CVE-2019-14397 | cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (S... | | |
| CVE-2019-14398 | cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl... | | |
| CVE-2019-14399 | The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the co... | | |
| CVE-2019-14400 | cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache mispar... | | |
| CVE-2019-14401 | cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480).... | | |
| CVE-2019-14402 | cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481).... | | |
| CVE-2019-14403 | cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-48... | | |
| CVE-2019-14404 | cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the... | | |
| CVE-2019-14405 | cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487).... | | |
| CVE-2019-14406 | cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493).... | | |
| CVE-2019-14407 | cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415).... | | |
| CVE-2019-14408 | cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460).... | | |
| CVE-2019-14409 | cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466).... | | |
| CVE-2019-14410 | Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-... | | |
| CVE-2019-14411 | cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI... | | |
| CVE-2019-14412 | Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAP... | | |
| CVE-2019-14413 | cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (... | | |
| CVE-2019-14414 | In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478).... | | |
| CVE-2019-14415 | An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site... | | |
| CVE-2019-14416 | An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command ex... | | |
| CVE-2019-14417 | An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command ex... | | |
| CVE-2019-14418 | An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. When uploading an appli... | | |
| CVE-2019-14422 | An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff ... | E | |
| CVE-2019-14423 | A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware... | E M | |
| CVE-2019-14424 | A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware ... | E M | |
| CVE-2019-14427 | XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that... | E | |
| CVE-2019-14430 | plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection.... | E S | |
| CVE-2019-14431 | In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages lea... | E | |
| CVE-2019-14432 | Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 a... | | |
| CVE-2019-14433 | An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2... | S | |
| CVE-2019-14437 | The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not... | S | |
| CVE-2019-14438 | A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media pl... | S | |
| CVE-2019-14439 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occ... | S | |
| CVE-2019-14441 | An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial... | E | |
| CVE-2019-14442 | In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek in... | E | |
| CVE-2019-14443 | An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apede... | E | |
| CVE-2019-14444 | apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attacke... | E S | |
| CVE-2019-14449 | An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before ... | | |
| CVE-2019-14450 | A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 thro... | | |
| CVE-2019-14451 | RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data struc... | | |
| CVE-2019-14452 | Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary fi... | S | |
| CVE-2019-14453 | An issue was discovered in Comelit "App lejos de casa (web)" 2.8.0. It allows privilege escalation v... | E | |
| CVE-2019-14454 | SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation.... | | |
| CVE-2019-14456 | Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to ... | E | |
| CVE-2019-14457 | VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafte... | | |
| CVE-2019-14458 | VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP he... | | |
| CVE-2019-14459 | nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_... | E S | |
| CVE-2019-14462 | An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds ... | S | |
| CVE-2019-14463 | An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds ... | S | |
| CVE-2019-14464 | XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow.... | E | |
| CVE-2019-14465 | fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow.... | S | |
| CVE-2019-14466 | The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, wh... | S | |
| CVE-2019-14467 | The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album ... | E | |
| CVE-2019-14468 | GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via crafted COBOL source code.... | E | |
| CVE-2019-14469 | In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.... | | |
| CVE-2019-14470 | cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 ... | E | |
| CVE-2019-14471 | TestLink 1.9.19 has XSS via the error.php message parameter.... | E | |
| CVE-2019-14472 | Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO.... | E | |
| CVE-2019-14473 | eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Conse... | E | |
| CVE-2019-14474 | eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in function 'Call()' of ReGa cor... | E | |
| CVE-2019-14475 | eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication ... | E | |
| CVE-2019-14476 | AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the NetCrunch ... | E | |
| CVE-2019-14477 | AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage since the internal user database is read... | | |
| CVE-2019-14478 | AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vulnerability in the NetCrunch w... | E | |
| CVE-2019-14479 | AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In the NetCrunch web client, a read-only a... | E | |
| CVE-2019-14480 | AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web clie... | E | |
| CVE-2019-14481 | AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vulnerability in the NetCrunch w... | E | |
| CVE-2019-14482 | AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web clien... | E | |
| CVE-2019-14483 | AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. Every user can read the BSD, Linux, MacOS... | E | |
| CVE-2019-14486 | GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c via crafted COBOL source code... | E | |
| CVE-2019-14491 | An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read ... | E | |
| CVE-2019-14492 | An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/... | E | |
| CVE-2019-14493 | An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function ... | E | |
| CVE-2019-14494 | An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function S... | E S | |
| CVE-2019-14495 | webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface.... | S | |
| CVE-2019-14496 | LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflo... | E | |
| CVE-2019-14497 | ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based... | E | |
| CVE-2019-14498 | A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.... | S | |
| CVE-2019-14499 | Rejected reason: Unused CVE for 2019... | R | |
| CVE-2019-14500 | Rejected reason: Unused CVE for 2019... | R | |
| CVE-2019-14501 | Rejected reason: Unused CVE for 2019... | R | |
| CVE-2019-14502 | Rejected reason: Unused CVE for 2019... | R | |
| CVE-2019-14503 | Rejected reason: Unused CVE for 2019... | R | |
| CVE-2019-14504 | Rejected reason: Unused CVE for 2019... | R | |
| CVE-2019-14505 | Rejected reason: Unused CVE for 2019... | R | |
| CVE-2019-14506 | Rejected reason: Unused CVE for 2019... | R | |
| CVE-2019-14507 | Rejected reason: Unused CVE for 2019... | R | |
| CVE-2019-14508 | Rejected reason: Unused CVE for 2019... | R | |
| CVE-2019-14510 | An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using the default configuration, th... | E | |
| CVE-2019-14511 | Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it ... | E | |
| CVE-2019-14512 | LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/PanelBoxWidget/views/box.php or... | S | |
| CVE-2019-14513 | Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send lar... | E | |
| CVE-2019-14514 | An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. A guest Android operating sys... | E | |
| CVE-2019-14516 | The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-m... | E | |
| CVE-2019-14517 | pandao Editor.md 1.5.0 allows XSS via the Javascript: string.... | E | |
| CVE-2019-14518 | Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the ... | E | |
| CVE-2019-14521 | The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to... | E S | |
| CVE-2019-14523 | An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a larg... | E | |
| CVE-2019-14524 | An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow vi... | E | |
| CVE-2019-14525 | In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authen... | | |
| CVE-2019-14526 | An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface ... | E | |
| CVE-2019-14527 | An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands ca... | E | |
| CVE-2019-14528 | GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/scanner.l via crafted COBOL so... | E | |
| CVE-2019-14529 | OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.... | | |
| CVE-2019-14530 | An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName paramet... | E S | |
| CVE-2019-14531 | An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 whi... | E | |
| CVE-2019-14532 | An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an un... | E | |
| CVE-2019-14533 | The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.... | S | |
| CVE-2019-14534 | In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercen... | S | |
| CVE-2019-14535 | A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media pla... | S | |
| CVE-2019-14537 | YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can resu... | E S | |
| CVE-2019-14540 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related... | S | |
| CVE-2019-14541 | GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id in cobc/typeck.c via crafted ... | E | |
| CVE-2019-14544 | routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators,... | S | |
| CVE-2019-14546 | An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed on the Preference page as w... | E S | |
| CVE-2019-14547 | An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a attacker sends an at... | E S | |
| CVE-2019-14548 | An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the body of an Article was executed w... | E S | |
| CVE-2019-14549 | An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed inside the title and breadc... | E S | |
| CVE-2019-14550 | An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a victim clicks on the... | E S | |
| CVE-2019-14551 | Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrat... | E | |
| CVE-2019-14552 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14553 | Improper authentication in EDK II may allow a privileged user to potentially enable information disc... | | |
| CVE-2019-14554 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14555 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14556 | Improper initialization in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) C... | | |
| CVE-2019-14557 | Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R... | | |
| CVE-2019-14558 | Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM... | | |
| CVE-2019-14559 | Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable ... | | |
| CVE-2019-14560 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14561 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14562 | Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentia... | | |
| CVE-2019-14563 | Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of pri... | | |
| CVE-2019-14564 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14565 | Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.100.51291 and earlier, and Linu... | | |
| CVE-2019-14566 | Insufficient input validation in Intel(R) SGX SDK multiple Linux and Windows versions may allow an a... | | |
| CVE-2019-14567 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14568 | Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an auth... | S | |
| CVE-2019-14569 | Pointer corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially en... | | |
| CVE-2019-14570 | Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially ena... | | |
| CVE-2019-14571 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14572 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14573 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14574 | Out of bounds read in a subsystem for Intel(R) Graphics Driver versions before 26.20.100.7209 may al... | | |
| CVE-2019-14575 | Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potential... | | |
| CVE-2019-14576 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14577 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14578 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14579 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14580 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14581 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14582 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14583 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14584 | Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable esc... | S | |
| CVE-2019-14585 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14586 | Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalat... | | |
| CVE-2019-14587 | Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adj... | | |
| CVE-2019-14588 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14589 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14590 | Improper access control in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209 m... | | |
| CVE-2019-14591 | Improper input validation in the API for Intel(R) Graphics Driver versions before 26.20.100.7209 may... | | |
| CVE-2019-14592 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14593 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14594 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14595 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14596 | Improper access control in the installer for Intel(R) Chipset Device Software INF Utility before ver... | | |
| CVE-2019-14597 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14598 | Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.... | | |
| CVE-2019-14599 | Unquoted service path in Control Center-I version 2.1.0.0 and earlier may allow an authenticated use... | | |
| CVE-2019-14600 | Uncontrolled search path element in the installer for Intel(R) SNMP Subagent Stand-Alone for Windows... | | |
| CVE-2019-14601 | Improper permissions in the installer for Intel(R) RWC 3 for Windows before version 7.010.009.000 ma... | | |
| CVE-2019-14602 | Improper permissions in the installer for the Nuvoton* CIR Driver versions 1.02.1002 and before may ... | | |
| CVE-2019-14603 | Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro ... | S | |
| CVE-2019-14604 | Null pointer dereference in the FPGA kernel driver for Intel(R) Quartus(R) Prime Pro Edition before ... | S | |
| CVE-2019-14605 | Improper permissions in the installer for the Intel(R) SCS Platform Discovery Utility, all versions,... | | |
| CVE-2019-14606 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14607 | Improper conditions check in multiple Intel® Processors may allow an authenticated user to potential... | | |
| CVE-2019-14608 | Improper buffer restrictions in firmware for Intel(R) NUC(R) may allow an authenticated user to pote... | S | |
| CVE-2019-14609 | Improper input validation in firmware for Intel(R) NUC(R) may allow a privileged user to potentially... | S | |
| CVE-2019-14610 | Improper access control in firmware for Intel(R) NUC(R) may allow an authenticated user to potential... | S | |
| CVE-2019-14611 | Integer overflow in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable e... | S | |
| CVE-2019-14612 | Out of bounds write in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enabl... | S | |
| CVE-2019-14613 | Improper access control in driver for Intel(R) VTune(TM) Amplifier for Windows* before update 8 may ... | | |
| CVE-2019-14614 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14615 | Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Proc... | | |
| CVE-2019-14616 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14617 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14618 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14619 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14620 | Insufficient control flow management for some Intel(R) Wireless Bluetooth(R) products may allow an u... | S | |
| CVE-2019-14621 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14622 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14623 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14624 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14625 | Improper access control in on-card storage for the Intel® FPGA Programmable Acceleration Card N3000,... | | |
| CVE-2019-14626 | Improper access control in PCIe function for the Intel® FPGA Programmable Acceleration Card N3000, a... | | |
| CVE-2019-14627 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14628 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14629 | Improper permissions in Intel(R) DAAL before version 2020 Gold may allow an authenticated user to po... | S | |
| CVE-2019-14630 | Reliance on untrusted inputs in a security decision in some Intel(R) Thunderbolt(TM) controllers may... | | |
| CVE-2019-14631 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14632 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14633 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14634 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14635 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14636 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14637 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14638 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14639 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14640 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14641 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14642 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14643 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14644 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14645 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14646 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14647 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14648 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14649 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14650 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14651 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-14652 | explorer.js in Amazon AWS JavaScript S3 Explorer (aka aws-js-s3-explorer) v2 alpha before 2019-08-02... | S | |
| CVE-2019-14653 | pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element.... | E | |
| CVE-2019-14654 | In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to ... | | |
| CVE-2019-14655 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-14656 | Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, t... | E | |
| CVE-2019-14657 | Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root t... | E | |
| CVE-2019-14659 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-14662 | Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in fileio.c via crafted BASIC sour... | E | |
| CVE-2019-14663 | Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fileio.c via crafted BASIC sourc... | E | |
| CVE-2019-14664 | In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts ... | E | |
| CVE-2019-14665 | Brandy 1.20.1 has a heap-based buffer overflow in define_array in variables.c via crafted BASIC sour... | E | |
| CVE-2019-14666 | GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletio... | E | |
| CVE-2019-14667 | Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of us... | E S | |
| CVE-2019-14668 | Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data... | E S | |
| CVE-2019-14669 | Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data... | E S | |
| CVE-2019-14670 | Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data... | E S | |
| CVE-2019-14671 | Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files ... | E S | |
| CVE-2019-14672 | Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data... | E S | |
| CVE-2019-14678 | SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by maliciou... | E | |
| CVE-2019-14679 | core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 for WordPress allows wp-admin/ad... | E | |
| CVE-2019-14680 | The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/p... | E | |
| CVE-2019-14681 | The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf... | E | |
| CVE-2019-14682 | The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for WordPress allows wp-admin/opt... | E | |
| CVE-2019-14683 | The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin... | E | |
| CVE-2019-14684 | A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, wou... | E | |
| CVE-2019-14685 | A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if ... | | |
| CVE-2019-14686 | A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products ... | | |
| CVE-2019-14687 | A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, wou... | | |
| CVE-2019-14688 | Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a ... | | |
| CVE-2019-14690 | AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp.... | E | |
| CVE-2019-14691 | AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in dtm.cpp.... | E | |
| CVE-2019-14692 | AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp.... | E | |
| CVE-2019-14693 | Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack... | | |
| CVE-2019-14694 | A use-after-free flaw in the sandbox container implemented in cmdguard.sys in Comodo Antivirus 12.0.... | E S | |
| CVE-2019-14695 | A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. ... | | |
| CVE-2019-14696 | Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/cr... | E | |
| CVE-2019-14697 | musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i... | E S | |
| CVE-2019-14698 | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI ... | | |
| CVE-2019-14699 | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attack... | | |
| CVE-2019-14700 | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. There is ... | | |
| CVE-2019-14701 | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attack... | | |
| CVE-2019-14702 | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injec... | | |
| CVE-2019-14703 | A CSRF issue was discovered in webparam?user&action=set¶m=add in HTTPD on MicroDigital N-series ... | | |
| CVE-2019-14704 | An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.... | | |
| CVE-2019-14705 | An Incorrect Access Control issue was discovered on MicroDigital N-series cameras with firmware thro... | | |
| CVE-2019-14706 | A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware thr... | | |
| CVE-2019-14707 | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The firmw... | | |
| CVE-2019-14708 | An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. A buffer ... | | |
| CVE-2019-14709 | A cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware thr... | | |
| CVE-2019-14711 | Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypas... | | |
| CVE-2019-14712 | Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control ... | | |
| CVE-2019-14713 | Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packa... | | |
| CVE-2019-14715 | Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootlo... | | |
| CVE-2019-14716 | Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (ak... | | |
| CVE-2019-14717 | Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Ru... | | |
| CVE-2019-14718 | Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resu... | | |
| CVE-2019-14719 | Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command inj... | | |
| CVE-2019-14721 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an ... | E | |
| CVE-2019-14722 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an ... | | |
| CVE-2019-14723 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an ... | | |
| CVE-2019-14724 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an ... | | |
| CVE-2019-14725 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an ... | | |
| CVE-2019-14726 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an ... | | |
| CVE-2019-14727 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an ... | | |
| CVE-2019-14728 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an ... | | |
| CVE-2019-14729 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an ... | | |
| CVE-2019-14730 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an ... | | |
| CVE-2019-14731 | An issue was discovered in ZenTao 11.5.1. There is an XSS (stored) vulnerability that leads to the c... | E | |
| CVE-2019-14732 | AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp.... | E | |
| CVE-2019-14733 | AdPlug 2.3.1 has multiple heap-based buffer overflows in CradLoader::load() in rad.cpp.... | E | |
| CVE-2019-14734 | AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp.... | E | |
| CVE-2019-14737 | Ubisoft Uplay 92.0.0.6280 has Insecure Permissions.... | E | |
| CVE-2019-14743 | In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has expl... | E S | |
| CVE-2019-14744 | In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to cod... | E S | |
| CVE-2019-14745 | In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin... | E S | |
| CVE-2019-14746 | A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the instal... | E | |
| CVE-2019-14747 | DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-design!copySurvey.action surveyN... | E | |
| CVE-2019-14748 | An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form... | E S | |
| CVE-2019-14749 | An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) inject... | E S | |
| CVE-2019-14750 | An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in set... | E S | |
| CVE-2019-14751 | NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arb... | E S | |
| CVE-2019-14752 | SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS.... | | |
| CVE-2019-14753 | SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow... | | |
| CVE-2019-14754 | Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/studen... | E | |
| CVE-2019-14755 | The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows Unrestricted Upload of a File w... | | |
| CVE-2019-14756 | An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-installed Email application is vuln... | E | |
| CVE-2019-14757 | An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable... | | |
| CVE-2019-14758 | An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed File Manager application is vulner... | | |
| CVE-2019-14759 | An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnera... | | |
| CVE-2019-14760 | An issue was discovered in KaiOS 2.5. The pre-installed Recorder application is vulnerable to HTML a... | | |
| CVE-2019-14761 | An issue was discovered in KaiOS 2.5. The pre-installed Note application is vulnerable to HTML and J... | | |
| CVE-2019-14763 | In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potential... | S | |
| CVE-2019-14765 | Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a st... | | |
| CVE-2019-14766 | Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticate... | | |
| CVE-2019-14767 | In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecu... | | |
| CVE-2019-14768 | An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a stand... | | |
| CVE-2019-14769 | Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when d... | | |
| CVE-2019-14770 | In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administra... | | |
| CVE-2019-14771 | Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configur... | | |
| CVE-2019-14772 | verdaccio before 3.12.0 allows XSS.... | E | |
| CVE-2019-14773 | admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPre... | E | |
| CVE-2019-14774 | The woo-variation-swatches (aka Variation Swatches for WooCommerce) plugin 1.0.61 for WordPress allo... | E | |
| CVE-2019-14776 | A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player ... | S | |
| CVE-2019-14777 | The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.... | S | |
| CVE-2019-14778 | The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media playe... | S | |
| CVE-2019-14782 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get... | E | |
| CVE-2019-14783 | On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious app... | | |
| CVE-2019-14784 | The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition.... | | |
| CVE-2019-14785 | The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizar... | E | |
| CVE-2019-14786 | The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the w... | E | |
| CVE-2019-14787 | The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.... | E | |
| CVE-2019-14788 | wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before... | E | |
| CVE-2019-14789 | The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page ... | E | |
| CVE-2019-14790 | The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.p... | E | |
| CVE-2019-14791 | The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.... | E | |
| CVE-2019-14792 | The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name o... | E | |
| CVE-2019-14793 | The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/adm... | E | |
| CVE-2019-14794 | The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders.... | | |
| CVE-2019-14795 | The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-... | E | |
| CVE-2019-14796 | The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 fo... | E | |
| CVE-2019-14797 | The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.... | | |
| CVE-2019-14798 | The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion vi... | E | |
| CVE-2019-14799 | The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.... | E | |
| CVE-2019-14800 | The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the em... | E | |
| CVE-2019-14801 | The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL ... | | |
| CVE-2019-14802 | HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the... | | |
| CVE-2019-14804 | studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Ema... | | |
| CVE-2019-14805 | studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets ... | | |
| CVE-2019-14806 | Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness beca... | S | |
| CVE-2019-14807 | In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary ... | S | |
| CVE-2019-14808 | An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted ... | | |
| CVE-2019-14809 | net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to... | E S | |
| CVE-2019-14810 | A vulnerability has been found in the implementation of the Label Distribution Protocol (LDP) protoc... | | |
| CVE-2019-14811 | A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure wher... | E S | |
| CVE-2019-14812 | A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where... | | |
| CVE-2019-14813 | A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it... | S | |
| CVE-2019-14814 | There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marve... | E S | |
| CVE-2019-14815 | A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params... | S | |
| CVE-2019-14816 | There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wif... | E S | |
| CVE-2019-14817 | A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures w... | E | |
| CVE-2019-14818 | A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18... | S | |
| CVE-2019-14819 | A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using C... | E | |
| CVE-2019-14820 | It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.c... | S | |
| CVE-2019-14821 | An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Li... | S | |
| CVE-2019-14822 | A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor... | S | |
| CVE-2019-14823 | A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions a... | E S | |
| CVE-2019-14824 | A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to ... | | |
| CVE-2019-14825 | A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0... | | |
| CVE-2019-14826 | A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache aft... | | |
| CVE-2019-14827 | A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templat... | S | |
| CVE-2019-14828 | A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier u... | S | |
| CVE-2019-14829 | A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier u... | | |
| CVE-2019-14830 | A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported... | | |
| CVE-2019-14831 | A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported... | | |
| CVE-2019-14832 | A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access fro... | | |
| CVE-2019-14833 | A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, sam... | S | |
| CVE-2019-14834 | A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attack... | S | |
| CVE-2019-14835 | A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost ... | E S | |
| CVE-2019-14836 | A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection again... | | |
| CVE-2019-14837 | A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup ... | E S | |
| CVE-2019-14838 | A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Dep... | | |
| CVE-2019-14839 | It was observed that while login into Business-central console, HTTP request discloses sensitive inf... | | |
| CVE-2019-14840 | A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabl... | E | |
| CVE-2019-14841 | A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the ... | | |
| CVE-2019-14842 | Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in ch... | S | |
| CVE-2019-14843 | A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests fo... | S | |
| CVE-2019-14844 | A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos... | S | |
| CVE-2019-14845 | A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source fr... | | |
| CVE-2019-14846 | In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-e... | S | |
| CVE-2019-14847 | A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can... | E | |
| CVE-2019-14848 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-14849 | A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the us... | | |
| CVE-2019-14850 | A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker co... | E S | |
| CVE-2019-14851 | A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of c... | S | |
| CVE-2019-14852 | A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could ta... | | |
| CVE-2019-14853 | An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, m... | | |
| CVE-2019-14854 | OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log... | E | |
| CVE-2019-14855 | A flaw was found in the way certificate signatures could be forged using collisions found in the SHA... | E | |
| CVE-2019-14856 | ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None... | | |
| CVE-2019-14857 | A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs w... | S | |
| CVE-2019-14858 | A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a mo... | | |
| CVE-2019-14859 | A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify wheth... | E S | |
| CVE-2019-14860 | It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all ... | | |
| CVE-2019-14861 | All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue... | | |
| CVE-2019-14862 | There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of ... | E S | |
| CVE-2019-14863 | There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the conte... | S | |
| CVE-2019-14864 | Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, i... | E S | |
| CVE-2019-14865 | A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility... | | |
| CVE-2019-14866 | In all versions of cpio before 2.13 does not properly validate input files when generating TAR archi... | E S | |
| CVE-2019-14867 | A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.... | | |
| CVE-2019-14868 | In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An ... | S | |
| CVE-2019-14869 | A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, wh... | S | |
| CVE-2019-14870 | All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue... | | |
| CVE-2019-14871 | The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_M... | E | |
| CVE-2019-14872 | The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory al... | E | |
| CVE-2019-14873 | In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdli... | E | |
| CVE-2019-14874 | In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdli... | E | |
| CVE-2019-14875 | In the __multiply function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/... | E | |
| CVE-2019-14876 | In the __lshift function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/st... | E | |
| CVE-2019-14877 | In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/std... | E | |
| CVE-2019-14878 | In the __d2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdli... | E | |
| CVE-2019-14879 | A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before... | E | |
| CVE-2019-14880 | A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 an... | | |
| CVE-2019-14881 | A vulnerability was found in moodle 3.7 before 3.7.3, where there is blind XSS reflected in some loc... | | |
| CVE-2019-14882 | A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an op... | | |
| CVE-2019-14883 | A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetc... | S | |
| CVE-2019-14884 | A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a ... | S | |
| CVE-2019-14885 | A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential informa... | | |
| CVE-2019-14886 | A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encod... | | |
| CVE-2019-14887 | A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' val... | | |
| CVE-2019-14888 | A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening o... | | |
| CVE-2019-14889 | A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.... | S | |
| CVE-2019-14890 | A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could r... | | |
| CVE-2019-14891 | A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory ... | | |
| CVE-2019-14892 | A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it ... | S | |
| CVE-2019-14893 | A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where ... | S | |
| CVE-2019-14894 | A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version ... | | |
| CVE-2019-14895 | A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before... | S | |
| CVE-2019-14896 | A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in ... | | |
| CVE-2019-14897 | A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi ... | S | |
| CVE-2019-14898 | The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user ... | E S | |
| CVE-2019-14899 | A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a mal... | | |
| CVE-2019-14900 | A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection... | | |
| CVE-2019-14901 | A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in M... | | |
| CVE-2019-14902 | There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.... | | |
| CVE-2019-14903 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-14904 | A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the nam... | S | |
| CVE-2019-14905 | A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x b... | S | |
| CVE-2019-14906 | A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulner... | S | |
| CVE-2019-14907 | All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue... | | |
| CVE-2019-14908 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-14909 | A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP ano... | | |
| CVE-2019-14910 | A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and... | M | |
| CVE-2019-14911 | An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on e... | S | |
| CVE-2019-14912 | An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto par... | E | |
| CVE-2019-14913 | An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persisten... | E S | |
| CVE-2019-14914 | An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del ... | | |
| CVE-2019-14915 | An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads t... | S | |
| CVE-2019-14916 | An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an ... | E | |
| CVE-2019-14918 | XSS in the DHCP lease-status table in Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows ... | E | |
| CVE-2019-14919 | An exposed Telnet Service on the Billion Smart Energy Router SG600R2 with firmware v3.02.rc6 allows ... | E | |
| CVE-2019-14920 | Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated attacker to gain root... | E | |
| CVE-2019-14923 | EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ h... | E | |
| CVE-2019-14924 | An issue was discovered in GCDWebServer before 3.5.3. The method moveItem in the GCDWebUploader clas... | S | |
| CVE-2019-14925 | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-R... | E | |
| CVE-2019-14926 | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-R... | E | |
| CVE-2019-14927 | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-R... | E | |
| CVE-2019-14928 | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-R... | E | |
| CVE-2019-14929 | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-R... | E | |
| CVE-2019-14930 | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-R... | E | |
| CVE-2019-14931 | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-R... | E | |
| CVE-2019-14932 | The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to acc... | E | |
| CVE-2019-14933 | Bagisto 0.1.5 allows CSRF under /admin URIs.... | E | |
| CVE-2019-14934 | An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a... | S | |
| CVE-2019-14935 | 3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp... | E | |
| CVE-2019-14936 | Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and P... | E | |
| CVE-2019-14937 | REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parame... | E | |
| CVE-2019-14939 | An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL IN... | | |
| CVE-2019-14940 | In Storage Performance Development Kit (SPDK) before 19.07, a user of a vhost can cause a crash if t... | | |
| CVE-2019-14941 | SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is u... | E | |
| CVE-2019-14942 | An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6,... | | |
| CVE-2019-14943 | An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard... | | |
| CVE-2019-14944 | An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6,... | E | |
| CVE-2019-14945 | The ultimate-member plugin before 2.0.54 for WordPress has XSS.... | E | |
| CVE-2019-14946 | The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit o... | E | |
| CVE-2019-14947 | The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade.... | E | |
| CVE-2019-14948 | The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta d... | E | |
| CVE-2019-14949 | The wp-database-backup plugin before 5.1.2 for WordPress has XSS.... | | |
| CVE-2019-14950 | The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page.... | | |
| CVE-2019-14951 | The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect... | E | |
| CVE-2019-14952 | JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles.... | | |
| CVE-2019-14953 | JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when us... | | |
| CVE-2019-14954 | JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via... | | |
| CVE-2019-14955 | In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change t... | | |
| CVE-2019-14956 | JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessa... | | |
| CVE-2019-14957 | The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_s... | | |
| CVE-2019-14958 | JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection pr... | | |
| CVE-2019-14959 | JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.... | | |
| CVE-2019-14960 | JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.d... | | |
| CVE-2019-14961 | JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, ... | | |
| CVE-2019-14965 | An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. A server side template inje... | S | |
| CVE-2019-14966 | An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticat... | S | |
| CVE-2019-14967 | An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and 12. There exists an XSS vulne... | S | |
| CVE-2019-14968 | An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a ... | E | |
| CVE-2019-14969 | Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDire... | | |
| CVE-2019-14970 | A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers ... | S | |
| CVE-2019-14973 | _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Over... | S | |
| CVE-2019-14974 | SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.... | E | |
| CVE-2019-14975 | Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c beca... | E | |
| CVE-2019-14976 | iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter.... | E | |
| CVE-2019-14977 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-14978 | /payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows P... | E | |
| CVE-2019-14979 | cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPr... | E | |
| CVE-2019-14980 | In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability... | S | |
| CVE-2019-14981 | In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability... | S | |
| CVE-2019-14982 | In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffse... | E S | |
| CVE-2019-14984 | eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execut... | E | |
| CVE-2019-14985 | eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenti... | E | |
| CVE-2019-14986 | eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operati... | E | |
| CVE-2019-14987 | Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation L... | | |
| CVE-2019-14988 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-9512. Reason: This candidate... | R | |
| CVE-2019-14989 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-9513. Reason: This candidate... | R | |
| CVE-2019-14990 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-9514. Reason: This candidate... | R | |
| CVE-2019-14991 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-9515. Reason: This candidate... | R | |
| CVE-2019-14992 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-9518. Reason: This candidate... | R | |
| CVE-2019-14993 | Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to ... | E | |
| CVE-2019-14994 | The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center ... | | |
| CVE-2019-14995 | The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to ... | E | |
| CVE-2019-14996 | The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before ver... | | |
| CVE-2019-14997 | The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn de... | | |
| CVE-2019-14998 | The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before versio... | E | |
| CVE-2019-14999 | The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from versi... | |