CVE-2019-15xxx

There are 867 CVE in this subgroup.
Last updated: 
← Back to 2019
ID Summary Flags Max Score
CVE-2019-15000 The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version ...
CVE-2019-15001 The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7....
CVE-2019-15002 An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login ...
CVE-2019-15003 The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center ...
CVE-2019-15004 The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center ...
CVE-2019-15005 The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivilege...
CVE-2019-15006 There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Conf...
S
CVE-2019-15007 The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers t...
CVE-2019-15008 The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 al...
CVE-2019-15009 The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 ...
CVE-2019-15010 Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16....
CVE-2019-15011 The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 b...
CVE-2019-15012 Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 bef...
CVE-2019-15013 The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 be...
CVE-2019-15014 A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that a...
CVE-2019-15015 In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector u...
CVE-2019-15016 An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.28...
CVE-2019-15017 The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the ...
CVE-2019-15018 A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentic...
CVE-2019-15019 A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allo...
CVE-2019-15020 A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allo...
CVE-2019-15021 A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow ...
CVE-2019-15022 A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the...
CVE-2019-15023 A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in pas...
CVE-2019-15024 In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who i...
CVE-2019-15025 The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the s...
CVE-2019-15026 memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in m...
S
CVE-2019-15027 The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC...
E
CVE-2019-15028 In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled f...
CVE-2019-15029 FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious co...
E
CVE-2019-15030 In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers o...
E S
CVE-2019-15031 In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers o...
E S
CVE-2019-15032 Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remo...
E
CVE-2019-15033 Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify...
E
CVE-2019-15034 hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, l...
S
CVE-2019-15035 An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get a...
CVE-2019-15036 An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execu...
CVE-2019-15037 An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the se...
CVE-2019-15038 An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some secur...
CVE-2019-15039 An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issu...
CVE-2019-15040 JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page....
CVE-2019-15041 JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclus...
CVE-2019-15042 An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for som...
CVE-2019-15043 In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes...
CVE-2019-15045 AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor...
E
CVE-2019-15046 Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leak...
E
CVE-2019-15047 An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the function AP...
E
CVE-2019-15048 An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer overflow in the AP4_RtpAtom ...
E
CVE-2019-15049 An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_Dec3Ato...
E
CVE-2019-15050 An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_AvccAto...
E
CVE-2019-15051 An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script...
E
CVE-2019-15052 The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the co...
E S
CVE-2019-15053 The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of th...
E
CVE-2019-15054 Multiple cross-site scripting (XSS) vulnerabilities in Mailbird before 2.7.5.0 r allow remote attack...
CVE-2019-15055 MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which a...
E
CVE-2019-15058 stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer over-read in stbi__tga_load, lea...
E
CVE-2019-15059 In Liberty lisPBX 2.0-4, configuration backup files can be retrieved remotely from /backup/lispbx-CO...
CVE-2019-15060 The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulne...
E
CVE-2019-15062 An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a u...
E S
CVE-2019-15064 HiNet GPON firmware version < I040GWR190731 allows a user login to device without any authentication
CVE-2019-15065 A vulnerability was discovered in HiNet GPON firmware < I040GWR190731 that allows an attacker to read arbitrary files
CVE-2019-15066 A remote command execution vulnerability was discovered in HiNet GPON firmware < I040GWR190731 port 6998
CVE-2019-15067 An authentication bypass vulnerability discovered in Smart Battery A2-25DE
CVE-2019-15068 A broken access control vulnerability discovered in Smart Battery A4
CVE-2019-15069 An unsafe authentication interface was discovered in Smart Battery A4
CVE-2019-15071 Openfind MAIL2000 Webmail Pre-Auth Cross-Site Scripting
CVE-2019-15072 Openfind MAIL2000 Webmail Post-Auth Cross-Site Scripting
CVE-2019-15073 Openfind MAIL2000 Webmail Pre-Auth Open Redirect
CVE-2019-15074 The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scriptin...
E S
CVE-2019-15075 An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/confi...
S
CVE-2019-15078 An issue was discovered in a smart contract implementation for AIRDROPX BORN through 2019-05-29, an ...
E
CVE-2019-15079 A typo exists in the constructor of a smart contract implementation for EAI through 2019-06-05, an E...
E
CVE-2019-15080 An issue was discovered in a smart contract implementation for MORPH Token through 2019-06-05, an Et...
E
CVE-2019-15081 OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the So...
E
CVE-2019-15082 The 360-product-rotation plugin before 1.4.8 for WordPress has reflected XSS....
CVE-2019-15083 Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS ...
CVE-2019-15084 Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, installs with incorrect file permis...
E
CVE-2019-15085 An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change...
CVE-2019-15086 An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, lead...
CVE-2019-15087 An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to h...
E S
CVE-2019-15088 An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operato...
S
CVE-2019-15089 An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker exec...
CVE-2019-15090 An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qe...
S
CVE-2019-15091 filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=...
CVE-2019-15092 The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress all...
E
CVE-2019-15095 DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surve...
E
CVE-2019-15098 drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereferen...
CVE-2019-15099 drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereferen...
CVE-2019-15102 An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner_Non_distributed (and distribu...
E
CVE-2019-15104 An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulne...
E
CVE-2019-15105 An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Inject...
E
CVE-2019-15106 An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the us...
E
CVE-2019-15107 An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a comma...
KEV E
CVE-2019-15108 An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS ...
S
CVE-2019-15109 The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter....
CVE-2019-15110 The wp-front-end-profile plugin before 0.2.2 for WordPress has XSS....
CVE-2019-15111 The wp-front-end-profile plugin before 0.2.2 for WordPress has a privilege escalation issue....
CVE-2019-15112 The wp-slimstat plugin before 4.8.1 for WordPress has XSS....
CVE-2019-15113 The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF....
CVE-2019-15114 The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF....
CVE-2019-15115 The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF....
CVE-2019-15116 The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging....
CVE-2019-15117 parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short des...
S
CVE-2019-15118 check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leadin...
S
CVE-2019-15119 lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/o...
E S
CVE-2019-15120 The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode....
E
CVE-2019-15123 The Branding Module in Viki Vera 4.9.1.26180 allows an authenticated user to change the logo on the ...
CVE-2019-15124 In the MobileFrontend extension for MediaWiki, XSS exists within the edit summary field of the watch...
E
CVE-2019-15126 An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic...
CVE-2019-15127 REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool pa...
CVE-2019-15128 iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to create a user....
E
CVE-2019-15129 The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated atta...
E
CVE-2019-15130 The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated atta...
E
CVE-2019-15131 In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been iden...
CVE-2019-15132 Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate...
CVE-2019-15133 In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder...
CVE-2019-15134 RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attack...
E S
CVE-2019-15135 The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext information...
CVE-2019-15136 The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not check partition permissions f...
S
CVE-2019-15137 The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with to...
S
CVE-2019-15138 The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file tha...
E
CVE-2019-15139 The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 al...
E S
CVE-2019-15140 coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-a...
E S
CVE-2019-15141 WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-se...
E S
CVE-2019-15142 In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-...
E S
CVE-2019-15143 In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error...
E
CVE-2019-15144 In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate::sort) allows attackers to ...
E S
CVE-2019-15145 DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-...
E S
CVE-2019-15146 GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in GPMF_Next in GPMF_parser.c....
E S
CVE-2019-15147 GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GPMF_Next in GPMF_parser.c....
E S
CVE-2019-15148 GoPro GPMF-parser 1.2.2 has an out-of-bounds write in OpenMP4Source in demo/GPMF_mp4reader.c....
E S
CVE-2019-15149 core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanis...
S
CVE-2019-15150 In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAut...
S
CVE-2019-15151 AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h....
E S
CVE-2019-15160 The SweetXml (aka sweet_xml) package through 0.6.6 for Erlang and Elixir allows attackers to cause a...
E
CVE-2019-15161 rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a varia...
S
CVE-2019-15162 rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authenti...
S
CVE-2019-15163 rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer ...
S
CVE-2019-15164 rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture sourc...
S
CVE-2019-15165 sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocati...
S
CVE-2019-15166 lmp_print in tcpdump lacks certain boundary checks
S
CVE-2019-15167 The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP...
S
CVE-2019-15211 An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a mali...
E S
CVE-2019-15212 An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicio...
E S
CVE-2019-15213 An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a mali...
E S
CVE-2019-15214 An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound su...
E S
CVE-2019-15215 An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a mali...
E S
CVE-2019-15216 An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference cause...
E S
CVE-2019-15217 An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused...
E S
CVE-2019-15218 An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused...
E S
CVE-2019-15219 An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused...
E S
CVE-2019-15220 An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a mali...
E S
CVE-2019-15221 An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference cause...
E S
CVE-2019-15222 An issue was discovered in the Linux kernel before 5.2.8. There is a NULL pointer dereference caused...
E S
CVE-2019-15223 An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused...
E S
CVE-2019-15224 The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-...
CVE-2019-15225 In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc+...
E
CVE-2019-15226 Upon receiving each incoming request header data, Envoy will iterate over existing request headers t...
S
CVE-2019-15227 FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Consol...
E
CVE-2019-15228 FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie ...
E
CVE-2019-15229 FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could...
E
CVE-2019-15230 LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create ...
E
CVE-2019-15231 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-15107. Reason: This candidat...
R
CVE-2019-15232 Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWit...
CVE-2019-15233 The Live:Text Box macro in the Old Street Live Input Macros app before 2.11 for Confluence has XSS, ...
E
CVE-2019-15234 SHAREit through 4.0.6.177 does not check the full message length from the received packet header (wh...
E
CVE-2019-15235 CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's sessio...
E
CVE-2019-15237 Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks....
CVE-2019-15238 The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field....
E
CVE-2019-15239 In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4....
E S
CVE-2019-15240 Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities
CVE-2019-15241 Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities
CVE-2019-15242 Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities
CVE-2019-15243 Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities
CVE-2019-15244 Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities
CVE-2019-15245 Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities
CVE-2019-15246 Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities
CVE-2019-15247 Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities
CVE-2019-15248 Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities
CVE-2019-15249 Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities
CVE-2019-15250 Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities
CVE-2019-15251 Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities
CVE-2019-15252 Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities
CVE-2019-15253 Cisco Digital Network Architecture Center Stored Cross-Site Scripting Vulnerability
E
CVE-2019-15255 Cisco Identity Services Engine Authorization Bypass Vulnerability
CVE-2019-15256 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv1 Denial of Service Vulnerability
CVE-2019-15257 Cisco SPA100 Series Analog Telephone Adapters Running Configuration Information Disclosure Vulnerability
CVE-2019-15258 Cisco SPA100 Series Analog Telephone Adapters Web Management Interface Denial of Service Vulnerability
E
CVE-2019-15259 Cisco Unified Contact Center Express HTTP Response Splitting Vulnerability
CVE-2019-15260 Cisco Aironet Access Points Unauthorized Access Vulnerability
CVE-2019-15261 Cisco Aironet Access Points Point-to-Point Tunneling Protocol Denial of Service Vulnerability
CVE-2019-15262 Cisco Wireless LAN Controller Secure Shell Denial of Service Vulnerability
CVE-2019-15264 Cisco Aironet Access Points and Catalyst 9100 Access Points CAPWAP Denial of Service Vulnerability
CVE-2019-15265 Cisco Aironet Access Points Bridge Protocol Data Unit Port Disable Denial of Service Vulnerability
CVE-2019-15266 Cisco Wireless LAN Controller Path Traversal Vulnerability
CVE-2019-15268 Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities
CVE-2019-15269 Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities
CVE-2019-15270 Cisco Firepower Management Center Stored Cross-Site Scripting Vulnerability
CVE-2019-15271 Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Arbitrary Command Execution Vulnerability
KEV
CVE-2019-15272 Cisco Unified Communications Manager Security Bypass Vulnerability
CVE-2019-15273 Cisco TelePresence Collaboration Endpoint Software Arbitrary File Overwrite Vulnerabilities
CVE-2019-15274 Cisco TelePresence Collaboration Endpoint Software Command Injection Vulnerability
CVE-2019-15275 Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability
CVE-2019-15276 Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability
E
CVE-2019-15277 Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability
CVE-2019-15278 Cisco Finesse Cross-Site Scripting Vulnerability
CVE-2019-15280 Cisco Firepower Management Center Software Stored Cross-Site Scripting Vulnerability
CVE-2019-15281 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
CVE-2019-15282 Cisco Identity Services Engine Information Disclosure Vulnerability
CVE-2019-15283 Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
CVE-2019-15284 Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
CVE-2019-15285 Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
CVE-2019-15286 Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
CVE-2019-15287 Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
CVE-2019-15288 Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Privilege Escalation Vulnerability
CVE-2019-15289 Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerabilities
CVE-2019-15290 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-15098. Reason: This candidat...
R
CVE-2019-15291 An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference cause...
E
CVE-2019-15292 An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_ex...
E S
CVE-2019-15293 An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 1159. There is a User Mode Write ...
CVE-2019-15294 An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if ...
CVE-2019-15295 An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lo...
CVE-2019-15296 An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits funct...
S
CVE-2019-15297 res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to tr...
S
CVE-2019-15298 A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present i...
CVE-2019-15299 An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his pro...
S
CVE-2019-15300 A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in th...
S
CVE-2019-15301 A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online...
CVE-2019-15302 The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has acces...
S
CVE-2019-15304 Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, ...
CVE-2019-15310 An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execu...
E
CVE-2019-15311 An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remot...
E
CVE-2019-15312 An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS reb...
E
CVE-2019-15313 In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability....
CVE-2019-15314 tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is exe...
E
CVE-2019-15315 Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTE...
CVE-2019-15316 Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege ...
E
CVE-2019-15317 The give plugin before 2.4.7 for WordPress has XSS via a donor name....
E
CVE-2019-15318 The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the a...
CVE-2019-15319 The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce....
CVE-2019-15320 The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mi...
CVE-2019-15321 The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes ar...
CVE-2019-15322 The shortcode-factory plugin before 2.8 for WordPress has Local File Inclusion....
CVE-2019-15323 The ad-inserter plugin before 2.4.20 for WordPress has path traversal....
CVE-2019-15324 The ad-inserter plugin before 2.4.22 for WordPress has remote code execution....
E S
CVE-2019-15325 In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /pr...
CVE-2019-15326 The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal....
CVE-2019-15327 The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data....
CVE-2019-15328 The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS....
CVE-2019-15329 The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF....
CVE-2019-15330 The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary f...
CVE-2019-15331 The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection....
CVE-2019-15332 The Lava Z61 Android device with a build fingerprint of LAVA/Z61_2GB/Z61_2GB:8.1.0/O11019/1533889281...
CVE-2019-15333 The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user...
CVE-2019-15334 The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019...
CVE-2019-15335 The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/re...
CVE-2019-15336 The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/...
CVE-2019-15337 The Lava Z81 Android device with a build fingerprint of LAVA/Z81/Z81:8.1.0/O11019/1532317309:user/re...
CVE-2019-15338 The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/...
CVE-2019-15339 The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user...
CVE-2019-15340 The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8...
CVE-2019-15341 The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O...
CVE-2019-15342 The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O...
CVE-2019-15343 The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/...
CVE-2019-15344 The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/...
CVE-2019-15345 The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/...
CVE-2019-15346 The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O1101...
CVE-2019-15347 The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O1101...
CVE-2019-15348 The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-1808...
CVE-2019-15349 The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-1808...
CVE-2019-15350 The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-1808...
CVE-2019-15351 The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-1808...
CVE-2019-15352 The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/153...
CVE-2019-15353 The Coolpad N3C Android device with a build fingerprint of Coolpad/N3C/N3C:8.1.0/O11019/1538236809:u...
CVE-2019-15354 The Ulefone Armor 5 Android device with a build fingerprint of Ulefone/Ulefone_Armor_5/Ulefone_Armor...
CVE-2019-15355 The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/...
CVE-2019-15356 The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user...
CVE-2019-15357 The Advan i6A Android device with a build fingerprint of ADVAN/i6A/i6A:8.1.0/O11019/1523602705:userd...
CVE-2019-15358 The Dexp Z250 Android device with a build fingerprint of DEXP/Z250/Z250:8.1.0/O11019/1531130719:user...
CVE-2019-15359 The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebu...
CVE-2019-15360 The Hisense U965 Android device with a build fingerprint of Hisense/U965_4G_10/HS6739MT:8.1.0/O11019...
CVE-2019-15361 The Infinix Note 5 Android device with a build fingerprint of Infinix/H632C/Infinix-X605_sprout:8.1....
CVE-2019-15362 The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019...
CVE-2019-15363 The Leagoo Power 5 Android device with a build fingerprint of LEAGOO/Power_5/Power_5:8.1.0/O11019/15...
CVE-2019-15364 The Dexp BL250 Android device with a build fingerprint of DEXP/BL250/BL250:8.1.0/O11019/1530858027:u...
CVE-2019-15365 The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/re...
CVE-2019-15366 The Infinix Note 5 Android device with a build fingerprint of Infinix/H633IJL/Infinix-X604_sprout:8....
CVE-2019-15367 The Haier P10 Android device with a build fingerprint of Haier/P10/P10:8.1.0/O11019/1532662449:user/...
CVE-2019-15368 The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/153...
CVE-2019-15369 The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/...
CVE-2019-15370 The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1526527761:...
CVE-2019-15371 The Symphony G100 Android device with a build fingerprint of Symphony/G100/G100:8.1.0/O11019/1530618...
CVE-2019-15372 The Hisense F17 Android device with a build fingerprint of Hisense/F17_4G/HS6739MT:8.1.0/O11019/Hise...
CVE-2019-15373 The Symphony i95 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/...
CVE-2019-15374 The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/...
CVE-2019-15375 The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:...
CVE-2019-15376 The Panasonic Eluga Ray 530 Android device with a build fingerprint of Panasonic/ELUGA_Ray_530/ELUGA...
CVE-2019-15377 The Cherry Flare S7 Android device with a build fingerprint of Cherry_Mobile/Flare_S7_Deluxe/Flare_S...
CVE-2019-15378 The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA...
CVE-2019-15379 The Walton Primo G3 Android device with a build fingerprint of WALTON/Primo_GM3/Primo_GM3:8.1.0/O110...
CVE-2019-15380 The Fly Photo Pro Android device with a build fingerprint of Fly/PhotoPro/Photo_Pro:8.1.0/O11019/152...
CVE-2019-15381 The BQ 5515L Android device with a build fingerprint of BQru/BQru-5515L/BQru-5515L:8.1.0/O11019/2018...
CVE-2019-15382 The Cubot Nova Android device with a build fingerprint of CUBOT/CUBOT_NOVA/CUBOT_NOVA:8.1.0/O11019/1...
CVE-2019-15383 The Allview X5 Android device with a build fingerprint of ALLVIEW/X5_Soul_Mini/X5_Soul_Mini:8.1.0/O1...
CVE-2019-15384 The Elephone A4 Android device with a build fingerprint of Elephone/A4/A4:8.1.0/O11019/20180530.1435...
CVE-2019-15385 The Infinix Note 5 Android device with a build fingerprint of Infinix/H633B/Infinix-X604_sprout:8.1....
CVE-2019-15386 The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user...
CVE-2019-15387 The Archos Core 101 Android device with a build fingerprint of archos/MTKAC101CR3G_ARCHOS/ac101cr3g:...
CVE-2019-15388 The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/153...
CVE-2019-15389 The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebu...
CVE-2019-15390 The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:...
CVE-2019-15391 The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_1:8.1....
CVE-2019-15392 The Asus ZenFone 4 Selfie Android device with a build fingerprint of Android/sdm660_64/sdm660_64:8.1...
CVE-2019-15393 The Asus ZenFone Live Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NM...
CVE-2019-15394 The Asus ZenFone 5 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1....
CVE-2019-15395 The Asus ZenFone 3s Max Android device with a build fingerprint of asus/IN_X00G/ASUS_X00G_1:7.0/NRD9...
CVE-2019-15396 The Asus ZenFone 3 Android device with a build fingerprint of asus/WW_Phone/ASUS_Z012D:7.0/NRD90M/14...
CVE-2019-15397 The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00HD_4:7.1.1/N...
CVE-2019-15398 The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/...
CVE-2019-15399 The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI7...
CVE-2019-15400 The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD9...
CVE-2019-15401 The Asus ASUS_A002 Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M...
CVE-2019-15402 The Asus ASUS_A002_2 Android device with a build fingerprint of asus/WW_ASUS_A002_2/ASUS_A002_2:7.0/...
CVE-2019-15403 The Asus ZenFone 3s Max Android device with a build fingerprint of asus/IN_X00G/ASUS_X00G_1:7.0/NRD9...
CVE-2019-15404 The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00HD_4:7.1.1/N...
CVE-2019-15405 The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/...
CVE-2019-15406 The Asus ASUS_X00LD_3 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NM...
CVE-2019-15407 The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/...
CVE-2019-15408 The Asus ZenFone 5 Lite Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/...
CVE-2019-15409 The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI7...
CVE-2019-15410 The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI7...
CVE-2019-15411 The Asus ZenFone 3 Laser Android device with a build fingerprint of asus/WW_msm8937/msm8937:7.1.1/NM...
CVE-2019-15412 The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/...
CVE-2019-15413 The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD9...
CVE-2019-15414 The Asus ZenFone AR Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90...
CVE-2019-15415 The Xiaomi Redmi 5 Android device with a build fingerprint of xiaomi/vince/vince:7.1.2/N2G47H/V9.5.4...
CVE-2019-15416 The Sony keyaki_kddi Android device with a build fingerprint of Sony/keyaki_kddi/keyaki_kddi:7.1.1/T...
CVE-2019-15417 The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3...
CVE-2019-15418 The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/...
CVE-2019-15419 The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/...
CVE-2019-15420 The Blackview BV9000Pro-F Android device with a build fingerprint of Blackview/BV9000Pro-F/BV9000Pro...
CVE-2019-15421 The Blackview BV7000_Pro Android device with a build fingerprint of Blackview/BV7000_Pro/BV7000_Pro:...
CVE-2019-15422 The Doogee Mix Android device with a build fingerprint of DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/...
CVE-2019-15423 The Bluboo Bluboo_S1 Android device with a build fingerprint of BLUBOO/Bluboo_S1/Bluboo_S1:7.0/NRD90...
CVE-2019-15424 The Doogee BL5000 Android device with a build fingerprint of DOOGEE/BL5000/BL5000:7.0/NRD90M/1497072...
CVE-2019-15425 The Kata M4s Android device with a build fingerprint of alps/full_hct6750_66_n/hct6750_66_n:7.0/NRD9...
CVE-2019-15426 The Xiaomi 5S Plus Android device with a build fingerprint of Xiaomi/natrium/natrium:6.0.1/MXB48T/7....
CVE-2019-15427 The Xiaomi Mi Mix Android device with a build fingerprint of Xiaomi/lithium/lithium:6.0.1/MXB48T/7.1...
CVE-2019-15428 The Xiaomi Mi Note 2 Android device with a build fingerprint of Xiaomi/scorpio/scorpio:6.0.1/MXB48T/...
CVE-2019-15429 The Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NR...
CVE-2019-15430 The Bluboo D3 Pro Android device with a build fingerprint of BLUBOO/Bluboo_D2_Pro/Bluboo_D2_Pro:7.0/...
CVE-2019-15431 The Evercoss U50A Android device with a build fingerprint of EVERCOSS/U50A./EVERCOSS:7.0/NRD90M/1499...
CVE-2019-15432 The Evercoss U6 Android device with a build fingerprint of EVERCOSS/U6/U6:7.0/NRD90M/1504236704:user...
CVE-2019-15433 The Samsung A3 Android device with a build fingerprint of samsung/a3y17ltedx/a3y17lte:8.0.0/R16NW/A3...
CVE-2019-15434 The Samsung A5 Android device with a build fingerprint of samsung/a5y17ltexx/a5y17lte:8.0.0/R16NW/A5...
CVE-2019-15435 The Samsung A7 Android device with a build fingerprint of samsung/a7y17ltexx/a7y17lte:8.0.0/R16NW/A7...
CVE-2019-15436 The Samsung A8+ Android device with a build fingerprint of samsung/jackpot2ltexx/jackpot2lte:8.0.0/R...
CVE-2019-15437 The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltexx/xcover4lte:8.1.0...
CVE-2019-15438 The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltedo/xcover4lte:8.1.0...
CVE-2019-15439 The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltedo/xcover4lte:8.1.0...
CVE-2019-15440 The Samsung J5 Android device with a build fingerprint of samsung/on5xeltedx/on5xelte:8.0.0/R16NW/G5...
CVE-2019-15441 The Samsung on7xeltelgt Android device with a build fingerprint of samsung/on7xeltelgt/on7xeltelgt:8...
CVE-2019-15442 The Samsung on7xelteskt Android device with a build fingerprint of samsung/on7xelteskt/on7xelteskt:8...
CVE-2019-15443 The Samsung J7 Max Android device with a build fingerprint of samsung/j7maxlteins/j7maxlte:8.1.0/M1A...
CVE-2019-15444 The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930...
CVE-2019-15445 The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930...
CVE-2019-15446 The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930...
CVE-2019-15447 The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16...
CVE-2019-15448 The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16...
CVE-2019-15449 The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16...
CVE-2019-15450 The Samsung j3popeltecan Android device with a build fingerprint of samsung/j3popeltevl/j3popeltecan...
CVE-2019-15451 The Samsung J3 Android device with a build fingerprint of samsung/j3y17ltedx/j3y17lte:8.0.0/R16NW/J3...
CVE-2019-15452 The Samsung J3 Android device with a build fingerprint of samsung/j3y17ltedx/j3y17lte:8.0.0/R16NW/J3...
CVE-2019-15453 The Samsung J4 Android device with a build fingerprint of samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBS...
CVE-2019-15454 The Samsung J4 Android device with a build fingerprint of samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBU...
CVE-2019-15455 The Samsung J5 Android device with a build fingerprint of samsung/j5y17ltexx/j5y17lte:8.1.0/M1AJQ/J5...
CVE-2019-15456 The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXX...
CVE-2019-15457 The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXX...
CVE-2019-15458 The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/...
CVE-2019-15459 The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/...
CVE-2019-15460 The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/...
CVE-2019-15461 The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/...
CVE-2019-15462 The Samsung J7 Duo Android device with a build fingerprint of samsung/j7duolteub/j7duolte:8.0.0/R16N...
CVE-2019-15463 The Samsung j7popeltemtr Android device with a build fingerprint of samsung/j7popeltemtr/j7popeltemt...
CVE-2019-15464 The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteub/j7y17lte:8.1.0/M1AJ...
CVE-2019-15465 The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteubm/j7y17lte:8.1.0/M1A...
CVE-2019-15466 The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8...
CVE-2019-15467 The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.17...
CVE-2019-15468 The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.18...
CVE-2019-15469 The Xiaomi Mi Pad 4 Android device with a build fingerprint of Xiaomi/clover/clover:8.1.0/OPM1.17101...
CVE-2019-15470 The Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of xiaomi/tulip/tulip:8.1.0/OPM1...
CVE-2019-15471 The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.17...
CVE-2019-15472 The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.18...
CVE-2019-15473 The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/jasmine/jasmine_sprout:9/PKQ...
CVE-2019-15474 The Xiaomi Cepheus Android device with a build fingerprint of Xiaomi/cepheus/cepheus:9/PKQ1.181121.0...
CVE-2019-15475 The Xiaomi Mi A3 Android device with a build fingerprint of xiaomi/onc_eea/onc:9/PKQ1.181021.001/V10...
CVE-2019-15476 Former before 4.2.1 has XSS via a checkbox value....
E S
CVE-2019-15477 Jooby before 1.6.4 has XSS via the default error handler....
E S
CVE-2019-15478 Status Board 1.1.81 has reflected XSS via logic.ts....
S
CVE-2019-15479 Status Board 1.1.81 has reflected XSS via dashboard.ts....
S
CVE-2019-15480 Domoticz 4.10717 has XSS via item.Name....
E S
CVE-2019-15481 Kimai v2 before 1.1 has XSS via a timesheet description....
S
CVE-2019-15482 selectize-plugin-a11y before 1.1.0 has XSS via the msg field....
S
CVE-2019-15483 Bolt before 3.6.10 has XSS via a title that is mishandled in the system log....
S
CVE-2019-15484 Bolt before 3.6.10 has XSS via an image's alt or title field....
S
CVE-2019-15485 Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php....
S
CVE-2019-15486 django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline....
S
CVE-2019-15487 DfE School Experience before v16333-GA has XSS via a teacher training URL....
S
CVE-2019-15488 Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test....
S
CVE-2019-15489 laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XSS....
E S
CVE-2019-15490 openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21....
CVE-2019-15491 openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21....
CVE-2019-15492 openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21....
S
CVE-2019-15493 openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21....
CVE-2019-15494 openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21....
CVE-2019-15496 MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attac...
E
CVE-2019-15497 Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other...
CVE-2019-15498 cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to e...
E
CVE-2019-15499 CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the...
E
CVE-2019-15501 Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa...
E
CVE-2019-15502 The TeamSpeak client before 3.3.2 allows remote servers to trigger a crash via the 0xe2 0x81 0xa8 0x...
E
CVE-2019-15503 cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCMS) through 12.0.3.0 has "Impro...
CVE-2019-15504 drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via craft...
CVE-2019-15505 drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds re...
S
CVE-2019-15506 An issue was discovered in Kaseya Virtual System Administrator (VSA) through 9.4.0.37. It has a crit...
CVE-2019-15507 In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenti...
CVE-2019-15508 In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticate...
CVE-2019-15510 ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the...
E
CVE-2019-15511 An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed ...
CVE-2019-15513 An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) befo...
E
CVE-2019-15514 The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrec...
E
CVE-2019-15515 Discourse 2.3.2 sends the CSRF token in the query string....
S
CVE-2019-15516 Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mec...
S
CVE-2019-15517 jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal....
S
CVE-2019-15518 Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler....
S
CVE-2019-15519 Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory)...
S
CVE-2019-15520 comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project direct...
S
CVE-2019-15521 Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP ob...
S
CVE-2019-15522 An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to f...
S
CVE-2019-15523 An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return val...
S
CVE-2019-15524 CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in t...
CVE-2019-15525 There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1....
S
CVE-2019-15526 An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injec...
E
CVE-2019-15527 An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injec...
E
CVE-2019-15528 An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injec...
E
CVE-2019-15529 An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injec...
E
CVE-2019-15530 An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injec...
E
CVE-2019-15531 GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract...
CVE-2019-15532 CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs....
E S
CVE-2019-15533 XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php....
S
CVE-2019-15534 Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update....
S
CVE-2019-15535 Tasking Manager before 3.4.0 allows SQL Injection via custom SQL....
S
CVE-2019-15536 The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records....
S
CVE-2019-15537 The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/D...
S
CVE-2019-15538 An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2....
S
CVE-2019-15539 The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cros...
S
CVE-2019-15540 filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate t...
E S
CVE-2019-15541 rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to caus...
E S
CVE-2019-15542 An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion ...
CVE-2019-15543 An issue was discovered in the slice-deque crate before 0.2.0 for Rust. There is memory corruption i...
CVE-2019-15544 An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memor...
CVE-2019-15545 An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Attackers can spoof ed25519 ...
CVE-2019-15546 An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have for...
CVE-2019-15547 An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues...
CVE-2019-15548 An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are instr and mvwinstr b...
CVE-2019-15549 An issue was discovered in the asn1_der crate before 0.6.2 for Rust. Attackers can trigger memory ex...
CVE-2019-15550 An issue was discovered in the simd-json crate before 0.1.15 for Rust. There is an out-of-bounds rea...
CVE-2019-15551 An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is a double free for cer...
S
CVE-2019-15552 An issue was discovered in the libflate crate before 0.1.25 for Rust. MultiDecoder::read has a use-a...
CVE-2019-15553 An issue was discovered in the memoffset crate before 0.5.0 for Rust. offset_of and span_of can caus...
CVE-2019-15554 An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for...
S
CVE-2019-15555 FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseG...
S
CVE-2019-15556 Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/registe...
CVE-2019-15557 XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key....
S
CVE-2019-15558 XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSc...
S
CVE-2019-15559 DianoxDragon Hawn before 2019-07-10 allows SQL injection....
S
CVE-2019-15560 The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js....
S
CVE-2019-15561 FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js....
S
CVE-2019-15562 GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing u...
CVE-2019-15563 Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection ...
S
CVE-2019-15564 The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion....
S
CVE-2019-15565 The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php....
S
CVE-2019-15566 The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java...
S
CVE-2019-15567 OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature....
S
CVE-2019-15568 idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection via...
S
CVE-2019-15569 HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQu...
S
CVE-2019-15570 BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters...
S
CVE-2019-15571 The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php....
S
CVE-2019-15572 Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php....
S
CVE-2019-15573 Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php....
S
CVE-2019-15574 Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php....
S
CVE-2019-15575 A command injection exists in GitLab CE/EE
E
CVE-2019-15576 An information disclosure vulnerability exists in GitLab CE/EE
E
CVE-2019-15577 An information disclosure vulnerability exists in GitLab CE/EE
E
CVE-2019-15578 An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (...
CVE-2019-15579 An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (...
CVE-2019-15580 An information exposure vulnerability exists in gitlab.com
E
CVE-2019-15581 An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise...
CVE-2019-15582 An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and En...
CVE-2019-15583 An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (...
CVE-2019-15584 A denial of service exists in gitlab
E
CVE-2019-15585 Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE...
CVE-2019-15586 A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin....
CVE-2019-15587 In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when ...
CVE-2019-15588 There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that ...
S
CVE-2019-15589 An improper access control vulnerability exists in Gitlab
E
CVE-2019-15590 An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE...
CVE-2019-15591 An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain ...
E
CVE-2019-15592 GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private proj...
CVE-2019-15593 GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the...
E S
CVE-2019-15594 GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of rest...
CVE-2019-15595 A privilege escalation exists in UniFi Video Controller =<3.10.6 that would allow an attacker on the...
CVE-2019-15596 A path traversal in statics-server exists in all version that allows an attacker to perform a path t...
E
CVE-2019-15597 A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by uns...
CVE-2019-15598 A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker...
CVE-2019-15599 A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacke...
CVE-2019-15600 A Path traversal exists in http_server which allows an attacker to read arbitrary system files....
CVE-2019-15601 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2019-15602 The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cro...
E
CVE-2019-15603 The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability via a ma...
E
CVE-2019-15604 Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a...
E S
CVE-2019-15605 HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-enc...
S
CVE-2019-15606 Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of autho...
E
CVE-2019-15607 A stored XSS vulnerability is present within node-red (version: <= 0.20.7) npm package, which is a v...
E
CVE-2019-15608 The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is ...
E M
CVE-2019-15609 The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability....
E
CVE-2019-15610 Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was r...
CVE-2019-15611 Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and tok...
CVE-2019-15612 A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the pass...
CVE-2019-15613 A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file ext...
S
CVE-2019-15614 Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files....
CVE-2019-15615 A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection wh...
CVE-2019-15616 Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long....
CVE-2019-15617 A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when tr...
CVE-2019-15618 Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting th...
CVE-2019-15619 Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3...
CVE-2019-15620 Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversa...
CVE-2019-15621 Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare wi...
CVE-2019-15622 Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get conte...
E
CVE-2019-15623 Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and...
E
CVE-2019-15624 Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of...
E
CVE-2019-15625 A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker...
CVE-2019-15626 The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain w...
S
CVE-2019-15627 Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary f...
CVE-2019-15628 Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerabi...
CVE-2019-15629 Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vul...
CVE-2019-15630 Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runti...
CVE-2019-15631 Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before O...
CVE-2019-15635 An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) a...
CVE-2019-15637 Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source,...
E
CVE-2019-15638 COPA-DATA zenone32 zenon Editor through 8.10 has an Uncontrolled Search Path Element....
CVE-2019-15639 main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific ...
CVE-2019-15640 Limesurvey before 3.17.10 does not validate both the MIME type and file extension of an image....
S
CVE-2019-15641 xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, a...
E
CVE-2019-15642 rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name...
E S
CVE-2019-15643 The ultimate-faqs plugin before 1.8.22 for WordPress has XSS....
CVE-2019-15644 The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS....
CVE-2019-15645 The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF....
CVE-2019-15646 The rsvpmaker plugin before 6.2 for WordPress has SQL injection....
CVE-2019-15647 The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-ajax.php?action=bulk_action_list...
E
CVE-2019-15648 The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insuff...
E S
CVE-2019-15649 The insert-or-embed-articulate-content-into-wordpress plugin before 4.2999 for WordPress has insuffi...
CVE-2019-15650 The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restricti...
CVE-2019-15651 wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/as...
CVE-2019-15652 The web interface for NSSLGlobal SatLink VSAT Modem Unit (VMU) devices before 18.1.0 doesn't properl...
E
CVE-2019-15653 Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authe...
E
CVE-2019-15654 Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcf...
E
CVE-2019-15655 D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /rom...
E
CVE-2019-15656 D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a s...
E
CVE-2019-15657 In eslint-utils before 1.4.1, the getStaticValue function can execute arbitrary code....
CVE-2019-15658 connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data....
CVE-2019-15659 The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-201...
CVE-2019-15660 The wp-members plugin before 3.2.8 for WordPress has CSRF....
CVE-2019-15661 An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64...
CVE-2019-15662 An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120444 in KfeCo10X64...
CVE-2019-15663 An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120404 in KfeCo10X64...
CVE-2019-15664 An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120404 in KfeCo10X64...
S
CVE-2019-15665 An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64...
CVE-2019-15666 An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in...
S
CVE-2019-15678 TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can po...
CVE-2019-15679 TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, whic...
CVE-2019-15680 TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which resu...
CVE-2019-15681 LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VN...
S
CVE-2019-15682 RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which...
CVE-2019-15683 TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e...
S
CVE-2019-15684 Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to ...
CVE-2019-15685 Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Vir...
CVE-2019-15686 Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Vir...
CVE-2019-15687 Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Vir...
CVE-2019-15688 Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Vir...
CVE-2019-15689 Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Securi...
E
CVE-2019-15690 LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the Handl...
S
CVE-2019-15691 TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorr...
E S
CVE-2019-15692 TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be trigg...
E S
CVE-2019-15693 TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder...
E S
CVE-2019-15694 TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered fro...
E S
CVE-2019-15695 TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered fr...
E S
CVE-2019-15698 In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authenticated user with Va...
CVE-2019-15699 An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS ...
CVE-2019-15700 public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML ...
E S
CVE-2019-15701 components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS ...
E
CVE-2019-15702 In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not te...
E
CVE-2019-15703 An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for ...
CVE-2019-15704 A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local...
CVE-2019-15705 An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below...
CVE-2019-15706 An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy v...
S
CVE-2019-15707 An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and ...
CVE-2019-15708 A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP ...
CVE-2019-15709 An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and be...
CVE-2019-15710 An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI adm...
CVE-2019-15711 A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with...
E
CVE-2019-15712 An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and ...
CVE-2019-15713 The my-calendar plugin before 3.1.10 for WordPress has XSS....
CVE-2019-15714 cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might ...
CVE-2019-15715 MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Co...
E S
CVE-2019-15716 WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local a...
E S
CVE-2019-15717 Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP....
CVE-2019-15718 In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd...
E S
CVE-2019-15719 Altair PBS Professional through 19.1.2 allows Privilege Escalation because an attacker can send a me...
E
CVE-2019-15720 CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With ...
E M
CVE-2019-15721 An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal ...
CVE-2019-15722 An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular m...
CVE-2019-15723 An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1...
CVE-2019-15724 An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descr...
CVE-2019-15725 An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in t...
CVE-2019-15726 An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images a...
CVE-2019-15727 An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient...
CVE-2019-15728 An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections ...
CVE-2019-15729 An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal ...
CVE-2019-15730 An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. The Jira int...
CVE-2019-15731 An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members ...
CVE-2019-15732 An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project ...
CVE-2019-15733 An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specifie...
CVE-2019-15734 An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very sp...
CVE-2019-15736 An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain cir...
CVE-2019-15737 An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account a...
CVE-2019-15738 An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certai...
CVE-2019-15739 An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas...
CVE-2019-15740 An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocat...
CVE-2019-15741 An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate c...
E
CVE-2019-15742 A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Window...
E
CVE-2019-15743 The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LO...
CVE-2019-15744 The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyaki_softbank/keyaki_so...
CVE-2019-15745 The Eques elf smart plug and the mobile app use a hardcoded AES 256 bit key to encrypt the commands ...
E
CVE-2019-15746 SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker...
CVE-2019-15747 SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their per...
CVE-2019-15748 SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by brows...
CVE-2019-15749 SITOS six Build v6.2.1 allows a user to change their password and recovery email address without req...
CVE-2019-15750 A Cross-Site Scripting (XSS) vulnerability in the blog function in SITOS six Build v6.2.1 allows rem...
CVE-2019-15751 An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execu...
CVE-2019-15752 Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a T...
KEV E
CVE-2019-15753 In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC ...
S
CVE-2019-15757 libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG parser in parser.c....
E S
CVE-2019-15758 An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead...
E S
CVE-2019-15759 An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead t...
E S
CVE-2019-15766 The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for Android allows authenticated remote code...
E
CVE-2019-15767 In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd....
E
CVE-2019-15769 The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option....
CVE-2019-15770 The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification che...
CVE-2019-15771 The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification...
E
CVE-2019-15772 The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification ...
E
CVE-2019-15773 The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX action that allows modification of ...
E
CVE-2019-15774 The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of...
E
CVE-2019-15775 The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX action that allows modification o...
E
CVE-2019-15776 The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection aga...
E
CVE-2019-15777 The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-com...
E
CVE-2019-15778 The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS....
CVE-2019-15779 The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice...
CVE-2019-15780 The formidable plugin before 4.02.01 for WordPress has unsafe deserialization....
CVE-2019-15781 The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF....
CVE-2019-15782 WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name....
S
CVE-2019-15783 Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc....
S
CVE-2019-15784 Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array overflow if there are many SRT c...
S
CVE-2019-15785 FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c....
E S
CVE-2019-15786 ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large rxpacket....
S
CVE-2019-15787 libZetta.rs through 0.1.2 has an integer overflow in the zpool parser (for error stats) that leads t...
S
CVE-2019-15788 Clara Genomics Analysis before 0.2.0 has an integer overflow for cudapoa memory management in alloca...
S
CVE-2019-15789 Microk8s Privilege Escalation Vulnerability
E
CVE-2019-15790 Apport reads PID files with elevated privileges
E S
CVE-2019-15791 Reference count underflow in shiftfs
S
CVE-2019-15792 Type confusion in shiftfs
S
CVE-2019-15793 Mishandling of file-system uid/gid with namespaces in shiftfs
S
CVE-2019-15794 Reference counting error in overlayfs/shiftfs error path when used in conjuction with aufs
S
CVE-2019-15795 python-apt uses MD5 for validation
S
CVE-2019-15796 python-apt downloads from untrusted sources
S
CVE-2019-15797 Rejected reason: CVE ID was once reserved, but never used....
R
CVE-2019-15798 Rejected reason: CVE ID was once reserved, but never used....
R
CVE-2019-15799 An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts c...
E
CVE-2019-15800 An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of ...
E
CVE-2019-15801 An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware im...
E
CVE-2019-15802 An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware ha...
E
CVE-2019-15803 An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undo...
E
CVE-2019-15804 An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a si...
E
CVE-2019-15805 CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentic...
CVE-2019-15806 CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentic...
CVE-2019-15807 In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when...
S
CVE-2019-15809 Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC ...
E
CVE-2019-15810 Insufficient sanitization during device search in Netdisco 2.042010 allows for reflected XSS via man...
S
CVE-2019-15811 In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php h...
E
CVE-2019-15813 Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated ...
E
CVE-2019-15814 Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbi...
E
CVE-2019-15815 ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce ...
S
CVE-2019-15816 The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes...
E
CVE-2019-15817 The easy-property-listings plugin before 3.4 for WordPress has XSS....
CVE-2019-15818 The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement f...
E
CVE-2019-15819 The nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for nd_rst_import_...
E
CVE-2019-15820 The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_se...
E
CVE-2019-15821 The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings...
CVE-2019-15822 The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory trav...
CVE-2019-15823 The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass....
E
CVE-2019-15824 The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass....
E
CVE-2019-15825 The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass....
E
CVE-2019-15826 The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the...
E
CVE-2019-15827 The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdoma...
E
CVE-2019-15828 The one-click-ssl plugin before 1.4.7 for WordPress has CSRF....
E
CVE-2019-15829 The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblo...
CVE-2019-15830 The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS....
CVE-2019-15831 The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings ...
CVE-2019-15832 The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF....
E
CVE-2019-15833 The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS....
CVE-2019-15834 The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF....
S
CVE-2019-15835 The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF....
S
CVE-2019-15836 The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS....
S
CVE-2019-15837 The webp-express plugin before 0.14.8 for WordPress has stored XSS....
E S
CVE-2019-15838 The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability th...
CVE-2019-15839 The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion....
CVE-2019-15840 The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF....
CVE-2019-15841 The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_pos...
CVE-2019-15842 The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS....
CVE-2019-15843 A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. A par...
CVE-2019-15845 Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within Fil...
CVE-2019-15846 Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslas...
M
CVE-2019-15847 The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls ...
CVE-2019-15848 JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it poss...
S
CVE-2019-15849 eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs and...
E M
CVE-2019-15850 eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execution in the ReGa.runScript meth...
E
CVE-2019-15851 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-13590. Reason: This candidat...
R
CVE-2019-15854 An issue was discovered in Maarch RM before 2.5. A privilege escalation vulnerability allows an auth...
CVE-2019-15855 An issue was discovered in Maarch RM before 2.5. A path traversal vulnerability allows an unauthenti...
CVE-2019-15858 admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress...
E
CVE-2019-15859 Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remo...
CVE-2019-15860 Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November ...
E
CVE-2019-15862 An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote att...
CVE-2019-15863 The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation (with the none ...
CVE-2019-15864 The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS....
S
CVE-2019-15865 The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF....
S
CVE-2019-15866 The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside ...
E
CVE-2019-15867 The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13# password for the slick...
E S
CVE-2019-15868 The affiliates-manager plugin before 2.6.6 for WordPress has CSRF....
S
CVE-2019-15869 The JobCareer theme before 2.5.1 for WordPress has stored XSS....
E
CVE-2019-15870 The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field....
E
CVE-2019-15871 The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings....
E
CVE-2019-15872 The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings....
E
CVE-2019-15873 The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote co...
E
CVE-2019-15874 In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r3560...
S
CVE-2019-15875 In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0...
S
CVE-2019-15876 In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r3560...
S
CVE-2019-15877 In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-RELEASE-p3, driver specific ioctl...
S
CVE-2019-15878 In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and 11.3-RELEASE before p9, an un...
CVE-2019-15879 In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-...
CVE-2019-15880 In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, insufficient checking in the cryp...
CVE-2019-15881 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-15882 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-15883 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-15884 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-15885 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-15886 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-15887 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-15888 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2019-15889 The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, ...
E S
CVE-2019-15890 libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c....
S
CVE-2019-15891 An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has mis...
CVE-2019-15892 An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP...
CVE-2019-15893 Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution....
CVE-2019-15894 An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x th...
M
CVE-2019-15895 search-exclude.php in the "Search Exclude" plugin before 1.2.4 for WordPress allows unauthenticated ...
CVE-2019-15896 An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import func...
E
CVE-2019-15897 beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows Authentication Bypass via communication with a B...
M
CVE-2019-15898 Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page....
E
CVE-2019-15900 An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On plat...
S
CVE-2019-15901 An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setus...
E S
CVE-2019-15902 A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x ...
E S
CVE-2019-15903 In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to ...
E S
CVE-2019-15910 An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using Z...
E
CVE-2019-15911 An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using Z...
E
CVE-2019-15912 An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using Z...
E
CVE-2019-15913 An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Bec...
E
CVE-2019-15914 An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Att...
E
CVE-2019-15915 An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCGQ01LM devices. Attackers can u...
E
CVE-2019-15916 An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_k...
S
CVE-2019-15917 An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_u...
S
CVE-2019-15918 An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has a...
S
CVE-2019-15919 An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use...
S
CVE-2019-15920 An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-...
E S
CVE-2019-15921 An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_allo...
E S
CVE-2019-15922 An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a ...
E S
CVE-2019-15923 An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a ...
E S
CVE-2019-15924 An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet...
E S
CVE-2019-15925 An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the func...
S
CVE-2019-15926 An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functio...
S
CVE-2019-15927 An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the fun...
S
CVE-2019-15929 In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like nor...
CVE-2019-15930 Intesync Solismed 3.3sp allows Clickjacking....
E
CVE-2019-15931 Intesync Solismed 3.3sp allows Directory Traversal, a different vulnerability than CVE-2019-16246....
E
CVE-2019-15932 Intesync Solismed 3.3sp has Incorrect Access Control....
E
CVE-2019-15933 Intesync Solismed 3.3sp has SQL Injection....
E
CVE-2019-15934 Intesync Solismed 3.3sp has CSRF....
E
CVE-2019-15935 Intesync Solismed 3.3sp has XSS....
E
CVE-2019-15936 Intesync Solismed 3.3sp allows Insecure File Upload....
E
CVE-2019-15937 Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs....
S
CVE-2019-15938 Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c b...
S
CVE-2019-15939 An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDe...
E S
CVE-2019-15940 Victure PC530 devices allow unauthenticated TELNET access as root....
E
CVE-2019-15941 OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access cont...
CVE-2019-15942 FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_pa...
E
CVE-2019-15943 vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve ...
E
CVE-2019-15944 In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML...
CVE-2019-15945 OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in l...
S
CVE-2019-15946 OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry i...
S
CVE-2019-15947 In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it ma...
CVE-2019-15948 Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices, when LE scan mode is use...
CVE-2019-15949 Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the s...
KEV E
CVE-2019-15950 The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted vCard data....
E
CVE-2019-15952 An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can c...
E
CVE-2019-15953 An issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can ge...
E
CVE-2019-15954 An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can...
E
CVE-2019-15955 An issue was discovered in Total.js CMS 12.0.0. A low privilege user can perform a simple transforma...
E
CVE-2019-15956 Cisco Web Security Appliance Unauthorized Device Reset Vulnerability
CVE-2019-15957 Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Command Injection Vulnerability
CVE-2019-15958 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability
CVE-2019-15959 Cisco Small Business SPA500 Series IP Phones Local Script Execution Vulnerability
CVE-2019-15960 Cisco Webex Network Recording Admin Page Privilege Escalation Vulnerability
CVE-2019-15961 Clam AntiVirus (ClamAV) Software Email Parsing Vulnerability
E
CVE-2019-15962 Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write Vulnerability
CVE-2019-15963 Cisco Unified Communications Manager Information Disclosure Vulnerability
CVE-2019-15966 A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an a...
S
CVE-2019-15967 Cisco TelePresence Collaboration Endpoint and RoomOS Audio Eavesdropping Vulnerability
CVE-2019-15968 Cisco Unified Communications Domain Manager Persistent Cross-Site Scripting Vulnerability
CVE-2019-15969 Cisco Web Security Appliance Management Interface Cross-Site Scripting Vulnerability
CVE-2019-15971 Cisco Email Security Appliance MP3 Content Filter Bypass Vulnerability
CVE-2019-15972 Cisco Unified Communications Manager SQL Injection Vulnerability
CVE-2019-15973 Cisco Industrial Network Director Reflected Cross-Site Scripting Vulnerability
CVE-2019-15974 Cisco Managed Services Accelerator Open Redirect Vulnerability
S
CVE-2019-15975 Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
E
CVE-2019-15976 Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
E
CVE-2019-15977 Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
E
CVE-2019-15978 Cisco Data Center Network Manager Command Injection Vulnerabilities
E
CVE-2019-15979 Cisco Data Center Network Manager Command Injection Vulnerabilities
CVE-2019-15980 Cisco Data Center Network Manager Path Traversal Vulnerabilities
CVE-2019-15981 Cisco Data Center Network Manager Path Traversal Vulnerabilities
CVE-2019-15982 Cisco Data Center Network Manager Path Traversal Vulnerabilities
CVE-2019-15983 Cisco Data Center Network Manager XML External Entity Read Access Vulnerability
CVE-2019-15984 Cisco Data Center Network Manager SQL Injection Vulnerabilities
E
CVE-2019-15985 Cisco Data Center Network Manager SQL Injection Vulnerabilities
CVE-2019-15986 Cisco Unity Express Command Injection Vulnerability
CVE-2019-15987 Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability
CVE-2019-15988 Cisco Email Security Appliance URL Filtering Bypass Vulnerability
CVE-2019-15989 Cisco IOS XR Software Border Gateway Protocol Attribute Denial of Service Vulnerability
CVE-2019-15990 Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure Vulnerability
CVE-2019-15992 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Code Execution Vulnerability
S
CVE-2019-15993 Cisco Small Business Switches Information Disclosure Vulnerability
CVE-2019-15994 Cisco Stealthwatch Enterprise Cross-Site Scripting Vulnerability
CVE-2019-15995 Cisco DNA Spaces: Connector SQL Injection Vulnerability
CVE-2019-15996 Cisco DNA Spaces: Connector Privilege Escalation Vulnerability
CVE-2019-15997 Cisco DNA Spaces: Connector Command Injection Vulnerability
CVE-2019-15998 Cisco IOS XR Software NETCONF Over Secure Shell ACL Bypass Vulnerability
CVE-2019-15999 Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.