| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2019-16000 | Cisco Umbrella Roaming Client for Windows Install Vulnerability | | |
| CVE-2019-16001 | Cisco Webex Teams for Windows DLL Hijacking Vulnerability | | |
| CVE-2019-16002 | Cisco SD-WAN Solution vManage Cross-Site Request Forgery Vulnerability | | |
| CVE-2019-16003 | Cisco UCS Director Information Disclosure Vulnerability | | |
| CVE-2019-16004 | Cisco Vision Dynamic Signage Director Authentication Bypass Vulnerability | | |
| CVE-2019-16005 | Cisco Webex Video Mesh Node Command Injection Vulnerability | | |
| CVE-2019-16007 | Cisco AnyConnect Secure Mobility Client for Android Service Hijack Vulnerability | | |
| CVE-2019-16008 | Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting Vulnerability | | |
| CVE-2019-16009 | Cisco IOS and Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability | | |
| CVE-2019-16010 | Cisco SD-WAN Solution vManage Stored Cross-Site Scripting Vulnerability | | |
| CVE-2019-16011 | Cisco IOS XE SD-WAN Software Command Injection Vulnerability | | |
| CVE-2019-16012 | Cisco SD-WAN Solution vManage SQL Injection Vulnerability | | |
| CVE-2019-16015 | Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability | | |
| CVE-2019-16017 | Cisco Unified Customer Voice Portal Insecure Direct Object Reference Vulnerability | | |
| CVE-2019-16018 | Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability | | |
| CVE-2019-16019 | Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities | | |
| CVE-2019-16020 | Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities | | |
| CVE-2019-16021 | Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities | | |
| CVE-2019-16022 | Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities | | |
| CVE-2019-16023 | Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities | | |
| CVE-2019-16024 | Cisco Crosswork Change Automation Cross-Site Scripting Vulnerability | | |
| CVE-2019-16025 | Cisco Emergency Responder Stored Cross-Site Scripting Vulnerability | | |
| CVE-2019-16026 | Cisco Mobility Management Entity Denial of Service Vulnerability | | |
| CVE-2019-16027 | Cisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnerability | | |
| CVE-2019-16028 | Cisco Firepower Management Center Lightweight Directory Access Protocol Authentication Bypass Vulnerability | | |
| CVE-2019-16029 | Cisco Smart Software Manager On-Prem Web Interface Denial of Service Vulnerability | | |
| CVE-2019-16056 | An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x ... | S | |
| CVE-2019-16057 | The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injectio... | KEV E | |
| CVE-2019-16058 | An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates... | S | |
| CVE-2019-16059 | Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into... | E | |
| CVE-2019-16060 | The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and... | S | |
| CVE-2019-16061 | A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are granted weak world-readable a... | E | |
| CVE-2019-16062 | NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data stored within the SQL database. I... | E | |
| CVE-2019-16063 | NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It is ... | | |
| CVE-2019-16064 | NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal vulnerability that can allow a... | E | |
| CVE-2019-16065 | A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web appli... | E | |
| CVE-2019-16066 | An unrestricted file upload vulnerability exists in user and system file upload functions in NETSAS ... | E | |
| CVE-2019-16067 | NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access cont... | E | |
| CVE-2019-16068 | A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attack... | E | |
| CVE-2019-16069 | A number of stored Cross-site Scripting (XSS) vulnerabilities were identified in NETSAS Enigma NMS 6... | E | |
| CVE-2019-16070 | A number of stored Cross-site Scripting (XSS) vulnerabilities were identified in NETSAS Enigma NMS 6... | E | |
| CVE-2019-16071 | Enigma NMS 65.0.0 and prior allows administrative users to create low-privileged accounts that do no... | E | |
| CVE-2019-16072 | An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.... | E | |
| CVE-2019-16088 | Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTr... | E | |
| CVE-2019-16089 | An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c d... | S | |
| CVE-2019-16091 | Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c.... | S | |
| CVE-2019-16092 | Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c.... | S | |
| CVE-2019-16093 | Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.... | S | |
| CVE-2019-16094 | Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.... | S | |
| CVE-2019-16095 | Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c.... | S | |
| CVE-2019-16096 | Kilo 0.0.1 has a heap-based buffer overflow because there is an integer overflow in a calculation in... | E | |
| CVE-2019-16097 | core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via t... | S | |
| CVE-2019-16098 | The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any ... | E | |
| CVE-2019-16099 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file.... | E | |
| CVE-2019-16100 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface out... | E | |
| CVE-2019-16101 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitiv... | | |
| CVE-2019-16102 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunit... | | |
| CVE-2019-16103 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from t... | E | |
| CVE-2019-16104 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/... | E | |
| CVE-2019-16105 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/confi... | | |
| CVE-2019-16106 | The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated atta... | | |
| CVE-2019-16107 | Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments.... | | |
| CVE-2019-16108 | phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) token sequence to a page through... | S | |
| CVE-2019-16109 | An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a ... | S | |
| CVE-2019-16110 | The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shad... | | |
| CVE-2019-16112 | TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via ... | E | |
| CVE-2019-16113 | Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can ... | E | |
| CVE-2019-16114 | In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use... | E S | |
| CVE-2019-16115 | In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform i... | E | |
| CVE-2019-16116 | EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the... | E | |
| CVE-2019-16117 | Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordP... | S | |
| CVE-2019-16118 | Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordP... | S | |
| CVE-2019-16119 | SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists v... | S | |
| CVE-2019-16120 | CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via t... | E | |
| CVE-2019-16123 | In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading... | E | |
| CVE-2019-16124 | In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to eve... | E S | |
| CVE-2019-16125 | In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to ... | E | |
| CVE-2019-16126 | Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images.... | E | |
| CVE-2019-16127 | Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.... | E | |
| CVE-2019-16128 | Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue ... | E | |
| CVE-2019-16129 | Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue ... | E | |
| CVE-2019-16130 | YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.php via a name field to /contact... | E | |
| CVE-2019-16131 | framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability bec... | E | |
| CVE-2019-16132 | An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control.php allows remote attackers t... | E | |
| CVE-2019-16133 | An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the accou... | E | |
| CVE-2019-16137 | An issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is used. Because memory... | | |
| CVE-2019-16138 | An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format de... | S | |
| CVE-2019-16139 | An issue was discovered in the compact_arena crate before 0.4.0 for Rust. Generativity is mishandled... | | |
| CVE-2019-16140 | An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during b... | | |
| CVE-2019-16141 | An issue was discovered in the once_cell crate before 1.0.1 for Rust. There is a panic during initia... | | |
| CVE-2019-16142 | An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take ... | S | |
| CVE-2019-16143 | An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithm... | | |
| CVE-2019-16144 | An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used ... | | |
| CVE-2019-16145 | The breadcrumbs contributed module through 0.2.0 for Padrino Framework allows XSS via a caption.... | S | |
| CVE-2019-16146 | Gophish through 0.8.0 allows XSS via a username.... | S | |
| CVE-2019-16147 | Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp ... | S | |
| CVE-2019-16148 | Sakai through 12.6 allows XSS via a chat user name.... | S | |
| CVE-2019-16149 | An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may a... | S | |
| CVE-2019-16150 | Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and config... | | |
| CVE-2019-16151 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS 6.4... | S | |
| CVE-2019-16152 | A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user w... | E | |
| CVE-2019-16153 | A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and b... | | |
| CVE-2019-16154 | An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 ma... | | |
| CVE-2019-16155 | A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with ... | E | |
| CVE-2019-16156 | An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortine... | | |
| CVE-2019-16157 | An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authen... | | |
| CVE-2019-16159 | BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer over... | S | |
| CVE-2019-16160 | An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthentica... | | |
| CVE-2019-16161 | Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token... | E S | |
| CVE-2019-16162 | Onigmo through 6.2.0 has an out-of-bounds read in parse_char_class because of missing codepoint vali... | E | |
| CVE-2019-16163 | Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.... | E S | |
| CVE-2019-16164 | MyHTML through 4.0.5 has a NULL pointer dereference in myhtml_tree_node_remove in tree.c.... | E | |
| CVE-2019-16165 | GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.... | | |
| CVE-2019-16166 | GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.... | | |
| CVE-2019-16167 | sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_commo... | E | |
| CVE-2019-16168 | In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other applicati... | S | |
| CVE-2019-16170 | An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1... | | |
| CVE-2019-16171 | In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page.... | | |
| CVE-2019-16172 | LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account... | E S | |
| CVE-2019-16173 | LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged acco... | E S | |
| CVE-2019-16174 | An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers t... | S | |
| CVE-2019-16175 | A clickjacking vulnerability was found in Limesurvey before 3.17.14.... | S | |
| CVE-2019-16176 | A path disclosure vulnerability was found in Limesurvey before 3.17.14 that allows a remote attacker... | S | |
| CVE-2019-16177 | In Limesurvey before 3.17.14, the entire database is exposed through browser caching.... | S | |
| CVE-2019-16178 | A stored cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows... | S | |
| CVE-2019-16179 | Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration.... | S | |
| CVE-2019-16180 | Limesurvey before 3.17.14 allows remote attackers to bruteforce the login form and enumerate usernam... | S | |
| CVE-2019-16181 | In Limesurvey before 3.17.14, admin users can mark other users' notifications as read.... | S | |
| CVE-2019-16182 | A reflected cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that all... | S | |
| CVE-2019-16183 | In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions.... | S | |
| CVE-2019-16184 | A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants... | S | |
| CVE-2019-16185 | In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without ... | S | |
| CVE-2019-16186 | In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions.... | S | |
| CVE-2019-16187 | Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers... | S | |
| CVE-2019-16188 | HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple lo... | S | |
| CVE-2019-16190 | SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L ... | E | |
| CVE-2019-16192 | upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attack... | E | |
| CVE-2019-16193 | In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting... | | |
| CVE-2019-16194 | SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in in... | S | |
| CVE-2019-16195 | Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias ... | S | |
| CVE-2019-16197 | In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied int... | E | |
| CVE-2019-16198 | KSLabs KSWEB 3.93 allows ../ directory traversal, as demonstrated by the hostFile parameter.... | E | |
| CVE-2019-16199 | eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenti... | E | |
| CVE-2019-16200 | GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the ... | E | |
| CVE-2019-16201 | WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 ha... | | |
| CVE-2019-16202 | MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, es... | S | |
| CVE-2019-16203 | Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESR... | | |
| CVE-2019-16204 | Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwo... | | |
| CVE-2019-16205 | A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force... | | |
| CVE-2019-16206 | The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credent... | | |
| CVE-2019-16207 | Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated... | | |
| CVE-2019-16208 | Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in... | | |
| CVE-2019-16209 | A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allo... | | |
| CVE-2019-16210 | Brocade SANnav versions before v2.0, logs plain text database connection password while triggering s... | | |
| CVE-2019-16211 | Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability.... | | |
| CVE-2019-16212 | A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker... | | |
| CVE-2019-16213 | Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute a... | E | |
| CVE-2019-16214 | Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it... | E S | |
| CVE-2019-16215 | The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential... | S | |
| CVE-2019-16216 | Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is log... | S | |
| CVE-2019-16217 | WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled.... | S | |
| CVE-2019-16218 | WordPress before 5.2.3 allows XSS in stored comments.... | | |
| CVE-2019-16219 | WordPress before 5.2.3 allows XSS in shortcode previews.... | | |
| CVE-2019-16220 | In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includ... | S | |
| CVE-2019-16221 | WordPress before 5.2.3 allows reflected XSS in the dashboard.... | | |
| CVE-2019-16222 | WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-include... | E S | |
| CVE-2019-16223 | WordPress before 5.2.3 allows XSS in post previews by authenticated users.... | E | |
| CVE-2019-16224 | An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not prope... | E | |
| CVE-2019-16225 | An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not pro... | E | |
| CVE-2019-16226 | An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an ... | E | |
| CVE-2019-16227 | An issue was discovered in py-lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a m... | E | |
| CVE-2019-16228 | An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_ope... | E | |
| CVE-2019-16229 | drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workq... | S | |
| CVE-2019-16230 | drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueu... | S | |
| CVE-2019-16231 | drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return va... | S | |
| CVE-2019-16232 | drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_... | E S | |
| CVE-2019-16233 | drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return v... | S | |
| CVE-2019-16234 | drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_... | S | |
| CVE-2019-16235 | Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_me... | E S | |
| CVE-2019-16236 | Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala.... | E S | |
| CVE-2019-16237 | Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_messa... | S | |
| CVE-2019-16238 | Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retr... | E | |
| CVE-2019-16239 | process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses ... | | |
| CVE-2019-16240 | A Buffer Overflow and Information Disclosure issue exists in HP OfficeJet Pro Printers before 001.19... | | |
| CVE-2019-16241 | On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a spe... | E | |
| CVE-2019-16242 | On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock th... | E | |
| CVE-2019-16243 | On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocumented web API that allows unprivi... | E | |
| CVE-2019-16244 | OMERO.server before 5.6.1 allows attackers to bypass the security filters and access hidden objects ... | | |
| CVE-2019-16245 | OMERO before 5.6.1 makes the details of each user available to all users.... | | |
| CVE-2019-16246 | Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-... | E | |
| CVE-2019-16247 | Delta DCISoft 1.21 has a User Mode Write AV starting at CommLib!CCommLib::SetSerializeData+0x0000000... | E | |
| CVE-2019-16248 | The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from ... | E | |
| CVE-2019-16249 | OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when calle... | S | |
| CVE-2019-16250 | includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthentica... | E | |
| CVE-2019-16251 | plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows... | | |
| CVE-2019-16252 | Missing SSL Certificate Validation in the Nutfind.com application through 3.9.12 for Android allows ... | | |
| CVE-2019-16253 | The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.00.101 for Android al... | E | |
| CVE-2019-16254 | Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If ... | | |
| CVE-2019-16255 | Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first ... | E S | |
| CVE-2019-16256 | Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which mi... | KEV E | |
| CVE-2019-16257 | Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which m... | E | |
| CVE-2019-16258 | The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to ga... | | |
| CVE-2019-16261 | Tripp Lite PDUMH15AT 12.04.0053 and SU750XL 12.04.0052 devices allow unauthenticated POST requests t... | E | |
| CVE-2019-16263 | The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL c... | E | |
| CVE-2019-16264 | In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) v1... | E | |
| CVE-2019-16265 | CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow.... | | |
| CVE-2019-16268 | Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the... | E | |
| CVE-2019-16271 | DTEN D5 and D7 before 1.3.2 devices allows remote attackers to read saved whiteboard image PDF docum... | | |
| CVE-2019-16272 | On DTEN D5 and D7 before 1.3.4 devices, factory settings allows for firmware reflash and Android Deb... | | |
| CVE-2019-16273 | DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Br... | | |
| CVE-2019-16274 | DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP.... | | |
| CVE-2019-16275 | hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in... | S | |
| CVE-2019-16276 | Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.... | S | |
| CVE-2019-16277 | PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from Expr... | E | |
| CVE-2019-16278 | Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker ... | KEV E | |
| CVE-2019-16279 | A memory error in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to tri... | E | |
| CVE-2019-16281 | Ptarmigan before 0.2.3 lacks API token validation, e.g., an "if (token === apiToken) {return true;} ... | S | |
| CVE-2019-16282 | In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Cu... | E | |
| CVE-2019-16283 | A potential security vulnerability has been identified with a version of the HP Softpaq installer th... | | |
| CVE-2019-16284 | A potential security vulnerability has been identified in multiple HP products and versions which in... | | |
| CVE-2019-16285 | If a local user has been configured and logged in, an unauthenticated attacker with physical access ... | | |
| CVE-2019-16286 | An attacker may be able to bypass the OS application filter meant to restrict applications that can ... | | |
| CVE-2019-16287 | In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application fil... | | |
| CVE-2019-16288 | On Tenda N301 wireless routers, a long string in the wifiSSID parameter of a goform/setWifi POST req... | | |
| CVE-2019-16289 | The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS vi... | E | |
| CVE-2019-16293 | The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execut... | E | |
| CVE-2019-16294 | SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of se... | E | |
| CVE-2019-16295 | Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists vi... | E | |
| CVE-2019-16297 | An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application... | | |
| CVE-2019-16298 | An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband netwo... | | |
| CVE-2019-16299 | An issue was discovered in Open Network Operating System (ONOS) 1.14. In the mobility application (o... | | |
| CVE-2019-16300 | An issue was discovered in Open Network Operating System (ONOS) 1.14. In the access control applicat... | | |
| CVE-2019-16301 | An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual tenant network ... | | |
| CVE-2019-16302 | An issue was discovered in Open Network Operating System (ONOS) 1.14. In the Ethernet VPN applicatio... | | |
| CVE-2019-16303 | A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produc... | E S | |
| CVE-2019-16305 | In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link ... | E | |
| CVE-2019-16307 | A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp an... | E | |
| CVE-2019-16309 | FlameCMS 3.3.5 has SQL injection in account/login.php via accountName.... | E | |
| CVE-2019-16310 | NIUSHOP V1.11 has XSS via the index.php?s=/admin URI.... | E | |
| CVE-2019-16311 | NIUSHOP V1.11 has CSRF via search_info to index.php.... | E | |
| CVE-2019-16312 | s-cms V3.0 has XSS in index.php?type=text via the S_id parameter.... | E | |
| CVE-2019-16313 | ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source... | E | |
| CVE-2019-16314 | Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstu... | E | |
| CVE-2019-16317 | In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file v... | S | |
| CVE-2019-16318 | In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions ... | S | |
| CVE-2019-16319 | In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loo... | | |
| CVE-2019-16320 | Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensiti... | | |
| CVE-2019-16321 | ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demo... | E | |
| CVE-2019-16326 | D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. A remote attac... | E | |
| CVE-2019-16327 | D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. They do not check for auth... | E | |
| CVE-2019-16328 | In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct... | E | |
| CVE-2019-16330 | In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/S... | E | |
| CVE-2019-16332 | In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly f... | E | |
| CVE-2019-16333 | GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.... | E | |
| CVE-2019-16334 | In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> N... | E | |
| CVE-2019-16335 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related... | S | |
| CVE-2019-16336 | The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes d... | E | |
| CVE-2019-16337 | The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-free via an unknown object in a... | E | |
| CVE-2019-16338 | The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 allows a use-after-free via a c... | E | |
| CVE-2019-16340 | Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a... | E S | |
| CVE-2019-16344 | A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR/login.htm) in ScadaBR 1.0CE a... | E | |
| CVE-2019-16346 | ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGif... | E S | |
| CVE-2019-16347 | ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGi... | S | |
| CVE-2019-16348 | marc-q libwav through 2017-04-20 has a NULL pointer dereference in gain_file() at wav_gain.c.... | E | |
| CVE-2019-16349 | Bento4 1.5.1-628 has a NULL pointer dereference in AP4_ByteStream::ReadUI32 in Core/Ap4ByteStream.cp... | E | |
| CVE-2019-16350 | ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c.... | E | |
| CVE-2019-16351 | ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_decode_step() at huffman.c.... | E | |
| CVE-2019-16352 | ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c.... | E | |
| CVE-2019-16353 | Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash v... | E | |
| CVE-2019-16354 | The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a... | | |
| CVE-2019-16355 | The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak pe... | E | |
| CVE-2019-16366 | In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.... | E | |
| CVE-2019-16370 | The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an atta... | E S | |
| CVE-2019-16371 | LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the cr... | E | |
| CVE-2019-16374 | Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of... | | |
| CVE-2019-16375 | An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edi... | | |
| CVE-2019-16377 | The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Control.... | E | |
| CVE-2019-16378 | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability w... | S | |
| CVE-2019-16382 | An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileG... | S | |
| CVE-2019-16383 | MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 20... | S | |
| CVE-2019-16384 | Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltratio... | E | |
| CVE-2019-16385 | Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter withi... | E | |
| CVE-2019-16386 | PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_toke... | E | |
| CVE-2019-16387 | PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin... | E | |
| CVE-2019-16388 | PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STA... | E | |
| CVE-2019-16391 | SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published conten... | S | |
| CVE-2019-16392 | SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.... | S | |
| CVE-2019-16393 | SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0... | S | |
| CVE-2019-16394 | SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder... | E S | |
| CVE-2019-16395 | GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted ... | E | |
| CVE-2019-16396 | GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via c... | E | |
| CVE-2019-16398 | On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD car... | E | |
| CVE-2019-16399 | Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows... | E | |
| CVE-2019-16400 | Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: ... | | |
| CVE-2019-16401 | Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: ... | | |
| CVE-2019-16403 | In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such a... | E | |
| CVE-2019-16404 | Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allo... | E | |
| CVE-2019-16405 | Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.... | E S | |
| CVE-2019-16406 | Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka V... | E | |
| CVE-2019-16407 | JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.... | | |
| CVE-2019-16409 | In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are ... | | |
| CVE-2019-16410 | An issue was discovered in Suricata 4.1.4. By sending multiple fragmented IPv4 packets, the function... | | |
| CVE-2019-16411 | An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Op... | | |
| CVE-2019-16412 | In goform/setSysTools on Tenda N301 wireless routers, attackers can trigger a device crash via a zer... | E | |
| CVE-2019-16413 | An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_w... | E S | |
| CVE-2019-16414 | A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the ... | E | |
| CVE-2019-16416 | HRworks 3.36.9 allows XSS via the purpose of a travel-expense report.... | E | |
| CVE-2019-16417 | HRworks FLOW 3.36.9 allows XSS via the purpose of a travel-expense report.... | E | |
| CVE-2019-16444 | Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011... | | |
| CVE-2019-16445 | Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011... | | |
| CVE-2019-16446 | Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011... | | |
| CVE-2019-16448 | Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011... | | |
| CVE-2019-16449 | Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011... | | |
| CVE-2019-16450 | Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011... | | |
| CVE-2019-16451 | Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011... | | |
| CVE-2019-16452 | Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011... | | |
| CVE-2019-16453 | Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011... | | |
| CVE-2019-16454 | Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011... | | |
| CVE-2019-16455 | Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011... | | |
| CVE-2019-16456 | Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011... | | |
| CVE-2019-16457 | Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011... | | |
| CVE-2019-16458 | Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011... | | |
| CVE-2019-16459 | Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011... | | |
| CVE-2019-16460 | Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011... | | |
| CVE-2019-16461 | Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011... | | |
| CVE-2019-16462 | Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011... | | |
| CVE-2019-16463 | Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011... | | |
| CVE-2019-16464 | Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011... | | |
| CVE-2019-16465 | Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011... | | |
| CVE-2019-16466 | Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scrip... | S | |
| CVE-2019-16467 | Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scrip... | S | |
| CVE-2019-16468 | Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection ... | S | |
| CVE-2019-16469 | Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injec... | S | |
| CVE-2019-16470 | CoolType.dll crash - Tianfu Cup | | |
| CVE-2019-16471 | Use-After-Free in app.measureDialog - Tianfu Cup | | |
| CVE-2019-16508 | The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R7... | E | |
| CVE-2019-16510 | libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_serv... | E | |
| CVE-2019-16511 | An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compress... | S | |
| CVE-2019-16512 | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Th... | E | |
| CVE-2019-16513 | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CS... | E | |
| CVE-2019-16514 | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Th... | E | |
| CVE-2019-16515 | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Ce... | E | |
| CVE-2019-16516 | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Th... | E | |
| CVE-2019-16517 | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Th... | E | |
| CVE-2019-16518 | An issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform. An attacker may b... | E | |
| CVE-2019-16519 | ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as ... | | |
| CVE-2019-16520 | The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible t... | E S | |
| CVE-2019-16521 | The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible... | E | |
| CVE-2019-16522 | The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to St... | E | |
| CVE-2019-16523 | The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored ... | E | |
| CVE-2019-16524 | The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XS... | E | |
| CVE-2019-16525 | An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter i... | E S | |
| CVE-2019-16528 | An issue was discovered in the AbuseFilter extension for MediaWiki. includes/special/SpecialAbuseLog... | S | |
| CVE-2019-16529 | An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit su... | S | |
| CVE-2019-16530 | Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, h... | S | |
| CVE-2019-16531 | LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via a... | E S | |
| CVE-2019-16532 | An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web... | E | |
| CVE-2019-16533 | On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm,... | | |
| CVE-2019-16534 | On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General... | | |
| CVE-2019-16535 | In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompre... | | |
| CVE-2019-16536 | Stack overflow leading to DoS can be triggered by a malicious authenticated client. | | |
| CVE-2019-16538 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the han... | | |
| CVE-2019-16539 | A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Ove... | | |
| CVE-2019-16540 | A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with... | | |
| CVE-2019-16541 | Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Ji... | | |
| CVE-2019-16542 | Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in ... | | |
| CVE-2019-16543 | Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configu... | | |
| CVE-2019-16544 | Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stores credentials unencrypted in ... | | |
| CVE-2019-16545 | Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain... | | |
| CVE-2019-16546 | Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting... | | |
| CVE-2019-16547 | Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and... | | |
| CVE-2019-16548 | A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier... | | |
| CVE-2019-16549 | Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML ext... | | |
| CVE-2019-16550 | A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release... | | |
| CVE-2019-16551 | A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allow... | | |
| CVE-2019-16552 | A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with... | | |
| CVE-2019-16553 | A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earli... | | |
| CVE-2019-16554 | A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attack... | | |
| CVE-2019-16555 | A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was p... | | |
| CVE-2019-16556 | Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration ... | | |
| CVE-2019-16557 | Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job... | | |
| CVE-2019-16558 | Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenk... | | |
| CVE-2019-16559 | A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers w... | | |
| CVE-2019-16560 | A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier al... | | |
| CVE-2019-16561 | Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable... | | |
| CVE-2019-16562 | Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the description of builds shown in it... | | |
| CVE-2019-16563 | Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names ... | | |
| CVE-2019-16564 | Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its vie... | | |
| CVE-2019-16565 | A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows a... | | |
| CVE-2019-16566 | A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Ov... | | |
| CVE-2019-16567 | A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods ... | | |
| CVE-2019-16568 | Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in p... | | |
| CVE-2019-16569 | A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0.26 and earlier allows attacker... | | |
| CVE-2019-16570 | A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows atta... | | |
| CVE-2019-16571 | A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overa... | | |
| CVE-2019-16572 | Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration fi... | | |
| CVE-2019-16573 | A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlie... | | |
| CVE-2019-16574 | A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attacke... | | |
| CVE-2019-16575 | A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earl... | | |
| CVE-2019-16576 | A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attac... | | |
| CVE-2019-16638 | An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext store... | E | |
| CVE-2019-16639 | An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without... | | |
| CVE-2019-16640 | An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the cla... | | |
| CVE-2019-16641 | An issue was found on the Ruijie EG-2000 series gateway. There is a buffer overflow in client.so. Co... | | |
| CVE-2019-16642 | App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.p... | E | |
| CVE-2019-16643 | An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area... | E | |
| CVE-2019-16644 | App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php... | E | |
| CVE-2019-16645 | An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/l... | E | |
| CVE-2019-16647 | Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows.... | E | |
| CVE-2019-16649 | On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authenticati... | | |
| CVE-2019-16650 | On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different c... | M | |
| CVE-2019-16651 | An issue was discovered on Virgin Media Super Hub 3 (based on ARRIS TG2492) devices. Because their S... | E | |
| CVE-2019-16652 | The BPM component in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated user... | | |
| CVE-2019-16653 | An application plugin in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated ... | | |
| CVE-2019-16655 | joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available.... | E | |
| CVE-2019-16656 | joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the ... | E | |
| CVE-2019-16657 | TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/i... | E | |
| CVE-2019-16658 | TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF.... | E | |
| CVE-2019-16659 | TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF.... | E | |
| CVE-2019-16660 | joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF.... | E | |
| CVE-2019-16661 | Ogma CMS 0.5 has XSS via creation of a new blog.... | E | |
| CVE-2019-16662 | An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sendin... | E | |
| CVE-2019-16663 | An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sendin... | E | |
| CVE-2019-16664 | An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do ... | E | |
| CVE-2019-16665 | An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&a... | E | |
| CVE-2019-16667 | diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as dem... | E | |
| CVE-2019-16669 | The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-m... | E | |
| CVE-2019-16670 | An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16... | | |
| CVE-2019-16671 | An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16... | | |
| CVE-2019-16672 | An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16... | | |
| CVE-2019-16673 | An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16... | | |
| CVE-2019-16674 | An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16... | | |
| CVE-2019-16675 | An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and C... | | |
| CVE-2019-16676 | Plataformatec Simple Form has Incorrect Access Control in file_method? in lib/simple_form/form_build... | E S | |
| CVE-2019-16677 | An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.... | E | |
| CVE-2019-16678 | admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a supe... | E | |
| CVE-2019-16679 | Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.... | E | |
| CVE-2019-16680 | An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal... | E S | |
| CVE-2019-16681 | The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewAc... | | |
| CVE-2019-16682 | The url_redirect (aka URL redirect) extension through 1.2.1 for TYPO3 fails to properly sanitize use... | | |
| CVE-2019-16683 | An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the catego... | E S | |
| CVE-2019-16684 | An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript paylo... | E S | |
| CVE-2019-16685 | Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user... | E | |
| CVE-2019-16686 | Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inje... | E | |
| CVE-2019-16687 | Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the ... | E | |
| CVE-2019-16688 | Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no pr... | E | |
| CVE-2019-16691 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-16692 | phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter w... | E | |
| CVE-2019-16693 | phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when acti... | E | |
| CVE-2019-16694 | phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter whe... | E | |
| CVE-2019-16695 | phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when act... | E | |
| CVE-2019-16696 | phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when actio... | E | |
| CVE-2019-16698 | The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 has a missing access check in th... | | |
| CVE-2019-16699 | The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails t... | | |
| CVE-2019-16700 | The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of... | | |
| CVE-2019-16701 | pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document wi... | E | |
| CVE-2019-16702 | Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow invo... | E | |
| CVE-2019-16703 | admin/infolist_add.php in PHPMyWind 5.6 has stored XSS.... | E | |
| CVE-2019-16704 | admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS.... | E | |
| CVE-2019-16705 | Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the dec... | E | |
| CVE-2019-16706 | kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php.... | E | |
| CVE-2019-16707 | Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.... | E | |
| CVE-2019-16708 | ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.... | E S | |
| CVE-2019-16709 | ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.... | E S | |
| CVE-2019-16710 | ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in Ma... | E S | |
| CVE-2019-16711 | ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.... | E S | |
| CVE-2019-16712 | ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by W... | E S | |
| CVE-2019-16713 | ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/c... | E S | |
| CVE-2019-16714 | In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain s... | S | |
| CVE-2019-16716 | OX App Suite through 7.10.2 has Incorrect Access Control.... | E | |
| CVE-2019-16717 | OX App Suite through 7.10.2 has XSS.... | E | |
| CVE-2019-16718 | In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin... | S | |
| CVE-2019-16719 | WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS.... | E | |
| CVE-2019-16720 | ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?up... | E | |
| CVE-2019-16721 | NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the adm... | E | |
| CVE-2019-16722 | ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because pa... | E | |
| CVE-2019-16723 | In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) vi... | S | |
| CVE-2019-16724 | File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting ... | E | |
| CVE-2019-16725 | In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of th... | | |
| CVE-2019-16728 | DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a M... | E | |
| CVE-2019-16729 | pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Pyt... | S | |
| CVE-2019-16730 | processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 ... | E | |
| CVE-2019-16731 | The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote a... | E | |
| CVE-2019-16732 | Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middl... | E | |
| CVE-2019-16733 | processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 a... | E | |
| CVE-2019-16734 | Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3... | E | |
| CVE-2019-16735 | A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware ... | E | |
| CVE-2019-16736 | A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firm... | E | |
| CVE-2019-16737 | The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk ... | E | |
| CVE-2019-16738 | In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames ... | E S | |
| CVE-2019-16743 | eBrigade before 5.0 has evenement_ical.php evenement SQL Injection.... | | |
| CVE-2019-16744 | eBrigade before 5.0 has evenements.php cid SQL Injection.... | M | |
| CVE-2019-16745 | eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection.... | M | |
| CVE-2019-16746 | An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not ch... | S | |
| CVE-2019-16747 | In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to me... | E | |
| CVE-2019-16748 | In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certif... | | |
| CVE-2019-16751 | An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnera... | E | |
| CVE-2019-16752 | An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. It is p... | | |
| CVE-2019-16753 | An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. The con... | E | |
| CVE-2019-16754 | RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potential... | E S | |
| CVE-2019-16755 | BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, wh... | | |
| CVE-2019-16758 | In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a dire... | E | |
| CVE-2019-16759 | vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in ... | KEV E | |
| CVE-2019-16760 | Cargo prior to Rust 1.26.0 may download the wrong dependency | E S | |
| CVE-2019-16761 | Validator parsing discrepancy due to string encoding in NPM slp-validate 1.0.0 | S | |
| CVE-2019-16762 | Validator parsing discrepancy due to string encoding in NPM slpjs | E S | |
| CVE-2019-16763 | XSS in Pannellum from 2.5.0 through 2.5.4 | S | |
| CVE-2019-16764 | PowAssent is susceptible to denial of service attacks | S | |
| CVE-2019-16765 | If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual S... | S | |
| CVE-2019-16766 | 2FA bypass in Wagtail through new device path | S | |
| CVE-2019-16767 | In EzMaster before 5.2.11 docker containers were executed with advanced privileges by default | S | |
| CVE-2019-16768 | Internal exception message exposure for login action in Sylius | M | |
| CVE-2019-16769 | Affected versions of serialize-javascript are vulnerable to Cross-site Scripting (XSS) | | |
| CVE-2019-16770 | Potential DOS attack in Puma | M | |
| CVE-2019-16771 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria | S | |
| CVE-2019-16772 | regular expressions Cross-Site Scripting (XSS) vulnerability in serialize-to-js | S | |
| CVE-2019-16773 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-20042. Reason: This candidat... | R | |
| CVE-2019-16774 | Object injection in cookie driver | S | |
| CVE-2019-16775 | Unauthorized File Access in npm CLI before before version 6.13.3 | | |
| CVE-2019-16776 | Unauthorized File Access in npm CLI before before version 6.13.3 | | |
| CVE-2019-16777 | Arbitrary File Overwrite in npm CLI | | |
| CVE-2019-16778 | Heap buffer overflow in `UnsortedSegmentSum` in TensorFlow | S | |
| CVE-2019-16779 | In RubyGem excon, interrupted Persistent Connections May Leak Response Data | S | |
| CVE-2019-16780 | Stored cross-site scripting (XSS) in WordPress block editor | S | |
| CVE-2019-16781 | Stored cross-site scripting (XSS) in WordPress block editor | | |
| CVE-2019-16782 | Possible Information Leak / Session Hijack Vulnerability in Rack | S | |
| CVE-2019-16784 | Local Privilege Escalation present only on the Windows version of PyInstaller | S | |
| CVE-2019-16785 | HTTP Request Smuggling: LF vs CRLF handling in Waitress | E S | |
| CVE-2019-16786 | HTTP Request Smuggling: Invalid Transfer-Encoding in Waitress | S | |
| CVE-2019-16787 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-19905. Reason: This candidat... | R | |
| CVE-2019-16788 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-20043. Reason: This candidat... | R | |
| CVE-2019-16789 | HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers | S | |
| CVE-2019-16790 | Remote Code Execution in Tiny File Manager | S | |
| CVE-2019-16791 | downgrade of effective Strict Transport Security (STS) policy in postfix-mta-sts-resolver | S | |
| CVE-2019-16792 | HTTP Request Smuggling: Content-Length Sent Twice in Waitress | S | |
| CVE-2019-16793 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16794 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16795 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16796 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16797 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16798 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16799 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16800 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16801 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16802 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16803 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16804 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16805 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16806 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16807 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16808 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16809 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16810 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16811 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16812 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16813 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16814 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16815 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16816 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16817 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16818 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16819 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16820 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16821 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16822 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16823 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16824 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16825 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16826 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16827 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16828 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16829 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16830 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16831 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16832 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16833 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16834 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16835 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16836 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16837 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16838 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16839 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16840 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16841 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16842 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16843 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16844 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16845 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16846 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16847 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16848 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16849 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16850 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16851 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16852 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16853 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16854 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16855 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16856 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16857 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16858 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16859 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-16860 | Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a ... | | |
| CVE-2019-16861 | Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-a... | | |
| CVE-2019-16862 | Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote atta... | | |
| CVE-2019-16863 | STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA ... | | |
| CVE-2019-16864 | CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Ex... | E | |
| CVE-2019-16865 | An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, ... | | |
| CVE-2019-16866 | Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash... | S | |
| CVE-2019-16867 | HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/data... | E | |
| CVE-2019-16868 | emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=de... | E | |
| CVE-2019-16869 | Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfe... | E S | |
| CVE-2019-16871 | Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stati... | E | |
| CVE-2019-16872 | Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4).... | | |
| CVE-2019-16873 | Portainer before 1.22.1 has XSS (issue 1 of 2).... | | |
| CVE-2019-16874 | Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4).... | | |
| CVE-2019-16876 | Portainer before 1.22.1 allows Directory Traversal.... | | |
| CVE-2019-16877 | Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4).... | | |
| CVE-2019-16878 | Portainer before 1.22.1 has XSS (issue 2 of 2).... | | |
| CVE-2019-16879 | The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has ... | | |
| CVE-2019-16880 | An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matri... | E | |
| CVE-2019-16881 | An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free ... | E | |
| CVE-2019-16882 | An issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to r... | E S | |
| CVE-2019-16884 | runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor res... | E | |
| CVE-2019-16885 | In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting... | E | |
| CVE-2019-16887 | In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at imag... | E | |
| CVE-2019-16889 | Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk cons... | E S | |
| CVE-2019-16890 | Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments.... | E S | |
| CVE-2019-16891 | Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload... | E | |
| CVE-2019-16892 | In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because... | E S | |
| CVE-2019-16893 | The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated at... | E S | |
| CVE-2019-16894 | download.php in inoERP 4.15 allows SQL injection through insecure deserialization.... | E | |
| CVE-2019-16895 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-16894. Reason: This candidat... | R | |
| CVE-2019-16896 | In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the backup module) improperly valida... | E | |
| CVE-2019-16897 | In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; an... | E | |
| CVE-2019-16898 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-16897. Reason: This candidat... | R | |
| CVE-2019-16899 | In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starti... | | |
| CVE-2019-16900 | Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x0000... | | |
| CVE-2019-16901 | Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown... | | |
| CVE-2019-16902 | In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenti... | | |
| CVE-2019-16903 | Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServer.cpp because it checks for /... | E | |
| CVE-2019-16904 | TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available... | E | |
| CVE-2019-16905 | OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-a... | E S | |
| CVE-2019-16906 | An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. By... | | |
| CVE-2019-16907 | An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. It... | E | |
| CVE-2019-16908 | An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for J... | E | |
| CVE-2019-16909 | An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for J... | E | |
| CVE-2019-16910 | Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, us... | S | |
| CVE-2019-16913 | PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak fo... | E | |
| CVE-2019-16914 | An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the user... | S | |
| CVE-2019-16915 | An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the wid... | S | |
| CVE-2019-16916 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-16917 | WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable... | E | |
| CVE-2019-16919 | Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrator... | S | |
| CVE-2019-16920 | Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652,... | KEV E | |
| CVE-2019-16921 | In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.... | S | |
| CVE-2019-16922 | SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files.... | | |
| CVE-2019-16923 | kkcms 1.3 has jx.php?url= XSS.... | E | |
| CVE-2019-16924 | The Nulock application 1.5.0 for mobile devices sends a cleartext password over Bluetooth, which all... | E | |
| CVE-2019-16925 | Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated th... | E | |
| CVE-2019-16926 | Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't thin... | E | |
| CVE-2019-16927 | Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function i... | E | |
| CVE-2019-16928 | Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846... | KEV E S | |
| CVE-2019-16929 | Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be acci... | | |
| CVE-2019-16930 | Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a full node that owns a shielde... | S | |
| CVE-2019-16931 | A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated at... | E | |
| CVE-2019-16932 | A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/vi... | E | |
| CVE-2019-16935 | The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.... | E | |
| CVE-2019-16941 | NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the ... | E S | |
| CVE-2019-16942 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When D... | S | |
| CVE-2019-16943 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When D... | S | |
| CVE-2019-16948 | An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can replace t... | E | |
| CVE-2019-16949 | An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. A user is allowed to send an... | E | |
| CVE-2019-16950 | An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. The QueueName parameter ... | E | |
| CVE-2019-16951 | A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace th... | E | |
| CVE-2019-16954 | SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket.... | E | |
| CVE-2019-16955 | SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.... | E | |
| CVE-2019-16956 | SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket.... | E | |
| CVE-2019-16957 | SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.... | E | |
| CVE-2019-16958 | Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to injec... | E | |
| CVE-2019-16959 | SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file at... | E | |
| CVE-2019-16960 | SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name fiel... | E | |
| CVE-2019-16961 | SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.... | E | |
| CVE-2019-16962 | Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New... | E | |
| CVE-2019-16964 | app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a com... | S | |
| CVE-2019-16965 | resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a l... | | |
| CVE-2019-16966 | An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x bef... | S | |
| CVE-2019-16967 | An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.1... | E S | |
| CVE-2019-16968 | An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_con... | S | |
| CVE-2019-16969 | In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variab... | S | |
| CVE-2019-16970 | In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" varia... | S | |
| CVE-2019-16971 | In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uui... | S | |
| CVE-2019-16972 | In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" varia... | S | |
| CVE-2019-16973 | In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" ... | S | |
| CVE-2019-16974 | In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable ... | S | |
| CVE-2019-16975 | In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable ... | S | |
| CVE-2019-16976 | In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "que... | S | |
| CVE-2019-16977 | In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_s... | S | |
| CVE-2019-16978 | In FusionPBX up to v4.5.7, the file app\devices\device_settings.php uses an unsanitized "id" variabl... | S | |
| CVE-2019-16979 | In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses an unsanitized "id" variable ... | S | |
| CVE-2019-16980 | In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "... | S | |
| CVE-2019-16981 | In FusionPBX up to v4.5.7, the file app\conference_profiles\conference_profile_params.php uses an un... | S | |
| CVE-2019-16982 | In FusionPBX up to v4.5.7, the file app\access_controls\access_control_nodes.php uses an unsanitized... | S | |
| CVE-2019-16983 | In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pa... | S | |
| CVE-2019-16984 | In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php uses an unsanitized "filename"... | S | |
| CVE-2019-16985 | In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variabl... | S | |
| CVE-2019-16986 | In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming f... | | |
| CVE-2019-16987 | In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php uses an unsanitized "query_strin... | S | |
| CVE-2019-16988 | In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitiz... | S | |
| CVE-2019-16989 | In FusionPBX up to v4.5.7, the file app\conferences_active\conference_interactive.php uses an unsani... | S | |
| CVE-2019-16990 | In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" v... | S | |
| CVE-2019-16991 | In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable comi... | S | |
| CVE-2019-16992 | The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user'... | | |
| CVE-2019-16993 | In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on... | S | |
| CVE-2019-16994 | In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when regist... | E S | |
| CVE-2019-16995 | In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c ... | E S | |
| CVE-2019-16996 | In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class... | E | |
| CVE-2019-16997 | In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.c... | E | |
| CVE-2019-16999 | CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api... | E |