| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2019-19000 | eSOMS Cachecontrol (Pragma) HTTP Header | | |
| CVE-2019-19001 | eSOMS X-FrameOption | | |
| CVE-2019-19002 | ABB eSOMS X-XSS-Protection not enabled | | |
| CVE-2019-19003 | ABB eSOMS: HTTPOnly flag not set | | |
| CVE-2019-19004 | A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide a... | S | |
| CVE-2019-19005 | A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact v... | S | |
| CVE-2019-19006 | Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Ac... | | |
| CVE-2019-19007 | Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password beca... | | |
| CVE-2019-19008 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-19363. Reason: This candidat... | R | |
| CVE-2019-19010 | Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) a... | S | |
| CVE-2019-19011 | MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueColor in ngiflib.c via a file t... | E | |
| CVE-2019-19012 | An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 l... | E S | |
| CVE-2019-19013 | A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing th... | E | |
| CVE-2019-19014 | An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-priv... | E | |
| CVE-2019-19015 | An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically expos... | E | |
| CVE-2019-19016 | An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of ... | E | |
| CVE-2019-19017 | An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root passwor... | E | |
| CVE-2019-19018 | An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file un... | E | |
| CVE-2019-19019 | An issue was discovered in TitanHQ WebTitan before 5.18. It contains a Remote Code Execution issue t... | E | |
| CVE-2019-19020 | An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is p... | E | |
| CVE-2019-19021 | An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a har... | E | |
| CVE-2019-19022 | iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history... | E | |
| CVE-2019-19023 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnera... | | |
| CVE-2019-19025 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor C... | | |
| CVE-2019-19026 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project q... | | |
| CVE-2019-19029 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-grou... | | |
| CVE-2019-19030 | Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumerat... | E | |
| CVE-2019-19031 | Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is: Arbitra... | E | |
| CVE-2019-19032 | XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is: Arbitrar... | E | |
| CVE-2019-19033 | Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with adminis... | E | |
| CVE-2019-19034 | Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM... | E | |
| CVE-2019-19035 | jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The compon... | E | |
| CVE-2019-19036 | btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer derefer... | E | |
| CVE-2019-19037 | ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereferen... | E | |
| CVE-2019-19039 | __btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_l... | E | |
| CVE-2019-19040 | KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstra... | E | |
| CVE-2019-19041 | An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They... | E S | |
| CVE-2019-19043 | A memory leak in the i40e_setup_macvlans() function in drivers/net/ethernet/intel/i40e/i40e_main.c i... | S | |
| CVE-2019-19044 | Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux... | S | |
| CVE-2019-19045 | A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/... | S | |
| CVE-2019-19046 | A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Li... | S | |
| CVE-2019-19047 | A memory leak in the mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/co... | S | |
| CVE-2019-19048 | A memory leak in the crypto_reportstat() function in drivers/virt/vboxguest/vboxguest_utils.c in the... | S | |
| CVE-2019-19049 | A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel befor... | S | |
| CVE-2019-19050 | A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel t... | S | |
| CVE-2019-19051 | A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c i... | S | |
| CVE-2019-19052 | A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel befo... | S | |
| CVE-2019-19053 | A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux k... | S | |
| CVE-2019-19054 | A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Li... | S | |
| CVE-2019-19055 | A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Lin... | S | |
| CVE-2019-19056 | A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifie... | S | |
| CVE-2019-19057 | Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifie... | S | |
| CVE-2019-19058 | A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the ... | S | |
| CVE-2019-19059 | Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/i... | S | |
| CVE-2019-19060 | A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux ... | S | |
| CVE-2019-19061 | A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the ... | S | |
| CVE-2019-19062 | A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel throu... | S | |
| CVE-2019-19063 | Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in th... | S | |
| CVE-2019-19064 | A memory leak in the fsl_lpspi_probe() function in drivers/spi/spi-fsl-lpspi.c in the Linux kernel t... | S | |
| CVE-2019-19065 | A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel b... | S | |
| CVE-2019-19066 | A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kerne... | S | |
| CVE-2019-19067 | Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Li... | S | |
| CVE-2019-19068 | A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl... | S | |
| CVE-2019-19069 | A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel... | S | |
| CVE-2019-19070 | A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through... | S | |
| CVE-2019-19071 | A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Li... | S | |
| CVE-2019-19072 | A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux k... | S | |
| CVE-2019-19073 | Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow at... | S | |
| CVE-2019-19074 | A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux k... | S | |
| CVE-2019-19075 | A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel ... | S | |
| CVE-2019-19076 | A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/... | S | |
| CVE-2019-19077 | A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in th... | S | |
| CVE-2019-19078 | A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the... | S | |
| CVE-2019-19079 | A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3... | S | |
| CVE-2019-19080 | Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp... | S | |
| CVE-2019-19081 | A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/fl... | S | |
| CVE-2019-19082 | Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux ... | S | |
| CVE-2019-19083 | Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux k... | S | |
| CVE-2019-19084 | In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to uplo... | | |
| CVE-2019-19085 | A persistent cross-site scripting (XSS) vulnerability in Octopus Server 3.4.0 through 2019.10.5 allo... | | |
| CVE-2019-19086 | Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2).... | | |
| CVE-2019-19087 | Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2).... | | |
| CVE-2019-19088 | Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal.... | | |
| CVE-2019-19089 | eSOMS: X-Content-Type-Options Header Missing | | |
| CVE-2019-19090 | ABB eSOMS: Secure Flag not set | | |
| CVE-2019-19091 | ABB eSOMS: HTTP response information leakage | | |
| CVE-2019-19092 | ABB eSOMS: Viewstate without MAC Signature | | |
| CVE-2019-19093 | ABB eSOMS: Password complexity issue | | |
| CVE-2019-19094 | ABB eSOMS: SQL injection vulnerability | | |
| CVE-2019-19095 | ABB eSOMS: Stored XSS vulnerability | | |
| CVE-2019-19096 | ABB eSOMS: REDIS clear text credentials | | |
| CVE-2019-19097 | ABB eSOMS: SSL medium strength Cipher Suites | | |
| CVE-2019-19100 | Privilege escalation via B&R Automation Studio upgrade service | | |
| CVE-2019-19101 | Incomplete communication encryption and validation in B&R Automation Studio upgrade service | | |
| CVE-2019-19102 | Zip Slip vulnerability in 3rd-Party library in B&R Automation Studio upgrade service | | |
| CVE-2019-19104 | ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Improper Authentication and Access Control | | |
| CVE-2019-19105 | ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Plaintext storing of credentials | | |
| CVE-2019-19106 | ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Access Control issues | | |
| CVE-2019-19107 | ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Information Exposure | | |
| CVE-2019-19108 | B&R Automation Runtime SNMP Authentication and Authorization Weakness | | |
| CVE-2019-19109 | The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF.... | E | |
| CVE-2019-19110 | The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s pa... | E | |
| CVE-2019-19111 | The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases lang... | E | |
| CVE-2019-19112 | The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.ph... | E | |
| CVE-2019-19113 | main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allow... | E | |
| CVE-2019-19115 | An escalation of privilege vulnerability in Nahimic APO Software Component Driver 1.4.2, 1.5.0, 1.5.... | E | |
| CVE-2019-19117 | /usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows... | E | |
| CVE-2019-19118 | Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin ... | S | |
| CVE-2019-19119 | An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local reg... | | |
| CVE-2019-19120 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-19121 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-19123 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-19126 | On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_... | S | |
| CVE-2019-19127 | An authentication bypass vulnerability is present in the standalone SITS:Vision 9.7.0 component of T... | | |
| CVE-2019-19129 | Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via... | | |
| CVE-2019-19133 | The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a csshero_a... | E | |
| CVE-2019-19134 | The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the v... | E | |
| CVE-2019-19135 | In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently rando... | S | |
| CVE-2019-19138 | Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity.... | | |
| CVE-2019-19141 | The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated... | | |
| CVE-2019-19142 | Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to... | E | |
| CVE-2019-19143 | TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POS... | E | |
| CVE-2019-19148 | Tellabs Optical Line Terminal (OLT) 1150 devices allow Remote Command Execution via the -l option to... | E | |
| CVE-2019-19150 | On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.... | | |
| CVE-2019-19151 | On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5... | | |
| CVE-2019-19152 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-19153 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-19154 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-19155 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-19156 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-19157 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-19158 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-19159 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-19160 | Reportexpress ProPlus contains a vulnerability that could allow an arbitrary code execution by inser... | | |
| CVE-2019-19161 | To be able to change Dll Files to preload with missing support for integrity check vulnerability MIPLATFORM ActiveX of TOBESOFT.CO.LTD, | | |
| CVE-2019-19162 | A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1 to 9.2.2 may lead to code exec... | | |
| CVE-2019-19163 | Commax WallPad Remote Code Execution Vulnerability | S | |
| CVE-2019-19164 | Dext5 Upload ActiveX Arbitrary File Execution Vulnerability | | |
| CVE-2019-19165 | AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files ... | | |
| CVE-2019-19166 | Tobesoft XPlatform Arbitrary File Execution Vulnerability | | |
| CVE-2019-19167 | Tobesoft Nexacro14 ActiveX File Download Vulnerability | | |
| CVE-2019-19168 | Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote a... | | |
| CVE-2019-19169 | Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote a... | | |
| CVE-2019-19173 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-19178 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-19179 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-19181 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-19183 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-19184 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-19191 | Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a... | E | |
| CVE-2019-19192 | The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x ... | E | |
| CVE-2019-19193 | The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK thro... | | |
| CVE-2019-19194 | The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SD... | E | |
| CVE-2019-19195 | The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB1... | | |
| CVE-2019-19196 | The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SD... | E | |
| CVE-2019-19197 | IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achi... | E | |
| CVE-2019-19198 | The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS.... | E M | |
| CVE-2019-19199 | REDDOXX MailDepot 2032 SP2 2.2.1242 has Insufficient Session Expiration because tokens are not inval... | | |
| CVE-2019-19200 | REDDOXX MailDepot 2032 2.2.1242 allows authenticated users to access the mailboxes of other users.... | E | |
| CVE-2019-19202 | In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administra... | E S | |
| CVE-2019-19203 | An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in fi... | E S | |
| CVE-2019-19204 | An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier... | E S | |
| CVE-2019-19206 | Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG ... | | |
| CVE-2019-19207 | rConfig 3.9.2 allows devices.php?searchColumn= SQL injection.... | E | |
| CVE-2019-19208 | Codiad Web IDE through 2.8.4 allows PHP Code injection.... | E S | |
| CVE-2019-19209 | Dolibarr ERP/CRM before 10.0.3 allows SQL Injection.... | E | |
| CVE-2019-19210 | Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html de... | E | |
| CVE-2019-19211 | Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XS... | E | |
| CVE-2019-19212 | Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (pr... | E | |
| CVE-2019-19213 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-19214 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-19215 | A buffer overflow vulnerability in BMC Control-M/Agent 7.0.00.000 when the On-Do action destination ... | | |
| CVE-2019-19216 | BMC Control-M/Agent 7.0.00.000 has an Insecure File Copy.... | | |
| CVE-2019-19217 | BMC Control-M/Agent 7.0.00.000 allows OS Command Injection.... | | |
| CVE-2019-19218 | BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage.... | | |
| CVE-2019-19219 | BMC Control-M/Agent 7.0.00.000 allows Arbitrary File Download.... | | |
| CVE-2019-19220 | BMC Control-M/Agent 7.0.00.000 allows OS Command Injection (issue 2 of 2).... | | |
| CVE-2019-19221 | In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read b... | E S | |
| CVE-2019-19222 | A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an ... | E | |
| CVE-2019-19223 | A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware ... | E | |
| CVE-2019-19224 | A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware ... | E | |
| CVE-2019-19225 | A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware ... | E | |
| CVE-2019-19226 | A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware ... | E | |
| CVE-2019-19227 | In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer derefer... | S | |
| CVE-2019-19228 | Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication be... | E | |
| CVE-2019-19229 | admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=... | E | |
| CVE-2019-19230 | An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataMan... | S | |
| CVE-2019-19231 | An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, 14.2, and 14.3 Agen... | | |
| CVE-2019-19232 | In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a none... | | |
| CVE-2019-19234 | In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the... | | |
| CVE-2019-19235 | AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsign... | | |
| CVE-2019-19240 | Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoA... | E | |
| CVE-2019-19241 | In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID... | S | |
| CVE-2019-19242 | SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarg... | S | |
| CVE-2019-19244 | sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and win... | S | |
| CVE-2019-19245 | NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6... | E | |
| CVE-2019-19246 | Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read ... | S | |
| CVE-2019-19247 | Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 1 of 2).... | | |
| CVE-2019-19248 | Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 2 of 2).... | M | |
| CVE-2019-19249 | Controllers/InvitationsController.cs in QueryTree before 3.0.99-beta mishandles invitations.... | S | |
| CVE-2019-19250 | OpenTrade before 2019-11-23 allows SQL injection, related to server/modules/api/v1.js and server/uti... | | |
| CVE-2019-19251 | The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include... | | |
| CVE-2019-19252 | vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write ac... | S | |
| CVE-2019-19254 | GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect ... | | |
| CVE-2019-19255 | GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorrect Access Control.... | | |
| CVE-2019-19256 | GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control.... | | |
| CVE-2019-19257 | GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control ... | | |
| CVE-2019-19258 | GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control.... | | |
| CVE-2019-19259 | GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Referenc... | | |
| CVE-2019-19260 | GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control ... | | |
| CVE-2019-19261 | GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF.... | | |
| CVE-2019-19262 | GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions.... | | |
| CVE-2019-19263 | GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions.... | | |
| CVE-2019-19264 | In Simplifile RecordFusion through 2019-11-25, the logs and hist parameters allow remote attackers t... | E | |
| CVE-2019-19265 | IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS ... | E | |
| CVE-2019-19266 | IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS ... | E | |
| CVE-2019-19269 | An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer... | S | |
| CVE-2019-19270 | An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the approp... | S | |
| CVE-2019-19271 | An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used ... | S | |
| CVE-2019-19272 | An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL poin... | | |
| CVE-2019-19273 | On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the S... | E | |
| CVE-2019-19274 | typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the abi... | S | |
| CVE-2019-19275 | typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability ... | S | |
| CVE-2019-19276 | A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS varia... | S | |
| CVE-2019-19277 | A vulnerability has been identified in SIPORT MP (All versions < 3.1.4). Vulnerable versions of the ... | | |
| CVE-2019-19278 | A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR32..-.....-....... | | |
| CVE-2019-19279 | A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Et... | | |
| CVE-2019-19281 | A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS... | | |
| CVE-2019-19282 | A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions),... | | |
| CVE-2019-19283 | A vulnerability has been identified in XHQ (All Versions < 6.1). The application's web server could ... | | |
| CVE-2019-19284 | A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross... | | |
| CVE-2019-19285 | A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow injec... | | |
| CVE-2019-19286 | A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow SQL i... | | |
| CVE-2019-19287 | A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow attac... | | |
| CVE-2019-19288 | A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross... | | |
| CVE-2019-19289 | A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow a Cro... | | |
| CVE-2019-19290 | A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The DOWN... | M | |
| CVE-2019-19291 | A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/Si... | M | |
| CVE-2019-19292 | A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Cont... | M | |
| CVE-2019-19293 | A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web ... | | |
| CVE-2019-19294 | A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web ... | | |
| CVE-2019-19295 | A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Cont... | | |
| CVE-2019-19296 | A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The two FTP... | | |
| CVE-2019-19297 | A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streami... | | |
| CVE-2019-19298 | A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS... | S | |
| CVE-2019-19299 | A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS... | M | |
| CVE-2019-19300 | A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, De... | | |
| CVE-2019-19301 | A vulnerability has been identified in SCALANCE X200-4P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P ... | | |
| CVE-2019-19306 | The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or Layou... | E | |
| CVE-2019-19307 | An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achie... | E | |
| CVE-2019-19308 | In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer derefe... | S | |
| CVE-2019-19309 | GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control.... | | |
| CVE-2019-19310 | GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure.... | | |
| CVE-2019-19311 | GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields.... | | |
| CVE-2019-19312 | GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project change... | | |
| CVE-2019-19313 | GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were ma... | | |
| CVE-2019-19314 | GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext.... | | |
| CVE-2019-19315 | NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitro PDF and other products, allo... | E M | |
| CVE-2019-19316 | When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.... | | |
| CVE-2019-19317 | lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a genera... | S | |
| CVE-2019-19318 | In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowp... | E | |
| CVE-2019-19319 | In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cau... | E | |
| CVE-2019-19324 | Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes ... | S | |
| CVE-2019-19325 | SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login for... | | |
| CVE-2019-19326 | Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by... | | |
| CVE-2019-19327 | ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML... | S | |
| CVE-2019-19328 | ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 all... | S | |
| CVE-2019-19329 | In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressio... | E S | |
| CVE-2019-19330 | The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage r... | | |
| CVE-2019-19331 | knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. ... | E S | |
| CVE-2019-19332 | An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the ... | E S | |
| CVE-2019-19333 | In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way li... | S | |
| CVE-2019-19334 | In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way li... | S | |
| CVE-2019-19335 | During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an ... | | |
| CVE-2019-19336 | A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint... | | |
| CVE-2019-19337 | A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles ... | M | |
| CVE-2019-19338 | A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 whe... | S | |
| CVE-2019-19339 | It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for ... | | |
| CVE-2019-19340 | A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enablin... | | |
| CVE-2019-19341 | A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' a... | | |
| CVE-2019-19342 | A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websock... | | |
| CVE-2019-19343 | A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.... | | |
| CVE-2019-19344 | There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions... | | |
| CVE-2019-19345 | A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an ins... | | |
| CVE-2019-19346 | An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/... | | |
| CVE-2019-19347 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-19348 | An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/... | | |
| CVE-2019-19349 | An insecure modification vulnerability in the /etc/passwd file was found in the container operator-f... | E | |
| CVE-2019-19350 | An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-se... | E | |
| CVE-2019-19351 | An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/... | | |
| CVE-2019-19352 | An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/p... | | |
| CVE-2019-19353 | An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/h... | E | |
| CVE-2019-19354 | An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/h... | | |
| CVE-2019-19355 | An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-releas... | | |
| CVE-2019-19356 | Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router W... | KEV E | |
| CVE-2019-19362 | An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on... | E | |
| CVE-2019-19363 | An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 ... | E | |
| CVE-2019-19364 | A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (versio... | E | |
| CVE-2019-19366 | A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allo... | E S | |
| CVE-2019-19367 | A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote... | E S | |
| CVE-2019-19368 | A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2... | E | |
| CVE-2019-19370 | A cross-site scripting (XSS) vulnerability in the web conferencing component of the Mitel MiCollab a... | | |
| CVE-2019-19371 | A cross-site scripting (XSS) vulnerability in the web conferencing component of Mitel MiCollab AWV b... | | |
| CVE-2019-19372 | A downloadFile.php download_file path traversal vulnerability in rConfig through 3.9.3 allows attack... | | |
| CVE-2019-19373 | An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 pr... | E | |
| CVE-2019-19374 | An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_... | E | |
| CVE-2019-19375 | In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF coo... | | |
| CVE-2019-19376 | In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malf... | | |
| CVE-2019-19377 | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, a... | E | |
| CVE-2019-19378 | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds... | E | |
| CVE-2019-19379 | In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagg... | S | |
| CVE-2019-19381 | oauth/oauth2/v1/saml/ in Abacus OAuth Login 2019_01_r4_20191021_0000 before prior to R4 (20.11.2019 ... | E | |
| CVE-2019-19382 | Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local ... | E | |
| CVE-2019-19383 | freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command (this is exploit... | E | |
| CVE-2019-19384 | A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows rem... | E S | |
| CVE-2019-19385 | A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows ... | E S | |
| CVE-2019-19386 | A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in... | E S | |
| CVE-2019-19387 | A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 ... | E S | |
| CVE-2019-19388 | A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.... | E S | |
| CVE-2019-19389 | JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.... | E S | |
| CVE-2019-19390 | The Search parameter of the Software Catalogue section of Matrix42 Workspace Management 9.1.2.2765 a... | E | |
| CVE-2019-19391 | In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a typ... | S | |
| CVE-2019-19392 | The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly DotNetNuke) allows an unprivilege... | E | |
| CVE-2019-19393 | The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to V3.15.70_4 devices fails to sa... | | |
| CVE-2019-19394 | Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x... | | |
| CVE-2019-19396 | illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an applicati... | | |
| CVE-2019-19397 | There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algo... | | |
| CVE-2019-19398 | M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input validation vulnerability. Due ... | | |
| CVE-2019-19411 | USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500,... | | |
| CVE-2019-19412 | Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-con... | | |
| CVE-2019-19413 | There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficie... | | |
| CVE-2019-19414 | There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficie... | | |
| CVE-2019-19415 | The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attack... | | |
| CVE-2019-19416 | The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attack... | | |
| CVE-2019-19417 | The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attack... | | |
| CVE-2019-19441 | HUAWEI P30 smart phones with versions earlier than 10.0.0.166(C00E66R1P11) have an information leak ... | | |
| CVE-2019-19447 | In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, an... | E | |
| CVE-2019-19448 | In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some op... | E | |
| CVE-2019-19449 | In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds ... | E | |
| CVE-2019-19450 | paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in parapars... | | |
| CVE-2019-19451 | When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint ... | | |
| CVE-2019-19452 | A buffer overflow was found in Patriot Viper RGB through 1.1 when processing IoControlCode 0x8010204... | E | |
| CVE-2019-19453 | Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). An authenticated user, with access to... | | |
| CVE-2019-19454 | An arbitrary file download was found in the "Download Log" functionality of Wowza Streaming Engine <... | | |
| CVE-2019-19455 | Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to esc... | | |
| CVE-2019-19456 | A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginf... | | |
| CVE-2019-19457 | SALTO ProAccess SPACE 5.4.3.0 allows XSS.... | E | |
| CVE-2019-19458 | SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature.... | E | |
| CVE-2019-19459 | An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to... | E | |
| CVE-2019-19460 | An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows ... | E | |
| CVE-2019-19461 | Post-authentication Stored XSS in Team Password Manager through 7.93.204 allows attackers to steal o... | | |
| CVE-2019-19462 | relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial ... | S | |
| CVE-2019-19463 | The Anhui Huami Mi Fit application before 4.0.11 for Android has an Unencrypted Update Check.... | | |
| CVE-2019-19464 | The CBC Gem application before 9.24.1 for Android and before 9.26.0 for iOS has Unencrypted Analytic... | | |
| CVE-2019-19466 | SCEditor 2.1.3 allows XSS.... | E | |
| CVE-2019-19468 | Free Photo Viewer 1.3 allows remote attackers to execute arbitrary code via a crafted BMP and/or TIF... | E | |
| CVE-2019-19469 | In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows ... | | |
| CVE-2019-19470 | Unsafe usage of .NET deserialization in Named Pipe message processing allows privilege escalation to... | | |
| CVE-2019-19475 | An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated Postgre... | | |
| CVE-2019-19479 | An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setco... | S | |
| CVE-2019-19480 | An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prk... | E S | |
| CVE-2019-19481 | An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.... | S | |
| CVE-2019-19484 | Open redirect via parameter ‘p’ in login.php in Centreon (19.04.4 and below) allows an attacker to c... | | |
| CVE-2019-19486 | Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to tra... | | |
| CVE-2019-19487 | Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achiev... | | |
| CVE-2019-19489 | SMPlayer 19.5.0 has a buffer overflow via a long .m3u file.... | E | |
| CVE-2019-19490 | LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" fo... | E | |
| CVE-2019-19491 | TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI p... | E | |
| CVE-2019-19492 | FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.... | E | |
| CVE-2019-19493 | Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the... | E S | |
| CVE-2019-19494 | Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allow... | E | |
| CVE-2019-19495 | The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows ... | E | |
| CVE-2019-19496 | Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document.... | E | |
| CVE-2019-19497 | MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message.... | E | |
| CVE-2019-19499 | Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authentica... | E | |
| CVE-2019-19500 | Matrix42 Workspace Management 9.1.2.2765 and below allows stored XSS via unfiltered description para... | E | |
| CVE-2019-19501 | VeraCrypt 1.24 allows Local Privilege Escalation during execution of VeraCryptExpander.exe.... | S | |
| CVE-2019-19502 | Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows re... | S | |
| CVE-2019-19505 | Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused b... | E | |
| CVE-2019-19506 | Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error... | E | |
| CVE-2019-19507 | In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain in... | E | |
| CVE-2019-19509 | An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system co... | E | |
| CVE-2019-19513 | The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds ... | E | |
| CVE-2019-19514 | Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in basic repeater settings via an SSID.... | E | |
| CVE-2019-19515 | Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in wireless settings.... | E | |
| CVE-2019-19516 | Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePw... | E | |
| CVE-2019-19517 | Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html form, as demonstrated by launchin... | E | |
| CVE-2019-19518 | CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication... | | |
| CVE-2019-19519 | In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding roo... | E | |
| CVE-2019-19520 | xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBG... | E | |
| CVE-2019-19521 | libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by sm... | E | |
| CVE-2019-19522 | OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows... | E | |
| CVE-2019-19523 | In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious US... | S | |
| CVE-2019-19524 | In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious U... | S | |
| CVE-2019-19525 | In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious US... | S | |
| CVE-2019-19526 | In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious US... | S | |
| CVE-2019-19527 | In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious U... | S | |
| CVE-2019-19528 | In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious US... | S | |
| CVE-2019-19529 | In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious U... | S | |
| CVE-2019-19530 | In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious U... | S | |
| CVE-2019-19531 | In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious US... | S | |
| CVE-2019-19532 | In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by ... | S | |
| CVE-2019-19533 | In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB de... | S | |
| CVE-2019-19534 | In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB d... | S | |
| CVE-2019-19535 | In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB de... | S | |
| CVE-2019-19536 | In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB de... | S | |
| CVE-2019-19537 | In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious U... | S | |
| CVE-2019-19538 | In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules h... | | |
| CVE-2019-19539 | An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H... | | |
| CVE-2019-19540 | The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the home... | E | |
| CVE-2019-19541 | The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field ... | E | |
| CVE-2019-19542 | The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the... | E | |
| CVE-2019-19543 | In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/me... | S | |
| CVE-2019-19544 | CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setu... | E | |
| CVE-2019-19545 | Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CO... | | |
| CVE-2019-19546 | Norton Password Manager, prior to 6.6.2.5, may be susceptible to an information disclosure issue, wh... | | |
| CVE-2019-19547 | Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site ... | | |
| CVE-2019-19548 | Norton Power Eraser, prior to 5.3.0.67, may be susceptible to a privilege escalation vulnerability, ... | | |
| CVE-2019-19550 | Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 allows admin access to sensit... | E | |
| CVE-2019-19551 | In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen o... | | |
| CVE-2019-19552 | In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen o... | | |
| CVE-2019-19553 | In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed i... | | |
| CVE-2019-19555 | read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an inc... | E | |
| CVE-2019-19556 | An authentication bypass in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with ph... | E | |
| CVE-2019-19557 | A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct p... | E | |
| CVE-2019-19560 | An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with ... | E | |
| CVE-2019-19561 | A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct... | E | |
| CVE-2019-19562 | An authentication bypass in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with ... | E | |
| CVE-2019-19563 | A misconfiguration in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with direct... | E | |
| CVE-2019-19576 | class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 exte... | E S | |
| CVE-2019-19577 | An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial ... | S | |
| CVE-2019-19578 | An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of se... | S | |
| CVE-2019-19579 | An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA ... | | |
| CVE-2019-19580 | An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privile... | S | |
| CVE-2019-19581 | An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial o... | S | |
| CVE-2019-19582 | An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of servi... | S | |
| CVE-2019-19583 | An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial ... | S | |
| CVE-2019-19585 | An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconf... | E | |
| CVE-2019-19587 | In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor config... | S | |
| CVE-2019-19588 | The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.doma... | E | |
| CVE-2019-19589 | The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF docu... | E | |
| CVE-2019-19590 | In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function... | E S | |
| CVE-2019-19592 | Jama Connect 8.44.0 is vulnerable to stored Cross-Site Scripting... | E | |
| CVE-2019-19594 | reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaSh... | E | |
| CVE-2019-19595 | reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integ... | E | |
| CVE-2019-19596 | GitBook through 2.6.9 allows XSS via a local .md file.... | E | |
| CVE-2019-19597 | D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without a... | E | |
| CVE-2019-19598 | D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authent... | E | |
| CVE-2019-19601 | OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of an incorrect sprintf.... | E | |
| CVE-2019-19602 | fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC... | E | |
| CVE-2019-19603 | SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an applicatio... | S | |
| CVE-2019-19604 | Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.... | E | |
| CVE-2019-19605 | X-Plane before 11.41 allows Arbitrary Memory Write via crafted network packets, which could cause a ... | E | |
| CVE-2019-19606 | X-Plane before 11.41 has multiple improper path validations that could allow reading and writing fil... | E | |
| CVE-2019-19607 | A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2... | | |
| CVE-2019-19608 | A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.... | | |
| CVE-2019-19609 | The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install an... | E S | |
| CVE-2019-19610 | An issue was discovered in Halvotec RaQuest 10.23.10801.0. It allows session fixation. Fixed in Rele... | | |
| CVE-2019-19611 | An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the exposed web services allows an... | | |
| CVE-2019-19612 | An issue was discovered in Halvotec RaQuest 10.23.10801.0. Several features of the application allow... | | |
| CVE-2019-19613 | An issue was discovered in Halvotec RaQuest 10.23.10801.0. The login page of the admin application i... | | |
| CVE-2019-19614 | An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login page is vulnerable to wildcard ... | | |
| CVE-2019-19615 | Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 fo... | | |
| CVE-2019-19616 | An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) ... | | |
| CVE-2019-19617 | phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Displa... | S | |
| CVE-2019-19619 | domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. ... | S | |
| CVE-2019-19620 | In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of tel... | | |
| CVE-2019-19624 | An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale i... | E S | |
| CVE-2019-19625 | SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System ... | E | |
| CVE-2019-19627 | SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of ... | E | |
| CVE-2019-19628 | In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Ma... | | |
| CVE-2019-19629 | In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a privat... | | |
| CVE-2019-19630 | HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when ca... | E | |
| CVE-2019-19631 | An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.... | E | |
| CVE-2019-19632 | An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.... | E | |
| CVE-2019-19634 | class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 ex... | E | |
| CVE-2019-19635 | An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function six... | | |
| CVE-2019-19636 | An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode... | | |
| CVE-2019-19637 | An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode... | | |
| CVE-2019-19638 | An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function loa... | | |
| CVE-2019-19642 | On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature... | E | |
| CVE-2019-19643 | ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service.... | E | |
| CVE-2019-19645 | alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of... | S | |
| CVE-2019-19646 | pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certai... | S | |
| CVE-2019-19647 | radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin a... | E | |
| CVE-2019-19648 | In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsist... | E | |
| CVE-2019-19649 | Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection vi... | | |
| CVE-2019-19650 | Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via ... | | |
| CVE-2019-19659 | A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Serv... | | |
| CVE-2019-19660 | A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Se... | | |
| CVE-2019-19661 | A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to... | | |
| CVE-2019-19662 | A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus... | | |
| CVE-2019-19663 | A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. T... | | |
| CVE-2019-19664 | A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitat... | | |
| CVE-2019-19665 | A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitat... | | |
| CVE-2019-19666 | A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1.... | | |
| CVE-2019-19667 | A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1... | | |
| CVE-2019-19668 | A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 th... | | |
| CVE-2019-19669 | A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8... | | |
| CVE-2019-19670 | A HTTP Response Splitting vulnerability was identified in the Web Settings Component of Web File Man... | E | |
| CVE-2019-19675 | In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can ... | | |
| CVE-2019-19676 | A CSV injection in arxes-tolina 3.0.0 allows malicious users to gain remote control of other compute... | | |
| CVE-2019-19677 | arxes-tolina 3.0.0 allows User Enumeration.... | E | |
| CVE-2019-19678 | In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause ... | E | |
| CVE-2019-19679 | In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause ... | E | |
| CVE-2019-19680 | A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unp... | | |
| CVE-2019-19681 | Pandora FMS 7.x suffers from remote code execution vulnerability. With an authenticated user who can... | | |
| CVE-2019-19682 | nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web... | E | |
| CVE-2019-19683 | RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to A... | E | |
| CVE-2019-19684 | nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/C... | E | |
| CVE-2019-19685 | RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be u... | E | |
| CVE-2019-19687 | OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any us... | E S | |
| CVE-2019-19688 | A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.... | | |
| CVE-2019-19689 | Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hij... | | |
| CVE-2019-19690 | Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an ... | | |
| CVE-2019-19691 | A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked... | | |
| CVE-2019-19692 | Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product... | | |
| CVE-2019-19693 | The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow ... | | |
| CVE-2019-19694 | The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a... | | |
| CVE-2019-19695 | A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) cou... | | |
| CVE-2019-19696 | A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the ... | | |
| CVE-2019-19697 | An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer fam... | E | |
| CVE-2019-19698 | marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c.... | E | |
| CVE-2019-19699 | There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through ... | E | |
| CVE-2019-19702 | The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) a... | E | |
| CVE-2019-19703 | In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect loca... | E | |
| CVE-2019-19704 | In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user... | | |
| CVE-2019-19705 | Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20... | | |
| CVE-2019-19707 | On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service c... | | |
| CVE-2019-19708 | The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an el... | E | |
| CVE-2019-19709 | MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by star... | E | |
| CVE-2019-19712 | Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view UR... | | |
| CVE-2019-19714 | Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert ... | | |
| CVE-2019-19719 | Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page... | | |
| CVE-2019-19720 | Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASI... | E | |
| CVE-2019-19721 | An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player be... | E S | |
| CVE-2019-19722 | In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email whe... | | |
| CVE-2019-19724 | Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (ve... | | |
| CVE-2019-19725 | sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.... | E | |
| CVE-2019-19726 | OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in se... | E S | |
| CVE-2019-19727 | SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.... | | |
| CVE-2019-19728 | SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.... | | |
| CVE-2019-19729 | An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID... | E | |
| CVE-2019-19731 | Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded fi... | E | |
| CVE-2019-19732 | translation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through ... | E | |
| CVE-2019-19733 | _get_all_file_server_paths.ajax.php (aka get_all_file_server_paths.ajax.php) in MFScripts YetiShare ... | E | |
| CVE-2019-19734 | _account_move_file_in_folder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the ... | E | |
| CVE-2019-19735 | class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating pa... | E | |
| CVE-2019-19736 | MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies, allowing ... | | |
| CVE-2019-19737 | MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing ... | | |
| CVE-2019-19738 | log_file_viewer.php in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the outpu... | E | |
| CVE-2019-19739 | MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag on session cookies, allowing th... | | |
| CVE-2019-19740 | Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerabl... | E | |
| CVE-2019-19741 | Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary di... | | |
| CVE-2019-19742 | On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the na... | E | |
| CVE-2019-19743 | On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal... | E | |
| CVE-2019-19745 | Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form ge... | | |
| CVE-2019-19746 | make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write bec... | E | |
| CVE-2019-19747 | NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-emp... | E | |
| CVE-2019-19748 | The Work Time Calendar app before 4.7.1 for Jira allows XSS.... | E | |
| CVE-2019-19750 | minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product.... | S | |
| CVE-2019-19751 | easyMINE before 2019-12-05 ships with SSH host keys baked into the installation image, which allows ... | | |
| CVE-2019-19752 | nvOC through 3.2 ships with SSH host keys baked into the installation image, which allows man-in-the... | | |
| CVE-2019-19753 | SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which allow... | | |
| CVE-2019-19754 | HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which allo... | | |
| CVE-2019-19755 | ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-... | | |
| CVE-2019-19756 | An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS cre... | S | |
| CVE-2019-19757 | An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Obj... | S | |
| CVE-2019-19758 | A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl version 4.1.40... | S | |
| CVE-2019-19759 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2019-19760 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2019-19761 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2019-19762 | Rejected reason: Unused CVE for 2019... | R | |
| CVE-2019-19763 | Rejected reason: Unused CVE for 2019... | R | |
| CVE-2019-19764 | Rejected reason: Unused CVE for 2019... | R | |
| CVE-2019-19765 | Rejected reason: Unused CVE for 2019... | R | |
| CVE-2019-19766 | The Bitwarden server through 1.32.0 has a potentially unwanted KDF.... | | |
| CVE-2019-19767 | The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free ... | E S | |
| CVE-2019-19768 | In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in k... | | |
| CVE-2019-19769 | In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function... | | |
| CVE-2019-19770 | In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/d... | E | |
| CVE-2019-19771 | The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who m... | | |
| CVE-2019-19772 | Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexm... | | |
| CVE-2019-19773 | Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark... | | |
| CVE-2019-19774 | An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By runni... | E | |
| CVE-2019-19775 | The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redire... | S | |
| CVE-2019-19777 | stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-base... | E | |
| CVE-2019-19778 | An issue was discovered in libsixel 1.8.2. There is a heap-based buffer over-read in the function lo... | E | |
| CVE-2019-19781 | An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0... | KEV | |
| CVE-2019-19782 | The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP serv... | E | |
| CVE-2019-19783 | An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. I... | S | |
| CVE-2019-19785 | ATasm 1.06 has a stack-based buffer overflow in the to_comma() function in asm.c via a crafted .m65 ... | E | |
| CVE-2019-19786 | ATasm 1.06 has a stack-based buffer overflow in the parse_expr() function in setparse.c via a crafte... | E | |
| CVE-2019-19787 | ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c v... | E | |
| CVE-2019-19788 | Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass att... | | |
| CVE-2019-19789 | 3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.... | | |
| CVE-2019-19790 | Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delet... | | |
| CVE-2019-19791 | In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does ... | | |
| CVE-2019-19792 | A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to esc... | E | |
| CVE-2019-19793 | In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Windows, a local or remote user fr... | | |
| CVE-2019-19794 | The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improper... | E S | |
| CVE-2019-19795 | samurai 0.7 has a heap-based buffer overflow in canonpath in util.c via a crafted build file.... | E | |
| CVE-2019-19796 | Yabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source... | E | |
| CVE-2019-19797 | read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.... | E | |
| CVE-2019-19799 | Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disc... | E | |
| CVE-2019-19800 | Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to d... | | |
| CVE-2019-19801 | In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.... | | |
| CVE-2019-19802 | In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v... | | |
| CVE-2019-19805 | _account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 takes a different amoun... | | |
| CVE-2019-19806 | _account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message indi... | | |
| CVE-2019-19807 | In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code ... | E S | |
| CVE-2019-19810 | Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the in... | E | |
| CVE-2019-19813 | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, a... | E | |
| CVE-2019-19814 | In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segmen... | E | |
| CVE-2019-19815 | In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer derefe... | E S | |
| CVE-2019-19816 | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations... | E | |
| CVE-2019-19817 | The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils... | E | |
| CVE-2019-19818 | The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils... | E | |
| CVE-2019-19819 | The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtil... | E | |
| CVE-2019-19820 | An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Securit... | E | |
| CVE-2019-19821 | A post-authentication privilege escalation in the web application of Combodo iTop allows regular aut... | | |
| CVE-2019-19822 | A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) al... | E | |
| CVE-2019-19823 | A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) st... | E | |
| CVE-2019-19824 | On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS co... | E | |
| CVE-2019-19825 | On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":... | E | |
| CVE-2019-19826 | The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls i... | | |
| CVE-2019-19829 | A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the emai... | E | |
| CVE-2019-19830 | _core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject conte... | S | |
| CVE-2019-19832 | Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database... | E | |
| CVE-2019-19833 | In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server... | E | |
| CVE-2019-19834 | Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a rem... | E | |
| CVE-2019-19835 | SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a r... | E | |
| CVE-2019-19836 | AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code... | E | |
| CVE-2019-19837 | Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 a... | E | |
| CVE-2019-19838 | emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS comm... | E | |
| CVE-2019-19839 | emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS comm... | E | |
| CVE-2019-19840 | A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10... | E | |
| CVE-2019-19841 | emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS comm... | E | |
| CVE-2019-19842 | emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS comm... | E | |
| CVE-2019-19843 | Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 a... | E | |
| CVE-2019-19844 | Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably cr... | | |
| CVE-2019-19845 | In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.... | | |
| CVE-2019-19846 | In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries cau... | | |
| CVE-2019-19847 | Libspiro through 20190731 has a stack-based buffer overflow in the spiro_to_bpath0() function in spi... | E | |
| CVE-2019-19848 | An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has be... | | |
| CVE-2019-19849 | An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has be... | | |
| CVE-2019-19850 | An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because e... | | |
| CVE-2019-19851 | An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/... | | |
| CVE-2019-19852 | An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call E... | | |
| CVE-2019-19854 | An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. It does... | S | |
| CVE-2019-19855 | An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/l... | S | |
| CVE-2019-19856 | An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The Use... | S | |
| CVE-2019-19857 | An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admi... | | |
| CVE-2019-19858 | An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/a... | S | |
| CVE-2019-19859 | An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The Add... | S | |
| CVE-2019-19861 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2019-19862 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2019-19863 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2019-19864 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2019-19865 | Atos Unify OpenScape UC Application V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 a... | | |
| CVE-2019-19866 | Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 al... | | |
| CVE-2019-19869 | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed (... | | |
| CVE-2019-19872 | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader could ... | | |
| CVE-2019-19873 | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get in... | | |
| CVE-2019-19874 | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in th... | | |
| CVE-2019-19875 | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands cou... | | |
| CVE-2019-19876 | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script wa... | | |
| CVE-2019-19877 | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get ac... | | |
| CVE-2019-19878 | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get ac... | | |
| CVE-2019-19879 | HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain policy expressions. Fixed in ... | E | |
| CVE-2019-19880 | exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer deref... | S | |
| CVE-2019-19882 | shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows l... | E S | |
| CVE-2019-19885 | In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A u... | | |
| CVE-2019-19886 | Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when... | | |
| CVE-2019-19887 | bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a NULL pointer dereference related to jfif_... | E | |
| CVE-2019-19888 | jfif_decode in jfif.c in ffjpeg through 2019-08-21 has a divide-by-zero error.... | E | |
| CVE-2019-19889 | An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. The attacker... | E | |
| CVE-2019-19890 | An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. Admin creden... | E | |
| CVE-2019-19891 | An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 and 8.1 could allow an attack... | | |
| CVE-2019-19893 | In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service b... | E | |
| CVE-2019-19894 | In IXP EasyInstall 6.2.13723, it is possible to temporarily disable UAC by using the Agent Service o... | E | |
| CVE-2019-19895 | In IXP EasyInstall 6.2.13723, there is Lateral Movement (using the Agent Service) against other user... | E | |
| CVE-2019-19896 | In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Serv... | E | |
| CVE-2019-19897 | In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the Agent Service. An unauthenticat... | E | |
| CVE-2019-19898 | In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP port 2... | E | |
| CVE-2019-19899 | Pebble Templates 3.1.2 allows attackers to bypass a protection mechanism (intended to block access t... | E | |
| CVE-2019-19900 | An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't su... | | |
| CVE-2019-19901 | An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't su... | | |
| CVE-2019-19902 | An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It allows the... | | |
| CVE-2019-19903 | An issue was discovered in Backdrop CMS 1.14.x before 1.14.2. It doesn't sufficiently filter output ... | | |
| CVE-2019-19905 | NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines ... | S | |
| CVE-2019-19906 | cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote deni... | E S | |
| CVE-2019-19907 | HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bou... | S | |
| CVE-2019-19908 | phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset ... | | |
| CVE-2019-19909 | An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open Jo... | S | |
| CVE-2019-19910 | The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certai... | S | |
| CVE-2019-19911 | There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range fu... | | |
| CVE-2019-19912 | In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload ... | E | |
| CVE-2019-19913 | In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.... | E | |
| CVE-2019-19914 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-19915 | The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subs... | E | |
| CVE-2019-19916 | In Midori Browser 0.5.11 (on Windows 10), Content Security Policy (CSP) is not applied correctly to ... | E | |
| CVE-2019-19917 | Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c.... | E | |
| CVE-2019-19918 | Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c.... | E | |
| CVE-2019-19919 | Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code E... | S | |
| CVE-2019-19920 | sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. Thi... | S | |
| CVE-2019-19921 | runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to ... | S | |
| CVE-2019-19922 | kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kube... | E S | |
| CVE-2019-19923 | flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a ... | S | |
| CVE-2019-19924 | SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. ... | S | |
| CVE-2019-19925 | zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of ... | S | |
| CVE-2019-19926 | multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated b... | S | |
| CVE-2019-19927 | In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a ... | E S | |
| CVE-2019-19929 | An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary... | | |
| CVE-2019-19930 | In libIEC61850 1.4.0, MmsValue_newOctetString in mms/iso_mms/common/mms_value.c has an integer signe... | E | |
| CVE-2019-19931 | In libIEC61850 1.4.0, MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c has a heap-ba... | E | |
| CVE-2019-19935 | Froala Editor before 3.2.3 allows XSS.... | E S | |
| CVE-2019-19937 | In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports... | | |
| CVE-2019-19940 | Incorrect input sanitation in text-oriented user interfaces (telnet, ssh) in Swisscom Centro Grande ... | E | |
| CVE-2019-19941 | Missing hostname validation in Swisscom Centro Grande before 6.16.12 allows a remote attacker to inj... | E | |
| CVE-2019-19942 | Missing output sanitation in Swisscom Centro Grande Centro Grande before 6.16.12, Centro Business 1.... | E | |
| CVE-2019-19943 | The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3.8 allows Remote Unauthenticat... | E | |
| CVE-2019-19944 | In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c has an out-of-bounds read, re... | E | |
| CVE-2019-19945 | uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This... | S | |
| CVE-2019-19946 | The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user i... | E | |
| CVE-2019-19947 | In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB devi... | S | |
| CVE-2019-19948 | In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of ... | S | |
| CVE-2019-19949 | In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of... | E S | |
| CVE-2019-19950 | In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLog... | E S | |
| CVE-2019-19951 | In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function Im... | E S | |
| CVE-2019-19952 | In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders... | E S | |
| CVE-2019-19953 | In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function E... | E S | |
| CVE-2019-19954 | Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan h... | E S | |
| CVE-2019-19956 | xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to... | S | |
| CVE-2019-19957 | In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_access_result.c has an out-of-bo... | E | |
| CVE-2019-19958 | In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer... | E | |
| CVE-2019-19959 | ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving e... | S | |
| CVE-2019-19960 | In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks.... | S | |
| CVE-2019-19962 | wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA... | S | |
| CVE-2019-19963 | An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled.... | S | |
| CVE-2019-19964 | On NETGEAR GS728TPS devices through 5.3.0.35, a remote attacker having network connectivity to the w... | | |
| CVE-2019-19965 | In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_di... | E S | |
| CVE-2019-19966 | In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpi... | E | |
| CVE-2019-19967 | The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOS... | E | |
| CVE-2019-19968 | PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Bui... | E | |
| CVE-2019-19977 | libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in nt... | E S | |
| CVE-2019-19979 | A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerabl... | E | |
| CVE-2019-19980 | The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that... | E | |
| CVE-2019-19981 | The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF... | E | |
| CVE-2019-19982 | The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unau... | E | |
| CVE-2019-19983 | In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running Wo... | E | |
| CVE-2019-19984 | The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users wi... | E | |
| CVE-2019-19985 | The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthen... | E | |
| CVE-2019-19986 | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. An attacker with... | E | |
| CVE-2019-19987 | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows Cross-... | E | |
| CVE-2019-19988 | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with vali... | E | |
| CVE-2019-19989 | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several PHP page... | E | |
| CVE-2019-19990 | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Stored ... | E | |
| CVE-2019-19991 | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Reflect... | E | |
| CVE-2019-19992 | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with vali... | E | |
| CVE-2019-19993 | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full pat... | E | |
| CVE-2019-19994 | An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind ... | E | |
| CVE-2019-19995 | A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the... | | |
| CVE-2019-19996 | An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A malformed login request allows remot... | | |
| CVE-2019-19998 | Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php.... | E | |
| CVE-2019-19999 | Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.... | E S |