| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-17511 |
|
|
2019-10-14 |
N/A |
| There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can get the router's log file via log_get.php, which could be used to discover the intranet network structure. |
| CVE-2019-16519 |
|
|
2019-10-14 |
N/A |
| ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks. |
| CVE-2019-9745 |
|
|
2019-10-14 |
N/A |
| CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. This tool communicates with a service (Recognition Update Client Service) via an insecure communication channel (Named Pipe). The data... |
| CVE-2019-17579 |
|
|
2019-10-14 |
N/A |
| SonarSource SonarQube before 7.8 has XSS in project links on account/projects. |
| CVE-2019-17575 |
|
|
2019-10-14 |
N/A |
| A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extension. (For example: place PHP code in a .jpg... |
| CVE-2019-16344 |
|
|
2019-10-14 |
N/A |
| A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR/login.htm) in ScadaBR 1.0CE allows a remote attacker to inject arbitrary web script or HTML via the username or password parameter. |
| CVE-2019-14858 |
|
|
2019-10-14 |
N/A |
| A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before... |
| CVE-2019-14838 |
|
|
2019-10-14 |
N/A |
| A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server |
| CVE-2019-4572 |
|
|
2019-10-14 |
N/A |
| IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations, could log the web service user credentials into a log file that could be accessed by an administrator on the local machine. IBM X-Force ID: 166798. |
| CVE-2019-17574 |
|
|
2019-10-14 |
N/A |
| An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling... |
| CVE-2019-17553 |
|
|
2019-10-14 |
N/A |
| An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags&c=index&a=doSaveTags URI. |
| CVE-2019-17552 |
|
|
2019-10-14 |
N/A |
| An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload. |
| CVE-2019-17263 |
1 Libfwsi Project |
1 Libfwsi |
2019-10-14 |
2.1 |
| ** DISPUTED ** In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though... |
| CVE-2019-17408 |
|
|
2019-10-14 |
N/A |
| parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr. |
| CVE-2019-17547 |
|
|
2019-10-14 |
N/A |
| In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free. |
| CVE-2019-17546 |
|
|
2019-10-14 |
N/A |
| tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. |
| CVE-2019-17545 |
|
|
2019-10-14 |
N/A |
| GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. |
| CVE-2019-17544 |
|
|
2019-10-14 |
N/A |
| libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. |
| CVE-2019-17543 |
|
|
2019-10-14 |
N/A |
| LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) |
| CVE-2019-17542 |
|
|
2019-10-14 |
N/A |
| FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. |
