The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2019-1577 | Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML. | MEDIUM | Jul 2, 2019 |
CVE-2018-6149 | Type confusion in JavaScript in Google Chrome prior to 67.0.3396.87 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | MEDIUM | Jul 2, 2019 |
CVE-2018-6148 | Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | MEDIUM | Jul 2, 2019 |
CVE-2018-6145 | Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | MEDIUM | Jul 2, 2019 |
CVE-2018-15557 | An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 devices. An attacker can statically set his/her IP to anything on the 169.254.1.0/24 subnet, and obtain root access by connecting to 169.254.1.2 port 23 with telnet/netcat. | HIGH | Jul 2, 2019 |
CVE-2018-15556 | The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user \"root\" and an empty password by using the enabled onboard UART headers. | HIGH | Jul 2, 2019 |
CVE-2016-5236 | Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9.5 and earlier, aka F5 WebSafe Alert Server, allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature. | LOW | Jul 2, 2019 |
CVE-2016-5235 | A Cross Site Scripting (XSS) vulnerability in versions of F5 WebSafe Dashboard 3.9.x and earlier, aka F5 WebSafe Alert Server, allows an unauthenticated user to inject HTML via a crafted alert. | MEDIUM | Jul 2, 2019 |
CVE-2018-20849 | Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATH_INFO to the login/ URI. | -- | Jul 1, 2019 |
CVE-2019-13072 | Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page. | MEDIUM | Jul 1, 2019 |
CVE-2019-13049 | An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows users to map arbitrary kernel pages into userland process space via TOARU_SYS_FUNC_MMAP, leading to escalation of privileges. | HIGH | Jul 1, 2019 |
CVE-2019-13048 | kernel/sys/syscall.c in ToaruOS through 1.10.9 allows a denial of service upon a critical error in certain sys_sbrk allocation patterns (involving PAGE_SIZE, and a value less than PAGE_SIZE). | MEDIUM | Jul 1, 2019 |
CVE-2019-13047 | kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in sys_sysfunc case 9 for TOARU_SYS_FUNC_SETHEAP, allowing arbitrary kernel pages to be mapped into user land, leading to root access. | HIGH | Jul 1, 2019 |
CVE-2019-13046 | linker/linker.c in ToaruOS through 1.10.9 has insecure LD_LIBRARY_PATH handling in setuid applications. | HIGH | Jul 1, 2019 |
CVE-2019-12982 | Ming (aka libming) 0.4.8 has a heap buffer overflow and underflow in the decompileCAST function in util/decompile.c in libutil.a. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted SWF file. | MEDIUM | Jul 1, 2019 |
CVE-2019-12887 | KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2). | MEDIUM | Jul 1, 2019 |
CVE-2019-12323 | The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS. | MEDIUM | Jul 1, 2019 |
CVE-2019-6961 | Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows a logged in user to control DDNS, QoS, RIP, and other privileged configurations (intended only for the network operator) by sending an HTTP POST to the PHP backend, because the page filtering for non-superuser (in header.php) is done only for GET requests and not for direct AJAX calls. | MEDIUM | Jul 1, 2019 |
CVE-2019-5839 | Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL. | MEDIUM | Jul 1, 2019 |
CVE-2019-5838 | Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension. | MEDIUM | Jul 1, 2019 |
CVE-2019-5837 | Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5836 | Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5835 | Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5834 | Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5833 | Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5832 | Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5831 | Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5830 | Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5829 | Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5828 | Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5827 | Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5824 | Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5818 | Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. | MEDIUM | Jul 1, 2019 |
CVE-2019-5817 | Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5816 | Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5814 | Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5812 | Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5811 | Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5810 | Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5809 | Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5807 | Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5806 | Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5805 | Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | MEDIUM | Jul 1, 2019 |
CVE-2019-5786 | Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5785 | Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-5784 | Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | MEDIUM | Jul 1, 2019 |
CVE-2019-3632 | Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input. | MEDIUM | Jul 1, 2019 |
CVE-2019-3631 | Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | MEDIUM | Jul 1, 2019 |
CVE-2019-3630 | Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | MEDIUM | Jul 1, 2019 |
CVE-2019-3629 | Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially crafted parameters. | MEDIUM | Jul 1, 2019 |