The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2019-16838 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | -- | Nov 7, 2023 |
| CVE-2019-16839 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | -- | Nov 7, 2023 |
| CVE-2019-16840 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | -- | Nov 7, 2023 |
| CVE-2019-16841 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | -- | Nov 7, 2023 |
| CVE-2019-16842 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | -- | Nov 7, 2023 |
| CVE-2019-16843 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | -- | Nov 7, 2023 |
| CVE-2019-16844 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | -- | Nov 7, 2023 |
| CVE-2019-16845 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | -- | Nov 7, 2023 |
| CVE-2019-16846 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | -- | Nov 7, 2023 |
| CVE-2019-16847 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | -- | Nov 7, 2023 |
| CVE-2019-16848 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | -- | Nov 7, 2023 |
| CVE-2019-16849 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | -- | Nov 7, 2023 |
| CVE-2019-16850 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | -- | Nov 7, 2023 |
| CVE-2019-16851 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | -- | Nov 7, 2023 |
| CVE-2019-16852 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | -- | Nov 7, 2023 |
| CVE-2019-16853 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | -- | Nov 7, 2023 |
| CVE-2019-16854 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | -- | Nov 7, 2023 |
| CVE-2019-16855 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | -- | Nov 7, 2023 |
| CVE-2019-16856 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | -- | Nov 7, 2023 |
| CVE-2019-16857 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | -- | Nov 7, 2023 |
| CVE-2019-16858 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | -- | Nov 7, 2023 |
| CVE-2019-16859 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | -- | Nov 7, 2023 |
| CVE-2019-16860 | Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local machine. | MEDIUM | Nov 21, 2019 |
| CVE-2019-16861 | Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local server. | MEDIUM | Nov 21, 2019 |
| CVE-2019-16862 | Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user\'s session via the pid parameter. | -- | Oct 21, 2019 |
| CVE-2019-16863 | STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL. | MEDIUM | Nov 14, 2019 |
| CVE-2019-16864 | CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. The exec command is always run as SYSTEM. | HIGH | Feb 15, 2022 |
| CVE-2019-16865 | An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image. | Medium | Oct 10, 2019 |
| CVE-2019-16866 | Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule. | Medium | Oct 8, 2019 |
| CVE-2019-16867 | HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.) | MEDIUM | Sep 25, 2019 |
| CVE-2019-16868 | emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter. | HIGH | Sep 26, 2019 |
| CVE-2019-16869 | Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a \"Transfer-Encoding : chunked\" line), which leads to HTTP request smuggling. | MEDIUM | Sep 30, 2019 |
| CVE-2019-16871 | Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol. | HIGH | Dec 19, 2019 |
| CVE-2019-16872 | Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4). | HIGH | Nov 8, 2019 |
| CVE-2019-16873 | Portainer before 1.22.1 has XSS (issue 1 of 2). | LOW | Nov 7, 2019 |
| CVE-2019-16874 | Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4). | MEDIUM | Nov 8, 2019 |
| CVE-2019-16876 | Portainer before 1.22.1 allows Directory Traversal. | MEDIUM | Nov 7, 2019 |
| CVE-2019-16877 | Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). | MEDIUM | Nov 8, 2019 |
| CVE-2019-16878 | Portainer before 1.22.1 has XSS (issue 2 of 2). | LOW | Nov 7, 2019 |
| CVE-2019-16879 | The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has a Missing Authentication for Critical Function (CWE-306) vulnerability. The affected product does not require authentication for TELNET access, which may allow an attacker to change configuration or perform other malicious activities. | HIGH | Apr 14, 2020 |
| CVE-2019-16880 | An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zip_elements method. | HIGH | Sep 27, 2019 |
| CVE-2019-16881 | An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callback. | HIGH | Sep 26, 2019 |
| CVE-2019-16882 | An issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to read from memory locations associated with dangling pointers, because of a cloning flaw. | MEDIUM | Sep 26, 2019 |
| CVE-2019-16884 | runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | Medium | Oct 7, 2019 |
| CVE-2019-16885 | In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie price_filter, and second in api/Comparison.php via the cookie comparison. | HIGH | Dec 13, 2019 |
| CVE-2019-16887 | In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc. | MEDIUM | Sep 26, 2019 |
| CVE-2019-16889 | Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs. | HIGH | Oct 1, 2019 |
| CVE-2019-16890 | Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments. | LOW | Sep 26, 2019 |
| CVE-2019-16891 | Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload. | Medium | Oct 10, 2019 |
| CVE-2019-16892 | In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption). | HIGH | Oct 1, 2019 |
