The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2019-11493 | VeryPDF 4.1 has a Memory Overflow leading to Code Execution because pdfocx!CxImageTIF::operator in pdfocx.ocx (used by pdfeditor.exe and pdfcmd.exe) is mishandled. | MEDIUM | Apr 26, 2019 |
| CVE-2019-11492 | ProjectSend before r1070 writes user passwords to the server logs. | MEDIUM | Apr 30, 2019 |
| CVE-2019-11490 | An issue was discovered in Npcap 0.992. Sending a malformed .pcap file with the loopback adapter using either pcap_sendqueue_queue() or pcap_sendqueue_transmit() results in kernel pool corruption. This could lead to arbitrary code executing inside the Windows kernel and allow escalation of privileges. | HIGH | Apr 29, 2019 |
| CVE-2019-11489 | Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI. | HIGH | May 3, 2019 |
| CVE-2019-11488 | Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from the browser history. | MEDIUM | May 3, 2019 |
| CVE-2019-11487 | The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. | High | Apr 30, 2019 |
| CVE-2019-11486 | The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions. | Medium | May 1, 2019 |
| CVE-2019-11485 | Sander Bos discovered Apport\'s lock file was in a world-writable directory which allowed all users to prevent crash handling. | LOW | Feb 12, 2020 |
| CVE-2019-11484 | Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie. | MEDIUM | Feb 12, 2020 |
| CVE-2019-11483 | Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. | LOW | Feb 12, 2020 |
| CVE-2019-11482 | Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories. | LOW | Feb 12, 2020 |
| CVE-2019-11481 | Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences. | MEDIUM | Feb 12, 2020 |
| CVE-2019-11480 | The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive to install a malicious package within the build chroot. This issue affects pc-kernel versions prior to and including 2019-07-16 | MEDIUM | Apr 14, 2020 |
| CVE-2019-11479 | Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363. | Medium | Jun 20, 2019 |
| CVE-2019-11478 | Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e. | Medium | Jun 20, 2019 |
| CVE-2019-11477 | Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. | High | Jun 20, 2019 |
| CVE-2019-11476 | An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-execution in the context of the whoopsie process. | MEDIUM | Sep 4, 2019 |
| CVE-2019-11474 | coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. | MEDIUM | May 9, 2019 |
| CVE-2019-11473 | coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. | MEDIUM | May 9, 2019 |
| CVE-2019-11472 | ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first. | Medium | Apr 24, 2019 |
| CVE-2019-11471 | libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images. | MEDIUM | Apr 24, 2019 |
| CVE-2019-11470 | The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file. | High | Apr 24, 2019 |
| CVE-2019-11469 | Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the \"Execute Program Action(s)\" feature. | HIGH | Apr 26, 2019 |
| CVE-2019-11467 | In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \\t, <, >, it caused buffer overrun as encoded string would be much larger than accounted for, causing indexer service to crash and restart. This has been remedied in versions 5.1.2 and 5.5.2 to ensure buffer always grows as needed for any input. | High | Sep 11, 2019 |
| CVE-2019-11466 | In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access. | Medium | Sep 11, 2019 |
| CVE-2019-11465 | An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached \"connections\" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted. | MEDIUM | Sep 13, 2019 |
| CVE-2019-11464 | Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some information security professionals additionally look for X-Permitted-Cross-Domain-Policies and X-XSS-Protection, which are more generally applicable to HTML endpoint, to be included too. These headers were not included in Couchbase Server 5.5.0 and 5.1.2 . They are now included in version 6.0.2 in responses from the Couchbase Server Views REST API (port 8092). | Medium | Sep 11, 2019 |
| CVE-2019-11463 | A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product\'s official releases are unaffected. | Medium | Apr 30, 2019 |
| CVE-2019-11461 | An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer\'s controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063. | Medium | May 1, 2019 |
| CVE-2019-11460 | An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer\'s controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063. | Medium | Apr 25, 2019 |
| CVE-2019-11459 | The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. | Medium | May 1, 2019 |
| CVE-2019-11458 | An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction. | MEDIUM | May 9, 2019 |
| CVE-2019-11457 | Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/. | MEDIUM | Aug 28, 2019 |
| CVE-2019-11456 | Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. | MEDIUM | Apr 26, 2019 |
| CVE-2019-11455 | A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage). | Medium | May 8, 2019 |
| CVE-2019-11454 | Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation. | Medium | May 8, 2019 |
| CVE-2019-11452 | whatsns 4.0 allows index.php?admin_category/remove.html cid[] SQL injection. | MEDIUM | Apr 22, 2019 |
| CVE-2019-11451 | whatsns 4.0 allows index.php?inform/add.html qid SQL injection. | MEDIUM | Apr 22, 2019 |
| CVE-2019-11450 | whatsns 4.0 allows index.php?question/ajaxadd.html title SQL injection. | HIGH | Apr 22, 2019 |
| CVE-2019-11449 | I, Librarian 4.10 has XSS via the notes.php notes parameter. | MEDIUM | Apr 23, 2019 |
| CVE-2019-11448 | An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file. | HIGH | May 6, 2019 |
| CVE-2019-11447 | An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.) | MEDIUM | Apr 26, 2019 |
| CVE-2019-11446 | An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value only lists lowercase (and thus .phP is a bypass), and omits .shtml and .phtml. | MEDIUM | Apr 26, 2019 |
| CVE-2019-11445 | OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering with the Filesystem path control in the admin\'s Export field. As a result, attackers can gain remote code execution through the application server with root privileges. | HIGH | Apr 23, 2019 |
| CVE-2019-11444 | An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay\'s Groovy script console to execute OS commands. Commands can be executed via a [command].execute() call, as demonstrated by def cmd = in the ServerAdminPortlet_script value to group/control_panel/manage. Valid credentials for an application administrator user account are required. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to run groovy scripts and therefore not a design flaw | HIGH | May 9, 2019 |
| CVE-2019-11429 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the \"Domain\" field on the \"DNS Functions > \"Add DNS Zone\" screen. | LOW | May 15, 2019 |
| CVE-2019-11428 | I, Librarian 4.10 has XSS via the export.php export_files parameter. | MEDIUM | Apr 22, 2019 |
| CVE-2019-11427 | An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter. | MEDIUM | Apr 22, 2019 |
| CVE-2019-11426 | An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter. | MEDIUM | Apr 22, 2019 |
| CVE-2019-11419 | vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service (application crash) by replacing an emoji file (under the /sdcard/tencent/MicroMsg directory) with a crafted .wxgf file. The content of the replacement must be derived from the phone\'s IMEI. The crash occurs upon receiving a message that contains the replaced emoji. | MEDIUM | May 17, 2019 |
