The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2019-8932 | Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. | MEDIUM | Jul 22, 2019 |
| CVE-2019-8931 | Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application. | MEDIUM | Jul 22, 2019 |
| CVE-2019-8929 | An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype. | MEDIUM | May 17, 2019 |
| CVE-2019-8928 | An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName. | MEDIUM | May 17, 2019 |
| CVE-2019-8927 | An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Type, schDesc, schName, schSource, selectDeviceDone, task, val10, and val11. | MEDIUM | May 17, 2019 |
| CVE-2019-8926 | An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource. | MEDIUM | May 17, 2019 |
| CVE-2019-8925 | An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:\\boot.ini value. | -- | May 17, 2019 |
| CVE-2019-8924 | XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued. | -- | May 17, 2019 |
| CVE-2019-8923 | XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued. | HIGH | May 16, 2019 |
| CVE-2019-8922 | A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn\'t any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer. | MEDIUM | Dec 3, 2021 |
| CVE-2019-8921 | An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same. | LOW | Dec 3, 2021 |
| CVE-2019-8920 | iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569. | MEDIUM | Jul 11, 2019 |
| CVE-2019-8919 | The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks. | MEDIUM | Mar 20, 2019 |
| CVE-2019-8917 | SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may be abused by an attacker to execute commands as the SYSTEM user. | HIGH | Mar 20, 2019 |
| CVE-2019-8912 | In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. | High | Mar 6, 2019 |
| CVE-2019-8911 | An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box (for the website statistics code). | MEDIUM | Mar 20, 2019 |
| CVE-2019-8910 | An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF. | MEDIUM | Mar 20, 2019 |
| CVE-2019-8909 | An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consumption) via crafted dimensions for the verification code image. | MEDIUM | Mar 20, 2019 |
| CVE-2019-8908 | An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the \"Setting -> Mailbox configuration -> Registration email template\" screen, and uploading an image file, as demonstrated by a .php filename and the \"Content-Type: image/gif\" header. | HIGH | Mar 20, 2019 |
| CVE-2019-8907 | do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. | Medium | Mar 26, 2019 |
| CVE-2019-8906 | do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. | Medium | Mar 26, 2019 |
| CVE-2019-8905 | do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. | Medium | Mar 26, 2019 |
| CVE-2019-8904 | do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. | Medium | Mar 26, 2019 |
| CVE-2019-8903 | index.js in Total.js Platform before 3.2.3 allows path traversal. | MEDIUM | Mar 20, 2019 |
| CVE-2019-8902 | An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users\' articles via the public/api.php?app=user URI. | MEDIUM | Mar 20, 2019 |
| CVE-2019-8901 | This issue was addressed by verifying host keys when connecting to a previously-known SSH server. This issue is fixed in iOS 13.1 and iPadOS 13.1. An attacker in a privileged network position may be able to intercept SSH traffic from the “Run script over SSH” action. | MEDIUM | Oct 30, 2020 |
| CVE-2019-8899 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2019-8898 | An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited. | MEDIUM | Oct 30, 2020 |
| CVE-2019-8897 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2019-8896 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2019-8895 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2019-8894 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2019-8893 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2019-8892 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2019-8891 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2019-8890 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2019-8889 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2019-8888 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2019-8887 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2019-8886 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2019-8885 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2019-8884 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2019-8883 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2019-8882 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2019-8881 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2019-8880 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2019-8879 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2019-8878 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2019-8877 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
| CVE-2019-8876 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
