The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2019-12260 | Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option. | HIGH | Aug 19, 2019 |
| CVE-2019-12259 | Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing. | MEDIUM | Aug 11, 2019 |
| CVE-2019-12258 | Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options. | MEDIUM | Aug 11, 2019 |
| CVE-2019-12257 | Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc. | MEDIUM | Aug 11, 2019 |
| CVE-2019-12256 | Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options. | HIGH | Aug 11, 2019 |
| CVE-2019-12255 | Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. | HIGH | Aug 11, 2019 |
| CVE-2019-12254 | In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn\'t properly restrict access to an endpoint that is responsible for saving settings, to a unauthenticated user with limited access rights. Based on the lack of adequately implemented access-control rules, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to change the application settings without authenticating at all, which violates originally laid ACL rules. | -- | May 6, 2022 |
| CVE-2019-12253 | my little forum before 2.4.20 allows CSRF to delete posts, as demonstrated by mode=posting&delete_posting. | MEDIUM | May 21, 2019 |
| CVE-2019-12252 | In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring. | MEDIUM | May 27, 2019 |
| CVE-2019-12251 | sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter. | MEDIUM | May 21, 2019 |
| CVE-2019-12250 | IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log. NOTE: the software maintainer disputes that this is a vulnerability because the request logger is not part of IdentityServer but only our development test host | Medium | May 21, 2019 |
| CVE-2019-12248 | An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. An attacker could send a malicious email to an OTRS system. If a logged-in agent user quotes it, the email could cause the browser to load external image resources. | MEDIUM | Jun 18, 2019 |
| CVE-2019-12247 | QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable | MEDIUM | May 30, 2019 |
| CVE-2019-12246 | SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools. | MEDIUM | Feb 20, 2020 |
| CVE-2019-12245 | SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension. | MEDIUM | Sep 27, 2019 |
| CVE-2019-12243 | Istio 1.1.x through 1.1.6 has Incorrect Access Control. | MEDIUM | Jun 5, 2019 |
| CVE-2019-12241 | The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source cookie to classes/wc-cartsguru-event-handler.php. | HIGH | May 27, 2019 |
| CVE-2019-12240 | The Virim plugin 0.4 for WordPress allows Insecure Deserialization via s_values, t_values, or c_values in graph.php. | HIGH | May 21, 2019 |
| CVE-2019-12239 | The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access. | MEDIUM | May 21, 2019 |
| CVE-2019-12223 | An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the main process controlling operation of the DVR system, rendering services unavailable during the reboot operation. A repeated attack affects availability as long as the attacker has network access to the device. | HIGH | Sep 6, 2019 |
| CVE-2019-12222 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c. | Medium | May 21, 2019 |
| CVE-2019-12221 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c. | Medium | May 21, 2019 |
| CVE-2019-12220 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c. | Medium | May 21, 2019 |
| CVE-2019-12219 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c. | Medium | May 21, 2019 |
| CVE-2019-12218 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. | Medium | May 21, 2019 |
| CVE-2019-12217 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c. | Medium | May 21, 2019 |
| CVE-2019-12216 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. | Medium | May 21, 2019 |
| CVE-2019-12215 | A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating avoid reporting path disclosures, as we don\'t consider them as security vulnerabilities. | MEDIUM | May 21, 2019 |
| CVE-2019-12214 | In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data. | MEDIUM | May 21, 2019 |
| CVE-2019-12213 | When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion. | MEDIUM | May 20, 2019 |
| CVE-2019-12212 | When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file. | MEDIUM | May 21, 2019 |
| CVE-2019-12211 | When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow. | MEDIUM | May 20, 2019 |
| CVE-2019-12210 | In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it. This can leak sensitive information and also, if written to, be used to fill the disk or plant misinformation. | MEDIUM | Jul 19, 2019 |
| CVE-2019-12209 | Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM configuration, part of the file contents of a symlink target will be logged, possibly revealing sensitive information. | MEDIUM | Jun 20, 2019 |
| CVE-2019-12208 | njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. | High | May 20, 2019 |
| CVE-2019-12207 | njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. | High | May 20, 2019 |
| CVE-2019-12206 | njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. | High | May 20, 2019 |
| CVE-2019-12205 | SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS. | MEDIUM | Sep 26, 2019 |
| CVE-2019-12204 | In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access. | HIGH | Sep 26, 2019 |
| CVE-2019-12203 | SilverStripe through 4.3.3 allows session fixation in the \"change password\" form. | LOW | Sep 27, 2019 |
| CVE-2019-12198 | In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header. | MEDIUM | May 21, 2019 |
| CVE-2019-12196 | A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter. | HIGH | Jun 7, 2019 |
| CVE-2019-12195 | TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet. | LOW | May 29, 2019 |
| CVE-2019-12193 | H3C H3Cloud OS all versions allows SQL injection via the ear/grid_event sidx parameter. | HIGH | Jul 29, 2019 |
| CVE-2019-12190 | XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter. | LOW | May 21, 2019 |
| CVE-2019-12189 | An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field. | MEDIUM | May 23, 2019 |
| CVE-2019-12186 | An issue was discovered in Sylius products. Missing input sanitization in sylius/sylius 1.0.x through 1.0.18, 1.1.x through 1.1.17, 1.2.x through 1.2.16, 1.3.x through 1.3.11, and 1.4.x through 1.4.3 and sylius/grid 1.0.x through 1.0.18, 1.1.x through 1.1.18, 1.2.x through 1.2.17, 1.3.x through 1.3.12, 1.4.x through 1.4.4, and 1.5.0 allows an attacker (an admin in the sylius/sylius case) to perform XSS by injecting malicious code into a field displayed in a grid with the string field type. The contents are an object, with malicious code returned by the __toString() method of that object. | LOW | Jan 8, 2020 |
| CVE-2019-12185 | eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. | -- | May 20, 2019 |
| CVE-2019-12184 | There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136. | LOW | May 20, 2019 |
| CVE-2019-12183 | Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 series allows remote attackers to read any file via the administrative API. | MEDIUM | Mar 4, 2020 |
