The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2019-9204 | SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands. | HIGH | Apr 15, 2019 | n/a |
CVE-2019-9695 | Norton Core prior to v278 may be susceptible to an arbitrary code execution issue, which is a type of vulnerability that has the potential of allowing an individual to execute arbitrary commands or code on a target machine or in a target process. Note that this exploit is only possible with direct physical access to the device. | HIGH | Apr 1, 2019 | n/a |
CVE-2019-9759 | An issue was discovered in TONGDA Office Anywhere 10.18.190121. There is a SQL Injection vulnerability via the general/approve_center/list/input_form/work_handle.php run_id parameter. | HIGH | Apr 2, 2019 | n/a |
CVE-2018-10243 | htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header. | High | Apr 8, 2019 | n/a |
CVE-2018-10244 | Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check. | High | Apr 6, 2019 | n/a |
CVE-2019-10908 | In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. This PRNG has a 48-bit seed that can easily be bruteforced, leading to trivial privilege escalation attacks. | HIGH | Apr 10, 2019 | n/a |
CVE-2019-8956 | In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the sctp_sendmsg() function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory. | High | Apr 3, 2019 | n/a |
CVE-2019-9193 | In PostgreSQL 9.3 through 11.2, the COPY TO/FROM PROGRAM function allows superusers and users in the \'pg_execute_server_program\' group to execute arbitrary code in the context of the database\'s operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’. | HIGH | Oct 10, 2019 | n/a |
CVE-2014-5435 | An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | HIGH | Apr 9, 2019 | n/a |
CVE-2014-9186 | A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | HIGH | Apr 9, 2019 | n/a |
CVE-2017-7912 | Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication. | HIGH | Apr 10, 2019 | n/a |
CVE-2019-0211 | In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected. | High | Apr 11, 2019 | n/a |
CVE-2019-0592 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \'Chakra Scripting Engine Memory Corruption Vulnerability\'. This CVE ID is unique from CVE-2019-0611. | HIGH | Apr 9, 2019 | n/a |
CVE-2019-0603 | A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions. The security update addresses the vulnerability by correcting how Windows Deployment Services TFTP Server handles objects in memory, aka \'Windows Deployment Services TFTP Server Remote Code Execution Vulnerability\'. | HIGH | Apr 10, 2019 | n/a |
CVE-2019-0609 | A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka \'Scripting Engine Memory Corruption Vulnerability\'. This CVE ID is unique from CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783. | HIGH | Apr 9, 2019 | n/a |
CVE-2019-0611 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \'Chakra Scripting Engine Memory Corruption Vulnerability\'. This CVE ID is unique from CVE-2019-0592. | HIGH | Apr 9, 2019 | n/a |
CVE-2019-0617 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka \'Jet Database Engine Remote Code Execution Vulnerability\'. | HIGH | Apr 9, 2019 | n/a |
CVE-2019-0639 | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \'Scripting Engine Memory Corruption Vulnerability\'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783. | HIGH | Apr 9, 2019 | n/a |
CVE-2019-0665 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka \'Windows VBScript Engine Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-0666, CVE-2019-0667, CVE-2019-0772. | HIGH | Apr 9, 2019 | n/a |
CVE-2019-0666 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka \'Windows VBScript Engine Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0667, CVE-2019-0772. | HIGH | Apr 9, 2019 | n/a |
CVE-2019-0667 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka \'Windows VBScript Engine Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772. | HIGH | Apr 9, 2019 | n/a |
CVE-2019-0726 | A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka \'Windows DHCP Client Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-0697, CVE-2019-0698. | HIGH | Apr 10, 2019 | n/a |
CVE-2019-0756 | A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka \'MS XML Remote Code Execution Vulnerability\'. | HIGH | Apr 10, 2019 | n/a |
CVE-2019-0765 | A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory, aka \'Comctl32 Remote Code Execution Vulnerability\'. | HIGH | Apr 10, 2019 | n/a |
CVE-2019-0773 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka \'Scripting Engine Memory Corruption Vulnerability\'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0783. | HIGH | Apr 10, 2019 | n/a |
CVE-2019-0780 | A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka \'Microsoft Browser Memory Corruption Vulnerability\'. | HIGH | Apr 10, 2019 | n/a |
CVE-2019-0784 | A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in memory, aka \'Windows ActiveX Remote Code Execution Vulnerability\'. | HIGH | Apr 10, 2019 | n/a |
CVE-2019-0797 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \'Win32k Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2019-0808. | HIGH | Apr 10, 2019 | n/a |
CVE-2019-10914 | pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c. | High | Apr 10, 2019 | n/a |
CVE-2019-11001 | On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the \"TestEmail\" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field. | HIGH | Apr 9, 2019 | n/a |
CVE-2019-11005 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value. | HIGH | Apr 10, 2019 | n/a |
CVE-2019-11014 | The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application (for Android, iOS, and Windows), do not prevent spoofing of the camera server. An attacker can create a fake camera server that listens for the client looking for a camera on the local network. When the camera responds to the client, it responds via the broadcast address, giving all information necessary to impersonate the camera. The attacker then floods the client with responses, causing the original camera to be denied service from the client, and thus causing the client to then communicate exclusively with the attacker\'s fake camera server. When connecting to the fake camera server, the client sends all details necessary to login to the camera (username and password). | HIGH | Apr 11, 2019 | n/a |
CVE-2019-4155 | IBM API Connect\'s Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user registry. IBM X-Force ID: 158544. | HIGH | Apr 10, 2019 | n/a |
CVE-2017-17023 | The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, \"Sophos IPSec Client\" 11.04 is a rebranded version of NCP \"Secure Entry Client\" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user\'s computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it. | HIGH | Apr 11, 2019 | n/a |
CVE-2017-17544 | A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to super_admin via restoring modified configurations. | High | Apr 10, 2019 | n/a |
CVE-2018-15640 | Improper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0 allows remote authenticated attackers to obtain elevated privileges via a crafted request. | HIGH | Apr 10, 2019 | n/a |
CVE-2018-16530 | A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation. | HIGH | Apr 11, 2019 | n/a |
CVE-2018-19586 | Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables regular users to write arbitrary files on the underlying system with privileges of the user running the application. Especially, an attacker may leverage the vulnerability to write an executable JSP file in an exposed web directory to execute commands on the underlying system. | HIGH | Apr 11, 2019 | n/a |
CVE-2019-0685 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \'Win32k Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2019-0803, CVE-2019-0859. | HIGH | Apr 10, 2019 | n/a |
CVE-2019-0735 | An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory, aka \'Windows CSRSS Elevation of Privilege Vulnerability\'. | HIGH | Apr 11, 2019 | n/a |
CVE-2019-0739 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka \'Scripting Engine Memory Corruption Vulnerability\'. This CVE ID is unique from CVE-2019-0752, CVE-2019-0753, CVE-2019-0862. | HIGH | Apr 10, 2019 | n/a |
CVE-2019-0752 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \'Scripting Engine Memory Corruption Vulnerability\'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862. | HIGH | Apr 15, 2019 | n/a |
CVE-2019-0753 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \'Scripting Engine Memory Corruption Vulnerability\'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0752, CVE-2019-0862. | HIGH | Apr 10, 2019 | n/a |
CVE-2019-0786 | An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine, aka \'SMB Server Elevation of Privilege Vulnerability\'. | HIGH | Apr 11, 2019 | n/a |
CVE-2019-0790 | A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka \'MS XML Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795. | HIGH | Apr 11, 2019 | n/a |
CVE-2019-0791 | A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka \'MS XML Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795. | HIGH | Apr 11, 2019 | n/a |
CVE-2019-0792 | A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka \'MS XML Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0793, CVE-2019-0795. | HIGH | Apr 11, 2019 | n/a |
CVE-2019-0793 | A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka \'MS XML Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0795. | HIGH | Apr 11, 2019 | n/a |
CVE-2019-0794 | A remote code execution vulnerability exists when OLE automation improperly handles objects in memory, aka \'OLE Automation Remote Code Execution Vulnerability\'. | HIGH | Apr 11, 2019 | n/a |
CVE-2019-0795 | A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka \'MS XML Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793. | HIGH | Apr 11, 2019 | n/a |