Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 88806 entries
IDDescriptionPriorityModified date
CVE-2019-9978 The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro. -- Mar 25, 2019
CVE-2019-9977 The renderer process in the entertainment system on Tesla Model 3 vehicles mishandles JIT compilation, which allows attackers to trigger firmware code execution, and display a crafted message to vehicle occupants. MEDIUM Mar 24, 2019
CVE-2019-9976 The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users. MEDIUM Apr 11, 2019
CVE-2019-9975 DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key. MEDIUM Apr 11, 2019
CVE-2019-9974 diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack. MEDIUM Apr 11, 2019
CVE-2019-9970 Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets. MEDIUM Mar 23, 2019
CVE-2019-9969 XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x385399. MEDIUM Mar 24, 2019
CVE-2019-9968 XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlQueueWorkItem. MEDIUM Mar 24, 2019
CVE-2019-9967 XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlPrefixUnicodeString. MEDIUM Mar 24, 2019
CVE-2019-9966 XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x38536c. MEDIUM Mar 24, 2019
CVE-2019-9965 XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap. MEDIUM Mar 24, 2019
CVE-2019-9964 XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey. MEDIUM Mar 24, 2019
CVE-2019-9963 XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap. MEDIUM Mar 24, 2019
CVE-2019-9962 XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy. MEDIUM Mar 24, 2019
CVE-2019-9961 A cross-site scripting (XSS) vulnerability in ressource view in core/modules/resource/RESOURCEVIEW.php in Wikindx prior to version 5.7.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. MEDIUM Mar 27, 2019
CVE-2019-9960 The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path. HIGH Mar 23, 2019
CVE-2019-9956 In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. Medium Mar 23, 2019
CVE-2019-9948 urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(\'local_file:///etc/passwd\') call. Medium Mar 23, 2019
CVE-2019-9947 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string or PATH_INFO) followed by an HTTP header or a Redis command. This is similar to CVE-2019-9740. Medium Mar 23, 2019
CVE-2019-9946 Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI \'portmap\' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0. MEDIUM Apr 2, 2019
CVE-2019-9945 SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user credentials. If customers have not followed SoftNAS deployment best practices and expose SoftNAS StorageCenter ports directly to the internet, this vulnerability allows an attacker to gain access to the Webadmin interface to create new users or execute arbitrary commands with administrative privileges, compromising both the platform and the data. HIGH Mar 24, 2019
CVE-2019-9942 A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place. MEDIUM Mar 24, 2019
CVE-2019-9939 The SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public \"open\" Wi-Fi hotspots created by the application when file transfer is initiated) to bypass authentication by trying to fetch a non-existing page. When the non-existing page is requested, the application responds with a 200 status code and empty page, and adds the requesting client device into the list of recognized devices. MEDIUM Mar 23, 2019
CVE-2019-9938 The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public \"open\" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos, sound clips, etc. The attacker must be authenticated as a \"recognized device.\" LOW Mar 23, 2019
CVE-2019-9937 In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. MEDIUM Mar 23, 2019
CVE-2019-9936 In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. Medium Mar 22, 2019
CVE-2019-9927 Caret before 2019-02-22 allows Remote Code Execution. HIGH Mar 23, 2019
CVE-2019-9925 S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter. MEDIUM Mar 23, 2019
CVE-2019-9924 rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. HIGH Mar 22, 2019
CVE-2019-9923 pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. MEDIUM Mar 23, 2019
CVE-2019-9922 An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files. MEDIUM Mar 29, 2019
CVE-2019-9921 An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user. MEDIUM Mar 29, 2019
CVE-2019-9920 An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user. MEDIUM Mar 29, 2019
CVE-2019-9919 An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS. LOW Mar 29, 2019
CVE-2019-9918 An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database. MEDIUM Mar 29, 2019
CVE-2019-9917 ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding. Medium Mar 27, 2019
CVE-2019-9915 GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter. -- Mar 22, 2019
CVE-2019-9914 The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS. MEDIUM Mar 22, 2019
CVE-2019-9913 The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS. -- Mar 22, 2019
CVE-2019-9912 The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO. -- Mar 22, 2019
CVE-2019-9911 The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS. MEDIUM Mar 22, 2019
CVE-2019-9910 The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS. MEDIUM Mar 22, 2019
CVE-2019-9909 The \"Donation Plugin and Fundraising Platform\" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS. MEDIUM Mar 22, 2019
CVE-2019-9908 The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS. MEDIUM Mar 22, 2019
CVE-2019-9904 An issue was discovered in lib\\cdt\\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\\cgraph\\graph.c in libcgraph.a, related to agfstsubg in lib\\cgraph\\subg.c. MEDIUM Mar 22, 2019
CVE-2019-9903 PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. Medium Mar 21, 2019
CVE-2019-9898 Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. HIGH Mar 22, 2019
CVE-2019-9897 Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. MEDIUM Mar 22, 2019
CVE-2019-9896 In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. MEDIUM Mar 22, 2019
CVE-2019-9895 In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. HIGH Mar 22, 2019
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version.
Live chat
Online