CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-5154 798 2019-02-09 2019-02-13
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account.
2 CVE-2009-5155 19 DoS 2019-02-26 2021-06-29
5.0
None Remote Low Not required None None Partial
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.
3 CVE-2013-2516 77 2019-02-15 2019-02-19
9.3
None Remote Medium Not required Complete Complete Complete
Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell.
4 CVE-2013-2565 22 Dir. Trav. 2019-02-15 2019-04-15
5.0
None Remote Low Not required Partial None None
A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.
5 CVE-2013-5654 284 2019-02-15 2019-02-21
9.4
None Remote Low Not required Complete Complete None
Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage
6 CVE-2013-7469 326 2019-02-21 2019-02-21
5.0
None Remote Low Not required Partial None None
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
7 CVE-2014-10078 79 XSS 2019-02-23 2019-03-18
4.3
None Remote Medium Not required None Partial None
Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php.
8 CVE-2014-10079 200 +Info 2019-02-23 2019-03-18
5.0
None Remote Low Not required Partial None None
In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.
9 CVE-2015-4615 89 Sql 2019-02-15 2019-02-19
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables
10 CVE-2015-4617 22 Dir. Trav. 2019-02-15 2019-02-19
5.0
None Remote Low Not required None Partial None
Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory.
11 CVE-2015-9282 79 XSS 2019-02-06 2019-06-11
4.3
None Remote Medium Not required None Partial None
The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data. When a chart is included in a Grafana dashboard, this vulnerability could allow an attacker to gain remote unauthenticated access to the dashboard.
12 CVE-2016-10741 362 DoS 2019-02-01 2019-04-18
4.7
None Local Medium Not required None None Complete
In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.
13 CVE-2016-10742 601 2019-02-17 2020-11-21
5.8
None Remote Medium Not required Partial Partial None
Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.
14 CVE-2016-1000271 89 Sql 2019-02-04 2019-02-22
7.5
None Remote Low Not required Partial Partial Partial
Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appears to be exploitable if the attacker can reach the web server.
15 CVE-2016-1000282 77 2019-02-05 2019-02-06
7.5
None Remote Low Not required Partial Partial Partial
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.
16 CVE-2017-0938 20 DoS 2019-02-12 2020-02-13
5.0
None Remote Low Not required None None Partial
Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.
17 CVE-2017-1177 200 +Info 2019-02-05 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123429.
18 CVE-2017-1198 532 2019-02-05 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123673.
19 CVE-2017-1200 295 2019-02-05 2019-10-09
4.3
None Remote Medium Not required Partial None None
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 123675.
20 CVE-2017-1202 74 Exec Code 2019-02-05 2019-10-09
3.5
None Remote Medium ??? None Partial None
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 123677.
21 CVE-2017-1695 326 2019-02-15 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177.
22 CVE-2017-18361 835 DoS 2019-02-01 2019-10-03
5.0
None Remote Low Not required None None Partial
In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis.
23 CVE-2017-18362 89 Exec Code Sql 2019-02-05 2019-02-22
7.5
None Remote Low Not required Partial Partial Partial
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication.
24 CVE-2018-0696 640 2019-02-13 2019-02-22
3.5
None Remote Medium ??? Partial None None
OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors.
25 CVE-2018-0722 22 Dir. Trav. 2019-02-01 2019-02-12
5.0
None Remote Low Not required Partial None None
Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device.
26 CVE-2018-1296 200 +Info 2019-02-07 2019-02-21
5.0
None Remote Low Not required Partial None None
In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent.
27 CVE-2018-1340 311 2019-02-07 2019-10-03
5.0
None Remote Low Not required Partial None None
Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain.
28 CVE-2018-1352 134 Exec Code 2019-02-08 2019-02-08
7.5
None Remote Low Not required Partial Partial Partial
A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.
29 CVE-2018-1666 2019-02-07 2020-08-24
4.0
None Remote Low ??? None Partial None
IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. IBM X-Force ID: 144892.
30 CVE-2018-1675 200 +Info 2019-02-04 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID: 145110.
31 CVE-2018-1701 Exec Code 2019-02-15 2019-10-09
6.0
None Remote Medium ??? Partial Partial Partial
IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970.
32 CVE-2018-1727 611 2019-02-15 2019-10-09
6.4
None Remote Low Not required Partial None Partial
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630.
33 CVE-2018-1775 200 +Info 2019-02-27 2019-10-09
4.0
None Remote Low ??? Partial None None
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757.
34 CVE-2018-1801 611 2019-02-04 2019-10-09
5.0
None Remote Low Not required None None Partial
IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639.
35 CVE-2018-1895 79 XSS 2019-02-15 2019-10-09
3.5
None Remote Medium ??? None Partial None
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152159.
36 CVE-2018-1944 798 2019-02-21 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153386.
37 CVE-2018-1945 20 2019-02-21 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 153387.
38 CVE-2018-1946 326 2019-02-21 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 153388.
39 CVE-2018-1947 79 XSS 2019-02-21 2019-10-09
4.3
None Remote Medium Not required None Partial None
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153427.
40 CVE-2018-1948 384 2019-02-21 2019-10-09
4.3
None Remote Medium Not required Partial None None
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 153428.
41 CVE-2018-1949 200 +Info 2019-02-21 2019-10-09
4.0
None Remote Low ??? Partial None None
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153429.
42 CVE-2018-1950 200 +Info 2019-02-21 2019-10-09
4.0
None Remote Low ??? Partial None None
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance generates an error message that includes sensitive information about its environment, users, or associated data which could be used in further attacks against the system. IBM X-Force ID: 153430.
43 CVE-2018-1962 384 2019-02-04 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658.
44 CVE-2018-1970 611 2019-02-04 2019-10-09
5.5
None Remote Low ??? Partial None Partial
IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751.
45 CVE-2018-1996 327 +Info 2019-02-19 2020-08-24
3.5
None Remote Medium ??? Partial None None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650.
46 CVE-2018-2006 22 Dir. Trav. 2019-02-21 2019-10-09
4.0
None Remote Low ??? None Partial None
IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to upload arbitrary files to the system. IBM X-Force ID: 155008.
47 CVE-2018-3700 94 2019-02-18 2019-02-20
4.6
None Local Low Not required Partial Partial Partial
Code injection vulnerability in the installer for Intel(R) USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 before version 5.0.4.43v2 may allow a user to potentially enable escalation of privilege via local access.
48 CVE-2018-3973 787 Exec Code 2019-02-06 2019-02-08
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.
49 CVE-2018-3976 787 Exec Code 2019-02-06 2020-06-22
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a CAL image to trigger this vulnerability and gain code execution.
50 CVE-2018-3980 787 Exec Code 2019-02-06 2020-06-22
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.
Total number of vulnerabilities : 839   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.