CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
551 CVE-2019-0111 732 2019-02-18 2020-08-24
2.1
None Local Low Not required Partial None None
Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.
552 CVE-2019-0110 2019-02-18 2020-08-24
2.1
None Local Low Not required Partial None None
Insufficient key management for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.
553 CVE-2019-0109 2019-02-18 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
Improper folder permissions in Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
554 CVE-2019-0108 732 2019-02-18 2020-08-24
2.1
None Local Low Not required Partial None None
Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable disclosure of information via local access.
555 CVE-2019-0107 2019-02-18 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
Insufficient user prompt in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access.
556 CVE-2019-0106 20 2019-02-18 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Insufficient run protection in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access.
557 CVE-2019-0105 863 2019-02-18 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
Insufficient file permissions checking in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow authenticated user to potentially enable escalation of privilege via local access.
558 CVE-2019-0104 2019-02-18 2020-08-24
2.1
None Local Low Not required Partial None None
Insufficient file protection in uninstall routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.
559 CVE-2019-0103 2019-02-18 2020-08-24
2.1
None Local Low Not required Partial None None
Insufficient file protection in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.
560 CVE-2019-0102 384 2019-02-18 2020-07-28
5.8
None Local Network Low Not required Partial Partial Partial
Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
561 CVE-2019-0101 Bypass 2019-02-18 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Authentication bypass in the Intel Unite(R) solution versions 3.2 through 3.3 may allow an unauthenticated user to potentially enable escalation of privilege to the Intel Unite(R) Solution administrative portal via network access.
562 CVE-2018-1000998 79 XSS 2019-02-04 2019-02-07
4.3
None Remote Medium Not required None Partial None
FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x.
563 CVE-2018-20797 119 Overflow 2019-02-27 2019-02-27
4.3
None Remote Medium Not required None None Partial
An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp.
564 CVE-2018-20796 674 2019-02-26 2019-11-05
5.0
None Remote Low Not required None None Partial
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.
565 CVE-2018-20795 22 Dir. Trav. 2019-02-25 2019-02-25
5.0
None Remote Low Not required Partial None None
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php.
566 CVE-2018-20794 22 Dir. Trav. 2019-02-25 2019-02-25
5.0
None Remote Low Not required None Partial None
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php.
567 CVE-2018-20793 22 Dir. Trav. Bypass 2019-02-25 2019-02-25
5.0
None Remote Low Not required None Partial None
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php.
568 CVE-2018-20792 22 Dir. Trav. 2019-02-25 2019-02-25
5.0
None Remote Low Not required Partial None None
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php.
569 CVE-2018-20791 79 XSS 2019-02-25 2019-02-25
4.3
None Remote Medium Not required None Partial None
tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action.
570 CVE-2018-20790 22 Dir. Trav. Bypass 2019-02-25 2019-02-25
6.4
None Remote Low Not required None Partial Partial
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php.
571 CVE-2018-20789 22 Dir. Trav. Bypass 2019-02-25 2019-02-25
6.4
None Remote Low Not required None Partial Partial
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php.
572 CVE-2018-20788 190 DoS Overflow 2019-02-25 2019-02-26
4.3
None Remote Medium Not required None None Partial
drivers/leds/leds-aw2023.c in the led driver for custom Linux kernels on the Xiaomi Redmi 6pro daisy-o-oss phone has several integer overflows because of a left-shifting operation when the right-hand operand can be equal to or greater than the integer length. This can be exploited by a crafted application for denial of service.
573 CVE-2018-20787 190 Overflow 2019-02-25 2019-02-26
7.1
None Remote Medium Not required None None Complete
The ft5x46 touchscreen driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the size argument in tpdbg_write in drivers/input/touchscreen/ft5x46/ft5x46_ts.c. This is exploitable for a device crash via a syscall by a crafted application on a rooted device.
574 CVE-2018-20786 476 DoS 2019-02-24 2020-03-30
5.0
None Remote Low Not required None None Partial
libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c.
575 CVE-2018-20785 Exec Code Bypass 2019-02-23 2019-10-03
4.4
None Local Medium Not required Partial Partial Partial
Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, this does not completely reset the chip: memory contents are still in place. Also, it restarts into a boot menu that enables XMODEM upload and execution of an unsigned QNX IFS system image, thereby completing the bypass of secure boot. Moreover, the attacker can craft custom IFS data and write it to unused memory to extract all memory contents that had previously been present. This includes the original firmware and sensitive information such as Wi-Fi credentials.
576 CVE-2018-20784 835 DoS 2019-02-22 2021-06-02
7.5
None Remote Low Not required Partial Partial Partial
In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.
577 CVE-2018-20783 125 2019-02-21 2019-05-22
5.0
None Remote Low Not required Partial None None
In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.
578 CVE-2018-20782 20 2019-02-17 2019-05-13
5.0
None Remote Low Not required None Partial None
The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages.
579 CVE-2018-20781 522 2019-02-12 2021-03-16
2.1
None Local Low Not required Partial None None
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
580 CVE-2018-20780 352 CSRF 2019-02-11 2019-02-11
6.8
None Remote Medium Not required Partial Partial Partial
Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1).
581 CVE-2018-20779 89 Sql 2019-02-11 2019-02-11
7.5
None Remote Low Not required Partial Partial Partial
Traq 3.7.1 allows SQL Injection via a tickets?search= URI.
582 CVE-2018-20778 79 XSS 2019-02-11 2019-02-11
4.3
None Remote Medium Not required None Partial None
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element.
583 CVE-2018-20777 79 XSS 2019-02-11 2019-02-11
3.5
None Remote Medium ??? None Partial None
Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field.
584 CVE-2018-20776 200 +Info 2019-02-11 2019-02-11
5.0
None Remote Low Not required Partial None None
Frog CMS 0.9.5 provides a directory listing for a /public request.
585 CVE-2018-20775 94 Exec Code 2019-02-11 2019-02-11
6.5
None Remote Low ??? Partial Partial Partial
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI.
586 CVE-2018-20774 79 XSS 2019-02-11 2019-02-11
3.5
None Remote Medium ??? None Partial None
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field.
587 CVE-2018-20773 94 Exec Code 2019-02-11 2019-02-11
6.5
None Remote Low ??? Partial Partial Partial
Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines.
588 CVE-2018-20772 94 Exec Code 2019-02-11 2019-02-11
6.5
None Remote Low ??? Partial Partial Partial
Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI.
589 CVE-2018-20771 20 Exec Code 2019-02-10 2019-02-13
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution.
590 CVE-2018-20770 89 Sql 2019-02-10 2019-02-13
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection.
591 CVE-2018-20769 22 Dir. Trav. File Inclusion 2019-02-10 2020-08-24
5.0
None Remote Low Not required Partial None None
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is a Local File Inclusion vulnerability.
592 CVE-2018-20768 94 Exec Code 2019-02-10 2019-02-13
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file.
593 CVE-2018-20767 20 Exec Code 2019-02-10 2019-02-13
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is authenticated remote command execution.
594 CVE-2018-20764 Overflow 2019-02-08 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through BoKS version 6.7.1. Since tcpcrypt is setuid, exploitation leads to privilege escalation.
595 CVE-2018-20763 787 2019-02-06 2019-04-15
6.8
None Remote Medium Not required Partial Partial Partial
In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking.
596 CVE-2018-20762 119 Overflow 2019-02-06 2019-04-15
6.8
None Remote Medium Not required Partial Partial Partial
GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames.
597 CVE-2018-20761 119 Overflow 2019-02-06 2019-04-15
6.8
None Remote Medium Not required Partial Partial Partial
GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a.
598 CVE-2018-20760 787 2019-02-06 2019-04-15
6.8
None Remote Medium Not required Partial Partial Partial
In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled.
599 CVE-2018-20758 79 XSS 2019-02-06 2019-10-23
3.5
None Remote Medium ??? None Partial None
MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.
600 CVE-2018-20757 79 XSS 2019-02-06 2019-02-06
4.3
None Remote Medium Not required None Partial None
MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.
Total number of vulnerabilities : 839   Page : 1 2 3 4 5 6 7 8 9 10 11 12 (This Page)13 14 15 16 17
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.