CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2019-9215 20 2019-02-28 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.
52 CVE-2019-9214 476 2019-02-28 2019-05-16
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation.
53 CVE-2019-9212 184 Exec Code 2019-02-27 2020-02-10
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t consider this issue a vulnerability because the blacklist is being misused. SOFA Hessian supports custom blacklist and a disclaimer was posted encouraging users to update the blacklist or to use the whitelist feature for their specific needs since the blacklist is not being actively updated.
54 CVE-2019-9211 617 DoS 2019-02-27 2020-08-24
4.3
None Remote Medium Not required None None Partial
There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service.
55 CVE-2019-9210 125 Overflow 2019-02-27 2021-12-30
6.8
None Remote Medium Not required Partial Partial Partial
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)
56 CVE-2019-9209 119 Overflow 2019-02-28 2021-07-21
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.
57 CVE-2019-9208 476 2019-02-28 2019-05-16
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences.
58 CVE-2019-9201 306 +Info 2019-02-26 2020-08-24
9.0
None Remote Low Not required Partial Partial Complete
Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/XC, ILC 171 ETH 2TX, ILC 191 ETH 2TX, ILC 191 ME/AN, and AXC 1050 devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.
59 CVE-2019-9200 787 DoS 2019-02-26 2020-07-23
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
60 CVE-2019-9199 476 DoS 2019-02-26 2019-04-03
6.8
None Remote Medium Not required Partial Partial Partial
PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
61 CVE-2019-9195 22 Exec Code Dir. Trav. 2019-02-26 2020-01-28
7.5
None Remote Low Not required Partial Partial Partial
util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. An attacker can execute arbitrary code via directory traversal in a ZIP archive.
62 CVE-2019-9194 78 2019-02-26 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
63 CVE-2019-9192 674 2019-02-26 2020-08-24
5.0
None Remote Low Not required None None Partial
** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.
64 CVE-2019-9191 310 2019-02-26 2019-03-04
4.3
None Remote Medium Not required Partial None None
The ETSI Enterprise Transport Security (ETS, formerly known as eTLS) protocol does not provide per-session forward secrecy.
65 CVE-2019-9184 89 Exec Code Sql 2019-02-26 2019-04-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter.
66 CVE-2019-9182 352 CSRF 2019-02-26 2019-02-26
6.8
None Remote Medium Not required Partial Partial Partial
There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the filetext parameter.
67 CVE-2019-9181 434 Exec Code 2019-02-26 2019-02-26
6.5
None Remote Low ??? Partial Partial Partial
SchoolCMS version 2.3.1 allows file upload via the logo upload feature at admin.php?m=admin&c=site&a=save by using the .jpg extension, changing the Content-Type to image/php, and placing PHP code after the JPEG data. This ultimately allows execution of arbitrary PHP code.
68 CVE-2019-9169 125 2019-02-26 2020-07-09
7.5
None Remote Low Not required Partial Partial Partial
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
69 CVE-2019-9168 79 XSS 2019-02-26 2019-02-26
4.3
None Remote Medium Not required None Partial None
WooCommerce before 3.5.5 allows XSS via a Photoswipe caption.
70 CVE-2019-9162 129 2019-02-25 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper.
71 CVE-2019-9152 125 2019-02-25 2019-02-26
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5MM_xstrdup in H5MM.c when called from H5O_dtype_decode_helper in H5Odtype.c.
72 CVE-2019-9151 125 2019-02-25 2019-02-26
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VM_memcpyvv in H5VM.c when called from H5D__compact_readvv in H5Dcompact.c.
73 CVE-2019-9146 2019-02-25 2020-08-24
7.9
None Local Network Medium Not required Complete Complete Complete
Jamf Self Service 10.9.0 allows man-in-the-middle attackers to obtain a root shell by leveraging the "publish Bash shell scripts" feature to insert "/Applications/Utilities/Terminal app/Contents/MacOS/Terminal" into the TCP data stream.
74 CVE-2019-9145 79 XSS 2019-02-25 2019-02-26
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Hsycms V1.1. There is an XSS vulnerability via the name field to the /book page.
75 CVE-2019-9144 674 DoS 2019-02-25 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
76 CVE-2019-9143 674 DoS 2019-02-25 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
77 CVE-2019-9142 79 XSS 2019-02-25 2019-02-25
4.3
None Remote Medium Not required None Partial None
An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java.
78 CVE-2019-9126 200 +Info 2019-02-25 2020-08-24
5.0
None Remote Low Not required Partial None None
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is an information disclosure vulnerability via requests for the router_info.xml document. This will reveal the PIN code, MAC address, routing table, firmware version, update time, QOS information, LAN information, and WLAN information of the device.
79 CVE-2019-9125 787 Overflow 2019-02-25 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a stack-based buffer overflow vulnerability that does not require authentication via the HNAP_AUTH HTTP header.
80 CVE-2019-9124 287 2019-02-25 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on D-Link DIR-878 1.12B01 devices. At the /HNAP1 URI, an attacker can log in with a blank password.
81 CVE-2019-9123 521 2019-02-25 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password.
82 CVE-2019-9122 Exec Code 2019-02-25 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the ntp_server parameter in an ntp_sync.cgi POST request.
83 CVE-2019-9116 426 2019-02-25 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll file may be loaded if a victim uses sublime_text.exe to open a .txt file within an attacker's %LOCALAPPDATA%\Temp\sublime_text folder. NOTE: the vendor's position is "This does not appear to be a bug with Sublime Text, but rather one with Windows that has been patched."
84 CVE-2019-9115 20 Exec Code 2019-02-25 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage.
85 CVE-2019-9114 787 2019-02-25 2019-02-25
6.8
None Remote Medium Not required Partial Partial Partial
Ming (aka libming) 0.4.8 has an out of bounds write vulnerability in the function strcpyext() in the decompile.c file in libutil.a.
86 CVE-2019-9113 476 2019-02-25 2019-02-25
6.8
None Remote Medium Not required Partial Partial Partial
Ming (aka libming) 0.4.8 has a NULL pointer dereference in the function getString() in the decompile.c file in libutil.a.
87 CVE-2019-9112 190 Overflow 2019-02-25 2019-02-26
7.1
None Remote Medium Not required None None Complete
The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the count argument in _sde_debugfs_conn_cmd_tx_write in drivers/gpu/drm/msm/sde/sde_connector.c. This is exploitable for a device crash via a syscall by a crafted application on a rooted device.
88 CVE-2019-9111 190 Overflow 2019-02-25 2019-02-26
7.1
None Remote Medium Not required None None Complete
The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the count argument in sde_evtlog_filter_write in drivers/gpu/drm/msm/sde_dbg.c. This is exploitable for a device crash via a syscall by a crafted application on a rooted device.
89 CVE-2019-9110 79 XSS 2019-02-25 2019-02-25
4.3
None Remote Medium Not required None Partial None
XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php.
90 CVE-2019-9109 79 XSS 2019-02-25 2019-02-25
4.3
None Remote Medium Not required None Partial None
XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php.
91 CVE-2019-9108 79 XSS 2019-02-25 2019-02-25
4.3
None Remote Medium Not required None Partial None
XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php.
92 CVE-2019-9107 79 XSS 2019-02-25 2019-02-25
4.3
None Remote Medium Not required None Partial None
XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php.
93 CVE-2019-9082 20 Exec Code 2019-02-24 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
94 CVE-2019-9081 502 Exec Code 2019-02-24 2019-02-26
7.5
None Remote Low Not required Partial Partial Partial
The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the PendingCommand class in PendingCommand.php.
95 CVE-2019-9078 79 XSS 2019-02-24 2019-02-25
3.5
None Remote Medium ??? None Partial None
zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT.
96 CVE-2019-9077 787 Overflow 2019-02-24 2021-12-10
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.
97 CVE-2019-9076 770 2019-02-24 2021-12-10
4.3
None Remote Medium Not required None None Partial
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c.
98 CVE-2019-9075 787 Overflow 2019-02-24 2021-12-10
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.
99 CVE-2019-9074 125 2019-02-24 2021-12-10
4.3
None Remote Medium Not required None None Partial
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.
100 CVE-2019-9073 770 2019-02-24 2021-12-10
4.3
None Remote Medium Not required None None Partial
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.
Total number of vulnerabilities : 839   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.