CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1001 CVE-2019-5527 416 2019-10-10 2021-07-20
7.2
None Local Low Not required Complete Complete Complete
ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.
1002 CVE-2019-5508 DoS 2019-10-25 2021-12-21
5.0
None Remote Low Not required None None Partial
Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS).
1003 CVE-2019-5507 2019-10-09 2020-08-24
2.1
None Local Low Not required Partial None None
SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information.
1004 CVE-2019-5506 295 2019-10-09 2019-10-18
4.3
None Remote Medium Not required None Partial None
Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks.
1005 CVE-2019-5151 89 DoS Exec Code Sql File Inclusion 2019-10-31 2019-11-04
7.5
None Remote Low Not required Partial Partial Partial
An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability.
1006 CVE-2019-5150 89 DoS Exec Code Sql File Inclusion 2019-10-31 2019-11-06
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the "VideoTags" plugin is enabled, a specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability.
1007 CVE-2019-5129 78 2019-10-25 2019-10-30
7.5
None Remote Low Not required Partial Partial Partial
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getSpiritsFromVideo.php is vulnerable to a command injection attack.
1008 CVE-2019-5128 78 2019-10-25 2019-10-30
7.5
None Remote Low Not required Partial Partial Partial
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack.
1009 CVE-2019-5127 78 2019-10-25 2019-10-30
7.5
None Remote Low Not required Partial Partial Partial
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack.
1010 CVE-2019-5123 89 Sql 2019-10-25 2019-10-30
6.5
None Remote Low ??? Partial Partial Partial
Specially crafted web requests can cause SQL injections in YouPHPTube 7.6. An attacker can send a web request with Parameter dir in /objects/pluginSwitch.json.php.
1011 CVE-2019-5122 89 Sql 2019-10-25 2019-10-30
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter name in /objects/pluginSwitch.json.php.
1012 CVE-2019-5121 89 Sql 2019-10-25 2019-10-30
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter uuid in /objects/pluginSwitch.json.php
1013 CVE-2019-5120 89 Sql 2019-10-25 2019-10-30
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system.
1014 CVE-2019-5119 89 Sql 2019-10-25 2019-10-30
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exist in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system.
1015 CVE-2019-5117 89 Sql 2019-10-25 2019-10-30
6.5
None Remote Low ??? Partial Partial Partial
Exploitable SQL injection vulnerabilities exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system.
1016 CVE-2019-5116 89 Sql 2019-10-25 2019-10-30
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause a SQL injection. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system.
1017 CVE-2019-5114 89 Sql 2019-10-25 2019-10-30
6.5
None Remote Low ??? Partial Partial Partial
An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and,in certain configuration, access the underlying operating system.
1018 CVE-2019-5095 862 +Info 2019-10-31 2019-11-04
4.0
None Remote Low ??? Partial None None
An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin.
1019 CVE-2019-5053 704 2019-10-09 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable use-after-free vulnerability exists in the Length parsing function of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a use-after-free condition. An attacker can craft a malicious PDF to trigger this vulnerability.
1020 CVE-2019-5050 787 Exec Code Mem. Corr. 2019-10-09 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.
1021 CVE-2019-5049 787 Mem. Corr. 2019-10-31 2019-11-07
7.5
None Remote Low Not required Partial Partial Partial
An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.
1022 CVE-2019-5048 787 Exec Code Mem. Corr. 2019-10-09 2019-10-17
6.8
None Remote Medium Not required Partial Partial Partial
A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.
1023 CVE-2019-5047 416 2019-10-09 2019-10-11
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable Use After Free vulnerability exists in the CharProcs parsing functionality of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a Use After Free. An attacker can craft a malicious PDF to trigger this vulnerability.
1024 CVE-2019-5046 787 Exec Code Mem. Corr. 2019-10-09 2019-10-11
6.8
None Remote Medium Not required Partial Partial Partial
A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.
1025 CVE-2019-5045 787 Exec Code Mem. Corr. 2019-10-09 2019-10-17
6.8
None Remote Medium Not required Partial Partial Partial
A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.
1026 CVE-2019-5043 770 DoS 2019-10-31 2020-08-24
7.8
None Remote Low Not required None None Complete
An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this vulnerability.
1027 CVE-2019-5031 755 Exec Code Mem. Corr. 2019-10-02 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn't handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
1028 CVE-2019-5030 787 Exec Code Overflow 2019-10-31 2019-11-06
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220). While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the bounds corresponding to the number of style levels, causing a vtable pointer to be overwritten, which leads to code execution.
1029 CVE-2019-5023 772 2019-10-31 2021-05-26
4.3
None Remote Medium Not required None None Partial
An exploitable vulnerability exists in the grsecurity PaX patch for the function read_kmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version grsecurity-3.1-4.9.8-201702060653 to grsecurity-3.1-4.9.24-201704252333, grsecurity unofficial from version v4.9.25-unofficialgrsec to v4.9.74-unofficialgrsec. PaX adds a temp buffer to the read_kmem function, which is never freed when an invalid address is supplied. This results in a memory leakage that can lead to a crash of the system. An attacker needs to induce a read to /dev/kmem using an invalid address to exploit this vulnerability.
1030 CVE-2019-5013 88 Exec Code 2019-10-24 2021-09-08
7.2
None Local Low Not required Complete Complete Complete
An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the start/stopLaunchDProcess command. The command takes a user-supplied string argument and executes launchctl under root context. A user with local access can use this vulnerability to raise load arbitrary launchD agents. An attacker would need local access to the machine for a successful exploit.
1031 CVE-2019-5012 88 Exec Code 2019-10-24 2021-09-08
7.2
None Local Low Not required Complete Complete Complete
An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit.
1032 CVE-2019-5010 476 DoS 2019-10-31 2020-08-22
5.0
None Remote Low Not required None None Partial
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.
1033 CVE-2019-4600 2019-10-29 2020-08-24
5.0
None Remote Low Not required Partial None None
IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 167883.
1034 CVE-2019-4572 532 2019-10-14 2019-10-16
2.1
None Local Low Not required Partial None None
IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations, could log the web service user credentials into a log file that could be accessed by an administrator on the local machine. IBM X-Force ID: 166798.
1035 CVE-2019-4564 79 XSS 2019-10-04 2019-10-09
4.3
None Remote Medium Not required None Partial None
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
1036 CVE-2019-4558 74 2019-10-09 2019-10-11
7.2
None Local Low Not required Complete Complete Complete
A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files.
1037 CVE-2019-4549 922 2019-10-02 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951.
1038 CVE-2019-4546 269 2019-10-29 2019-10-30
6.5
None Remote Low ??? Partial Partial Partial
After installing the IBM Maximo Health- Safety and Environment Manager 7.6.1, a user is granted additional privileges that they are not normally allowed to access. IBM X-Force ID: 165948.
1039 CVE-2019-4542 79 XSS 2019-10-02 2019-10-09
4.3
None Remote Medium Not required None Partial None
IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 165815.
1040 CVE-2019-4539 91 2019-10-02 2019-10-09
5.5
None Remote Low ??? None Partial Partial
IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812.
1041 CVE-2019-4538 601 +Info 2019-10-02 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 165660.
1042 CVE-2019-4523 120 Exec Code Overflow 2019-10-22 2019-10-24
7.2
None Local Low Not required Complete Complete Complete
IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 165481.
1043 CVE-2019-4520 307 2019-10-02 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178.
1044 CVE-2019-4514 200 +Info 2019-10-04 2020-08-24
5.0
None Remote Low Not required Partial None None
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136.
1045 CVE-2019-4512 209 2019-10-09 2019-10-09
4.0
None Remote Low ??? Partial None None
IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.
1046 CVE-2019-4497 79 XSS 2019-10-01 2019-10-09
3.5
None Remote Medium ??? None Partial None
IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164118.
1047 CVE-2019-4495 79 XSS 2019-10-01 2019-10-09
3.5
None Remote Medium ??? None Partial None
IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164116.
1048 CVE-2019-4494 79 XSS 2019-10-01 2019-10-09
3.5
None Remote Medium ??? None Partial None
IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164115.
1049 CVE-2019-4486 79 XSS 2019-10-24 2019-10-28
3.5
None Remote Medium ??? None Partial None
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.
1050 CVE-2019-4461 74 XSS Http R.Spl. +Info 2019-10-25 2020-08-24
3.5
None Remote Medium ??? None Partial None
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682.
Total number of vulnerabilities : 1567   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 (This Page)22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.