CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2019-17299 94 2019-10-07 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by an Admin user.
302 CVE-2019-17298 89 Sql 2019-10-07 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user.
303 CVE-2019-17297 89 Sql 2019-10-07 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Quotes module by a Regular user.
304 CVE-2019-17296 89 Sql 2019-10-07 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user.
305 CVE-2019-17295 89 Sql 2019-10-07 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user.
306 CVE-2019-17294 89 Sql 2019-10-07 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function by a Regular user.
307 CVE-2019-17293 89 Sql 2019-10-07 2019-10-10
6.5
None Remote Low ??? Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user.
308 CVE-2019-17292 89 Sql 2019-10-07 2019-10-10
6.5
None Remote Low ??? Partial Partial Partial
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user.
309 CVE-2019-17271 89 Sql 2019-10-08 2019-10-09
4.0
None Remote Low ??? Partial None None
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.
310 CVE-2019-17269 78 Exec Code 2019-10-07 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Intellian Remote Access 3.18 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the Ping Test field.
311 CVE-2019-17267 502 2019-10-07 2021-02-22
7.5
None Remote Low Not required Partial Partial Partial
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
312 CVE-2019-17266 125 2019-10-06 2019-11-06
7.5
None Remote Low Not required Partial Partial Partial
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.
313 CVE-2019-17264 125 2019-10-06 2021-07-21
2.1
None Local Low Not required None None Partial
** DISPUTED ** In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue.
314 CVE-2019-17263 125 2019-10-06 2019-10-14
2.1
None Local Low Not required None None Partial
** DISPUTED ** In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported. NOTE: the vendor has disputed this as described in the GitHub issue.
315 CVE-2019-17262 787 2019-10-08 2019-10-10
4.6
None Local Low Not required Partial Partial Partial
XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0.
316 CVE-2019-17261 787 2019-10-08 2019-10-10
4.6
None Local Low Not required Partial Partial Partial
XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51.
317 CVE-2019-17260 125 2019-10-08 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
MPC-HC through 1.7.13 allows a Read Access Violation on a Block Data Move starting at mpc_hc!memcpy+0x000000000000004e.
318 CVE-2019-17259 787 2019-10-08 2019-10-10
4.6
None Local Low Not required Partial Partial Partial
KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_new+0x000000000014d6ee.
319 CVE-2019-17258 787 2019-10-08 2019-10-10
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x000000000000839c.
320 CVE-2019-17257 754 2019-10-08 2019-10-10
4.3
None Remote Medium Not required None None Partial
IrfanView 4.53 allows a Exception Handler Chain to be Corrupted starting at EXR!ReadEXR+0x000000000002af80.
321 CVE-2019-17256 787 2019-10-08 2019-10-10
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.53 allows a User Mode Write AV starting at DPX!ReadDPX_W+0x0000000000001203.
322 CVE-2019-17255 787 2019-10-08 2019-10-10
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.53 allows a User Mode Write AV starting at EXR!ReadEXR+0x0000000000010836.
323 CVE-2019-17254 787 2019-10-08 2019-10-10
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at FORMATS!Read_BadPNG+0x0000000000000101.
324 CVE-2019-17253 787 2019-10-08 2019-10-10
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.53 allows a User Mode Write AV starting at JPEG_LS+0x000000000000a6b8.
325 CVE-2019-17252 787 2019-10-08 2019-10-10
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!Read_BadPNG+0x0000000000000115.
326 CVE-2019-17251 787 2019-10-08 2019-10-10
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d43.
327 CVE-2019-17250 787 2019-10-08 2019-10-10
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000042f5.
328 CVE-2019-17249 787 2019-10-08 2019-10-10
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d57b.
329 CVE-2019-17248 787 2019-10-08 2019-10-10
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000025b6.
330 CVE-2019-17247 120 2019-10-08 2019-10-10
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x0000000000007da8.
331 CVE-2019-17246 787 2019-10-08 2019-10-10
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000258c.
332 CVE-2019-17245 787 2019-10-08 2019-10-10
4.6
None Local Low Not required Partial Partial Partial
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0000000000004359.
333 CVE-2019-17244 120 2019-10-08 2019-10-10
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEG_LS+0x0000000000001d8a.
334 CVE-2019-17243 120 2019-10-08 2019-10-10
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEG_LS+0x0000000000003155.
335 CVE-2019-17242 787 2019-10-08 2019-10-10
4.6
None Local Low Not required Partial Partial Partial
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000966f.
336 CVE-2019-17241 787 2019-10-08 2019-10-10
4.6
None Local Low Not required Partial Partial Partial
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d563.
337 CVE-2019-17240 307 Bypass 2019-10-06 2020-10-21
4.3
None Remote Medium Not required Partial None None
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
338 CVE-2019-17239 79 XSS 2019-10-07 2019-10-11
4.3
None Remote Medium Not required None Partial None
includes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin through 1.5.0 for WordPress has multiple unauthenticated stored XSS issues.
339 CVE-2019-17233 79 XSS 2019-10-07 2020-08-24
4.3
None Remote Medium Not required None Partial None
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection.
340 CVE-2019-17232 20 2019-10-07 2021-07-21
5.0
None Remote Low Not required None Partial None
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import.
341 CVE-2019-17226 79 XSS 2019-10-06 2019-10-08
3.5
None Remote Medium ??? None Partial None
CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field.
342 CVE-2019-17225 79 XSS 2019-10-06 2019-10-08
3.5
None Remote Medium ??? None Partial None
Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue.
343 CVE-2019-17224 22 Dir. Trav. 2019-10-28 2019-11-05
5.0
None Remote Low Not required Partial None None
The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html.
344 CVE-2019-17223 79 XSS 2019-10-15 2020-08-24
4.3
None Remote Medium Not required None Partial None
There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php.
345 CVE-2019-17220 79 XSS 2019-10-21 2019-10-23
4.3
None Remote Medium Not required None Partial None
Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line.
346 CVE-2019-17219 306 2019-10-06 2020-08-24
5.8
None Local Network Low Not required Partial Partial Partial
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able to use the network interface without proper access control.
347 CVE-2019-17218 311 2019-10-06 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to intercept and sniff communication to the web service.
348 CVE-2019-17217 352 CSRF 2019-10-06 2019-10-10
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no CSRF protection established on the web service.
349 CVE-2019-17216 916 2019-10-06 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort.
350 CVE-2019-17215 307 2019-10-06 2020-08-24
5.0
None Remote Low Not required None Partial None
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection (e.g., lockout) established. An attacker might be able to bruteforce the password to authenticate on the device.
Total number of vulnerabilities : 1567   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.