NVD: all CVE

Subscribe to NVD: all CVE hírcsatorna
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Frissítve: 1 óra 50 perc
2019. augusztus 18.

CVE-2019-15137

The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings (instead of the permission expressions themselves), which can lead to unintended connections between participants in a Data Distribution Service (DDS) network.
2019. augusztus 17.

CVE-2019-15132

Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.
2019. augusztus 17.

CVE-2019-15133

In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.
2019. augusztus 17.

CVE-2019-15134

RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _receive in sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloop.c upon receiving an ACK before a SYN.
2019. augusztus 17.

CVE-2019-14937

REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data.
2019. augusztus 17.

CVE-2019-13069

extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service.
2019. augusztus 16.

CVE-2019-15113

The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF.
2019. augusztus 16.

CVE-2019-15114

The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.
2019. augusztus 16.

CVE-2019-15115

The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF.
2019. augusztus 16.

CVE-2019-15116

The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging.
2019. augusztus 16.

CVE-2017-18547

The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms.
2019. augusztus 16.

CVE-2018-20971

The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan.
2019. augusztus 16.

CVE-2018-20972

The companion-auto-update plugin before 3.2.1 for WordPress has CSRF.
2019. augusztus 16.

CVE-2018-20973

The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion.
2019. augusztus 16.

CVE-2018-20974

The js-jobs plugin before 1.0.7 for WordPress has CSRF.
2019. augusztus 16.

CVE-2014-10376

The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.
2019. augusztus 16.

CVE-2015-9322

The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF.
2019. augusztus 16.

CVE-2015-9323

The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
2019. augusztus 16.

CVE-2015-9324

The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.
2019. augusztus 16.

CVE-2017-18541

The xo-security plugin before 1.5.3 for WordPress has XSS.