NVD: all CVE

Subscribe to NVD: all CVE hírcsatorna
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Frissítve: 1 óra 59 perc
2019. augusztus 15.

CVE-2019-13578

A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php.
2019. augusztus 15.

CVE-2019-3417

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system.
2019. augusztus 15.

CVE-2019-3418

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts.
2019. augusztus 15.

CVE-2019-14800

The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI.
2019. augusztus 15.

CVE-2019-15081

OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages.
2019. augusztus 15.

CVE-2019-14755

The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows Unrestricted Upload of a File with a Dangerous Type.
2019. augusztus 15.

CVE-2019-14790

The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter,
2019. augusztus 15.

CVE-2019-14795

The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter.
2019. augusztus 15.

CVE-2019-15062

An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application's own settings pages, this mechanism is bypassed.)
2019. augusztus 15.

CVE-2019-14427

XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code.
2019. augusztus 14.

CVE-2019-1228

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1227.
2019. augusztus 14.

CVE-2019-1229

An elevation of privilege vulnerability exists in Dynamics On-Premise v9, aka 'Dynamics On-Premise Elevation of Privilege Vulnerability'.
2019. augusztus 14.

CVE-2019-1258

An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches tokens, aka 'Azure Active Directory Authentication Library Elevation of Privilege Vulnerability'.
2019. augusztus 14.

CVE-2019-9584

eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages.
2019. augusztus 14.

CVE-2019-9585

eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion of Metadata.
2019. augusztus 14.

CVE-2019-1202

An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.
2019. augusztus 14.

CVE-2019-1203

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
2019. augusztus 14.

CVE-2019-1204

An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages, aka 'Microsoft Outlook Elevation of Privilege Vulnerability'.
2019. augusztus 14.

CVE-2019-1205

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1201.
2019. augusztus 14.

CVE-2019-1206

A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1212.