CVE-2019-12323
The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS.
Source: CVE-2019-12323
[월:] 2019년 06월
CVE-2019-11648
CVE-2019-11648
An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive information.
Source: CVE-2019-11648
CVE-2019-11647
CVE-2019-11647
A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack.
Source: CVE-2019-11647
CVE-2019-12871
CVE-2019-12871
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.
Source: CVE-2019-12871
CVE-2019-12938
CVE-2019-12938
The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI.
Source: CVE-2019-12938
CVE-2019-12929
CVE-2019-12929
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server.
Source: CVE-2019-12929
CVE-2019-12928
CVE-2019-12928
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server.
Source: CVE-2019-12928
CVE-2019-12937
CVE-2019-12937
apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow allowing local privilege escalation to the root user via the DISPLAY environment variable.
Source: CVE-2019-12937
CVE-2019-12936
CVE-2019-12936
BlueStacks App Player 2, 3, and 4 before 4.90 allows DNS Rebinding for attacks on exposed IPC functions.
Source: CVE-2019-12936
CVE-2019-12935
CVE-2019-12935
Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI.
Source: CVE-2019-12935