Search Results (83493 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-9751 1 Otrs 1 Otrs 2024-11-21 N/A
An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm.
CVE-2019-9743 1 Phoenixcontact 4 Rad-80211-xd, Rad-80211-xd\/hp-bus, Rad-80211-xd\/hp-bus Firmware and 1 more 2024-11-21 N/A
An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component.
CVE-2019-9738 1 Golangtc 1 Gopher 2024-11-21 N/A
jimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.
CVE-2019-9737 1 Ipandao 1 Editor.md 2024-11-21 6.1 Medium
Editor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.
CVE-2019-9736 1 1024tools 1 1024tools 2024-11-21 N/A
DOM-based XSS exists in 1024Tools Markdown 1.0 via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.
CVE-2019-9735 3 Debian, Openstack, Redhat 3 Debian Linux, Neutron, Openstack 2024-11-21 N/A
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affected.)
CVE-2019-9729 1 Shanda 1 Maplestory Online 2024-11-21 N/A
In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer underflow.
CVE-2019-9725 1 Korenix 5 Jetport 5601, Jetport 5601 Firmware, Jetport 5601f and 2 more 2024-11-21 N/A
The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting.
CVE-2019-9720 1 Libav 1 Libav 2024-11-21 6.5 Medium
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
CVE-2019-9719 1 Libav 1 Libav 2024-11-21 8.8 High
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence of a vulnerability is provided” and only “a generic warning from a static code analysis” is provided
CVE-2019-9714 1 Joomla 1 Joomla\! 2024-11-21 N/A
An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS.
CVE-2019-9712 1 Joomla 1 Joomla\! 2024-11-21 N/A
An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS.
CVE-2019-9711 1 Joomla 1 Joomla\! 2024-11-21 N/A
An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS.
CVE-2019-9709 1 Mahara 1 Mahara 2024-11-21 N/A
An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection's SmartEvidence overview page (if that feature is turned on). This can be exploited by any logged-in user.
CVE-2019-9705 3 Cron Project, Debian, Fedoraproject 3 Cron, Debian Linux, Fedora 2024-11-21 5.5 Medium
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted.
CVE-2019-9701 1 Symantec 1 Data Loss Prevention 2024-11-21 N/A
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
CVE-2019-9696 1 Symantec 1 Vip Enterprise Gateway 2024-11-21 N/A
Symantec VIP Enterprise Gateway (all versions) may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.
CVE-2019-9687 2 Fedoraproject, Podofo Project 2 Fedora, Podofo 2024-11-21 N/A
PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.
CVE-2019-9669 1 Wordfence 1 Wordfence 2024-11-21 N/A
The Wordfence plugin 7.2.3 for WordPress allows XSS via a unique attack vector. NOTE: It has been asserted that this is not a valid vulnerability in the context of the Wordfence WordPress plugin as the firewall rules are not maintained as part of the Wordfence software but rather it is a set of rules hosted on vendor servers and pushed to the plugin with no versioning associated. Bypassing a WAF rule doesn't make a WordPress site vulnerable (speaking in terms of software vulnerabilities)
CVE-2019-9661 1 Yzmcms 1 Yzmcms 2024-11-21 N/A
Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html "value" parameter,