Search Results (83478 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-9016 1 Mopcms 1 Mopcms 2024-11-21 N/A
An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[name] parameter in a mod=column request, as demonstrated by the /mopcms/X0AZgf(index).php?mod=column&ac=list&menuid=28&ac=add&menuid=29 URI.
CVE-2019-9012 1 Codesys 10 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 7 more 2024-11-21 7.5 High
An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.
CVE-2019-9009 1 Codesys 14 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 11 more 2024-11-21 7.5 High
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
CVE-2019-9008 1 Codesys 10 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 7 more 2024-11-21 8.8 High
An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.
CVE-2019-8991 1 Tibco 5 Activematrix Bpm, Activematrix Policy Director, Activematrix Service Bus and 2 more 2024-11-21 8.8 High
The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains multiple vulnerabilities that may allow for cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1.
CVE-2019-8987 1 Tibco 2 Data Science For Aws, Spotfire Data Science 2024-11-21 5.4 Medium
The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0.
CVE-2019-8985 1 Netis-systems 4 Wf2411, Wf2411 Firmware, Wf2880 and 1 more 2024-11-21 N/A
On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET request with a long HTTP "Authorization: Basic" header that is mishandled by user_auth->user_ok in /bin/boa.
CVE-2019-8984 1 Altn 1 Mdaemon 2024-11-21 N/A
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2).
CVE-2019-8983 1 Altn 1 Mdaemon 2024-11-21 N/A
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2).
CVE-2019-8981 1 Axtls Project 1 Axtls 2024-11-21 N/A
tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overflow via a crafted sequence of TLS packets because the need_bytes value is mismanaged.
CVE-2019-8960 1 Flexera 1 Flexnet Publisher 2024-11-21 7.5 High
A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination.
CVE-2019-8956 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2024-11-21 7.8 High
In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.
CVE-2019-8955 1 Torproject 1 Tor 2024-11-21 N/A
In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler.
CVE-2019-8953 1 Netgate 1 Haproxy 2024-11-21 N/A
The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.
CVE-2019-8950 1 Dasannetworks 2 H665, H665 Firmware 2024-11-21 N/A
The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET.
CVE-2019-8948 1 Papercut 2 Papercut Mf, Papercut Ng 2024-11-21 N/A
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163.
CVE-2019-8947 1 Zimbra 1 Collaboration Server 2024-11-21 6.1 Medium
Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS.
CVE-2019-8946 1 Zimbra 1 Collaboration Server 2024-11-21 6.1 Medium
Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.
CVE-2019-8945 1 Zimbra 1 Collaboration Server 2024-11-21 6.1 Medium
Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.
CVE-2019-8939 1 Tautulli 1 Tautulli 2024-11-21 N/A
data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page.