Search Results (83412 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-7742 1 Joomla 1 Joomla\! 2024-11-21 N/A
An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector.
CVE-2019-7741 1 Joomla 1 Joomla\! 2024-11-21 N/A
An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS.
CVE-2019-7740 1 Joomla 1 Joomla\! 2024-11-21 N/A
An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector.
CVE-2019-7731 1 Mywebsql 1 Mywebsql 2024-11-21 N/A
MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file.
CVE-2019-7729 1 Bosch 1 Smart Camera 2024-11-21 N/A
An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to setting of insecure permissions, a malicious app could potentially succeed in retrieving video clips or still images that have been cached for clip sharing. (The Bosch Smart Home App is not affected. iOS Apps are not affected.)
CVE-2019-7714 1 Ghs 1 Integrity Rtos 2024-11-21 N/A
An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. It allocates 60 bytes for the HTTP Authentication header. However, when copying this header to parse, it does not check the size of the header, leading to a stack-based buffer overflow.
CVE-2019-7713 1 Ghs 1 Integrity Rtos 2024-11-21 N/A
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. There is a heap-based buffer overflow in the function responsible for printing the shell prompt, when a custom modifier is used to display information such as a process ID, IP address, or current working directory. Modifier expansion triggers this overflow, causing memory corruption or a crash (and also leaks memory address information).
CVE-2019-7704 1 Webassembly 1 Binaryen 2024-11-21 6.5 Medium
wasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binaryen 1.38.22 triggers an attempt at excessive memory allocation, as demonstrated by wasm-merge and wasm-opt.
CVE-2019-7698 1 Axiosys 1 Bento4 2024-11-21 N/A
An issue was discovered in AP4_Array<AP4_CttsTableEntry>::EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls, a related issue to CVE-2018-20095.
CVE-2019-7693 1 Axiositalia 1 Registro Elettronico 2024-11-21 N/A
Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendor also supports "Sissi in Rete (con server)" for offline operation.
CVE-2019-7687 1 Jio 2 Jmr1140, Jmr1140 Firmware 2024-11-21 N/A
cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data.
CVE-2019-7677 1 Enphase 1 Envoy 2024-11-21 N/A
XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888.
CVE-2019-7672 1 Primasystems 1 Flexair 2024-11-21 8.8 High
Prima Systems FlexAir, Versions 2.3.38 and prior. The flash version of the web interface contains a hard-coded username and password, which may allow an authenticated attacker to escalate privileges.
CVE-2019-7671 1 Primasystems 1 Flexair 2024-11-21 9.0 Critical
Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being returned to the user, which may allow an attacker to execute arbitrary code in a user’s browser session in context of an affected site.
CVE-2019-7670 1 Primasystems 1 Flexair 2024-11-21 7.2 High
Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow attackers to execute commands directly on the operating system.
CVE-2019-7664 2 Elfutils Project, Redhat 9 Elfutils, Ansible Tower, Enterprise Linux and 6 more 2024-11-21 5.5 Medium
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).
CVE-2019-7661 1 Phpmywind 1 Phpmywind 2024-11-21 N/A
An issue was discovered in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS) vulnerability.
CVE-2019-7660 1 Phpmywind 1 Phpmywind 2024-11-21 N/A
An issue was discovered in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scripting (XSS) vulnerability, as demonstrated by admin/login.php.
CVE-2019-7659 2 Debian, Genivia 2 Debian Linux, Gsoap 2024-11-21 N/A
Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are built with that flag.
CVE-2019-7656 1 Wowza 1 Streaming Engine 2024-11-21 7.8 High
A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/* core program files. By injecting a payload into one of those files, it will run with the same privileges as the Wowza server, root. For example, /usr/local/WowzaStreamingEngine/bin/tune.sh could be replaced with a Trojan horse. This issue was resolved in Wowza Streaming Engine 4.8.5.