Search Results (83408 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-7632 1 Lifesize 8 Networker 220, Networker 220 Firmware, Passport 220 and 5 more 2024-11-21 N/A
LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The lifesize default password for the cli account may sometimes be used for authentication.
CVE-2019-7629 1 Tintin\+\+ Project 2 Tintin\+\+, Wintin\+\+ 2024-11-21 N/A
Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.
CVE-2019-7621 1 Elastic 1 Kibana 2024-11-21 5.4 Medium
Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. An attacker with the ability to create coordinate map visualizations could create a malicious visualization. If another Kibana user views that visualization or a dashboard containing the visualization it could execute JavaScript in the victim�s browser.
CVE-2019-7613 1 Elastic 1 Winlogbeat 2024-11-21 7.5 High
Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event.
CVE-2019-7610 2 Elastic, Redhat 2 Kibana, Openshift 2024-11-21 N/A
Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
CVE-2019-7608 2 Elastic, Redhat 2 Kibana, Openshift 2024-11-21 N/A
Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
CVE-2019-7594 1 Johnsoncontrols 1 Metasys System 2024-11-21 N/A
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP).
CVE-2019-7593 1 Johnsoncontrols 1 Metasys System 2024-11-21 N/A
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP).
CVE-2019-7582 2 Canonical, Libming 2 Ubuntu Linux, Libming 2024-11-21 N/A
The readBytes function in util/read.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure.
CVE-2019-7581 2 Canonical, Libming 2 Ubuntu Linux, Libming 2024-11-21 N/A
The parseSWF_ACTIONRECORD function in util/parser.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure, a different vulnerability than CVE-2018-7876.
CVE-2019-7575 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2024-11-21 8.8 High
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.
CVE-2019-7567 1 Bijiadao 1 Waimai Super Cms 2024-11-21 N/A
An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter.
CVE-2019-7559 1 Btor2tools Project 1 Btor2tools 2024-11-21 N/A
In btor2parser/btor2parser.c in Boolector Btor2Tools before 2019-01-15, opening a specially crafted input file leads to an out of bounds write in pusht_bfr.
CVE-2019-7554 1 Api Based Travel Booking Project 1 Api Based Travel Booking 2024-11-21 N/A
An issue was discovered in PHP Scripts Mall API Based Travel Booking 3.4.7. There is Reflected XSS via the flight-results.php d2 parameter.
CVE-2019-7553 1 Chartered Accountant \ 1 Auditor Website Project 2024-11-21 5.4 Medium
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has Stored XSS in the Profile Update page via the My Name field.
CVE-2019-7552 1 Investment Mlm Software Project 1 Investment Mlm Software 2024-11-21 5.4 Medium
An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2. Stored XSS was found in the the My Profile Section. This is due to lack of sanitization in the Edit Name section.
CVE-2019-7551 1 Cantemo 1 Portal 2024-11-21 9.0 Critical
Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app.
CVE-2019-7547 1 Topnew 1 Sidu 2024-11-21 N/A
An issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS.
CVE-2019-7546 1 Topnew 1 Sidu 2024-11-21 N/A
An issue was discovered in SIDU 6.0. The dbs parameter of the conn.php page has a reflected Cross-site Scripting (XSS) vulnerability.
CVE-2019-7545 1 Dbninja 1 Dbninja 2024-11-21 N/A
In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field.