Search Results (83333 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-4028 1 Ibm 1 Sterling B2b Integrator 2024-11-21 5.4 Medium
IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155906.
CVE-2019-4027 1 Ibm 1 Sterling B2b Integrator 2024-11-21 5.4 Medium
IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 155905.
CVE-2019-4011 1 Ibm 1 Bigfix Platform 2024-11-21 5.4 Medium
IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155885.
CVE-2019-3999 2 Druva, Microsoft 2 Insync Client, Windows 2024-11-21 7.8 High
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
CVE-2019-3989 1 Amazon 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware 2024-11-21 9.8 Critical
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data.
CVE-2019-3988 1 Amazon 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware 2024-11-21 8.8 High
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter.
CVE-2019-3987 1 Amazon 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware 2024-11-21 8.8 High
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter.
CVE-2019-3986 1 Amazon 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware 2024-11-21 8.8 High
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter.
CVE-2019-3985 1 Amazon 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware 2024-11-21 8.8 High
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter.
CVE-2019-3984 1 Amazon 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware 2024-11-21 9.8 Critical
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet.
CVE-2019-3983 1 Amazon 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware 2024-11-21 6.8 Medium
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections.
CVE-2019-3975 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message.
CVE-2019-3973 1 Comodo 1 Antivirus 2024-11-21 N/A
Comodo Antivirus versions 11.0.0.6582 and below are vulnerable to Denial of Service affecting CmdGuard.sys via its filter port "cmdServicePort". A low privileged process can crash CmdVirth.exe to decrease the port's connection count followed by process hollowing a CmdVirth.exe instance with malicious code to obtain a handle to "cmdServicePort". Once this occurs, a specially crafted message can be sent to "cmdServicePort" using "FilterSendMessage" API. This can trigger an out-of-bounds write if lpOutBuffer parameter in FilterSendMessage API is near the end of specified buffer bounds. The crash occurs when the driver performs a memset operation which uses a size beyond the size of buffer specified, causing kernel crash.
CVE-2019-3968 1 Open-emr 1 Openemr 2024-11-21 N/A
In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form.
CVE-2019-3966 1 Open-emr 1 Openemr 2024-11-21 N/A
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
CVE-2019-3965 1 Open-emr 1 Openemr 2024-11-21 N/A
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
CVE-2019-3964 1 Open-emr 1 Openemr 2024-11-21 N/A
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
CVE-2019-3963 1 Open-emr 1 Openemr 2024-11-21 N/A
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
CVE-2019-3962 1 Tenable 1 Nessus 2024-11-21 N/A
Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the authenticated adversary to inject arbitrary text into the feed status, which will remain saved post session expiration.
CVE-2019-3961 1 Tenable 1 Nessus 2024-11-21 N/A
Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a users browser session.