Search Results (83270 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-20432 1 Lustre 1 Lustre 2024-11-21 7.5 High
In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size.
CVE-2019-20431 1 Lustre 1 Lustre 2024-11-21 7.5 High
In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value.
CVE-2019-20426 1 Lustre 1 Lustre 2024-11-21 7.5 High
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check.
CVE-2019-20425 1 Lustre 1 Lustre 2024-11-21 7.5 High
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2.
CVE-2019-20422 1 Linux 1 Linux Kernel 2024-11-21 5.5 Medium
In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db.
CVE-2019-20416 1 Atlassian 2 Jira, Jira Software Data Center 2024-11-21 4.8 Medium
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3.0.
CVE-2019-20414 1 Atlassian 4 Jira, Jira Data Center, Jira Server and 1 more 2024-11-21 5.4 Medium
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.
CVE-2019-20409 1 Atlassian 2 Jira, Jira Software Data Center 2024-11-21 9.8 Critical
The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.
CVE-2019-20389 1 Intelliants 1 Subrion 2024-11-21 6.1 Medium
An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user's browser without proper output encoding.
CVE-2019-20382 5 Canonical, Debian, Opensuse and 2 more 7 Ubuntu Linux, Debian Linux, Leap and 4 more 2024-11-21 3.5 Low
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
CVE-2019-20381 1 Testlink 1 Testlink 2024-11-21 6.1 Medium
TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491.
CVE-2019-20379 1 Ganglia 1 Ganglia-web 2024-11-21 6.1 Medium
ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter.
CVE-2019-20378 1 Ganglia 1 Ganglia-web 2024-11-21 6.1 Medium
ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter.
CVE-2019-20377 1 Tophub 1 Toplist 2024-11-21 6.1 Medium
TopList before 2019-09-03 allows XSS via a title.
CVE-2019-20376 1 Psi 1 Electronic Logbook 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG document to elogd.c.
CVE-2019-20375 1 Psi 1 Electronic Logbook 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attackers to inject arbitrary web script or HTML via the value parameter in a localization (loc) command to elogd.c.
CVE-2019-20374 3 Apple, Linux, Typora 3 Macos, Linux Kernel, Typora 2024-11-21 9.6 Critical
A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to improper HTML sanitization. Given that the application is based on the Electron framework, the XSS leads to remote code execution in an unsandboxed environment.
CVE-2019-20366 1 Igniterealtime 1 Openfire 2024-11-21 6.1 Medium
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents.
CVE-2019-20365 1 Igniterealtime 1 Openfire 2024-11-21 6.1 Medium
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page.
CVE-2019-20364 1 Igniterealtime 1 Openfire 2024-11-21 6.1 Medium
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cacheName to SystemCacheDetails.jsp.