Search Results (83265 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-20175 1 Qemu 1 Qemu 2024-11-21 7.5 High
An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a "privileged guest user has many ways to cause similar DoS effect, without triggering this assert.
CVE-2019-20174 1 Auth0 1 Lock 2024-11-21 6.1 Medium
Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder.
CVE-2019-20173 1 Auth0 1 Login By Auth0 2024-11-21 6.1 Medium
The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php.
CVE-2019-20170 2 Debian, Gpac 2 Debian Linux, Gpac 2024-11-21 5.5 Medium
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c.
CVE-2019-20162 2 Debian, Gpac 2 Debian Linux, Gpac 2024-11-21 5.5 Medium
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c.
CVE-2019-20161 2 Debian, Gpac 2 Debian Linux, Gpac 2024-11-21 5.5 Medium
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c.
CVE-2019-20160 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a stack-based buffer overflow in the function av1_parse_tile_group() in media_tools/av_parsers.c.
CVE-2019-20154 1 Determine 1 Contract Lifecycle Management 2024-11-21 6.1 Medium
An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. A cross-site scripting (XSS) vulnerability in multiple getchart.jsp parameters allows remote attackers to inject arbitrary web script or HTML.
CVE-2019-20152 1 Treasuryxpress 1 Treasuryxpress 2024-11-21 6.1 Medium
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow field. As a result, the payload is executed via the navigation bar throughout the application.
CVE-2019-20151 1 Treasuryxpress 1 Treasuryxpress 2024-11-21 6.1 Medium
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrator(s). A malicious payload can be injected within the Multi Approval security component and inserted via the Note field. As a result, the payload is executed by the application's administrator(s).
CVE-2019-20141 1 Laborator 1 Neon 2024-11-21 6.1 Medium
An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.
CVE-2019-20139 1 Nagios 1 Nagios Xi 2024-11-21 5.4 Medium
In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user.
CVE-2019-20104 1 Atlassian 1 Crowd 2024-11-21 7.5 High
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability.
CVE-2019-20102 1 Atlassian 1 Confluence Server 2024-11-21 6.1 Medium
The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified `mimeType` parameter.
CVE-2019-20096 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-11-21 5.5 Medium
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.
CVE-2019-20095 4 Linux, Netapp, Opensuse and 1 more 21 Linux Kernel, 8300, 8300 Firmware and 18 more 2024-11-21 5.5 Medium
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.
CVE-2019-20076 1 Netis-systems 2 Dl4343, Dl4343 Firmware 2024-11-21 6.1 Medium
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration).
CVE-2019-20075 1 Netis-systems 2 Dl4343, Dl4343 Firmware 2024-11-21 6.1 Medium
On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic).
CVE-2019-20073 1 Netis-systems 2 Dl4343, Dl4343 Firmware 2024-11-21 6.1 Medium
On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration).
CVE-2019-20072 1 Netis-systems 2 Dl4343, Dl4343 Firmware 2024-11-21 6.1 Medium
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration).