Search Results (83267 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-20073 1 Netis-systems 2 Dl4343, Dl4343 Firmware 2024-11-21 6.1 Medium
On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration).
CVE-2019-20072 1 Netis-systems 2 Dl4343, Dl4343 Firmware 2024-11-21 6.1 Medium
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration).
CVE-2019-20070 1 Netis-systems 2 Dl4343, Dl4343 Firmware 2024-11-21 6.1 Medium
On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration).
CVE-2019-20058 1 Boltcms 1 Bolt 2024-11-21 6.1 Medium
Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040
CVE-2019-20050 1 Artica 1 Pandora Fms 2024-11-21 6.8 Medium
Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a "tricky" name in the filemanager. The exploit works when the php-fileinfo extension is disabled on the host system. The attacker must include shell metacharacters in the content type.
CVE-2019-20042 2 Debian, Wordpress 2 Debian Linux, Wordpress 2024-11-21 6.1 Medium
In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release.
CVE-2019-20025 1 Nec 2 Sv9100, Sv9100 Firmware 2024-11-21 9.8 Critical
Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privilege level. An attacker could exploit this vulnerability by using this account to remotely log into an affected device. A successful exploit could allow the attacker to log into the device with manufacturer level access. This vulnerability affects SV9100 PBXes that are running software release 6.0 or higher. This vulnerability does not affect SV9100 software releases prior to 6.0.
CVE-2019-20019 1 Matio Project 1 Matio 2024-11-21 6.5 Medium
An attempted excessive memory allocation was discovered in Mat_VarRead5 in mat5.c in matio 1.5.17.
CVE-2019-20016 1 Symonics 1 Libmysofa 2024-11-21 6.5 Medium
libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack consumption in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c. NOTE: a download of v0.9 after 2019-12-06 should fully remediate this issue.
CVE-2019-20015 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2024-11-21 6.5 Medium
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec.
CVE-2019-20013 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2024-11-21 6.5 Medium
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec.
CVE-2019-20012 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2024-11-21 6.5 Medium
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec.
CVE-2019-20009 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2024-11-21 6.5 Medium
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec.
CVE-2019-20008 1 Archerysec 1 Archery 2024-11-21 5.4 Medium
In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page.
CVE-2019-20003 1 Dicube 1 Easescreen Crystal 2024-11-21 6.1 Medium
Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components. This could be exploited when an attacker sends an crafted string for FTP authentication.
CVE-2019-1993 1 Google 1 Android 2024-11-21 N/A
In register_app of btif_hd.cc, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-119819889.
CVE-2019-1991 1 Google 1 Android 2024-11-21 N/A
In btif_dm_data_copy of btif_core.cc, there is a possible out of bounds write due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-110166268.
CVE-2019-1990 1 Google 1 Android 2024-11-21 N/A
In ihevcd_fmt_conv_420sp_to_420p of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-118453553
CVE-2019-1989 1 Google 1 Android 2024-11-21 N/A
In ih264d_fmt_conv_420sp_to_420p of ih264d_format_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-118399205
CVE-2019-1988 1 Google 1 Android 2024-11-21 N/A
In sample6 of SkSwizzler.cpp, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-118372692.