Search Results (83259 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-1056 1 Microsoft 8 Internet Explorer, Windows 10, Windows 7 and 5 more 2024-11-21 N/A
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1004, CVE-2019-1059.
CVE-2019-1004 1 Microsoft 9 Internet Explorer, Windows 10, Windows 7 and 6 more 2024-11-21 N/A
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1056, CVE-2019-1059.
CVE-2019-1001 1 Microsoft 11 Chakracore, Edge, Internet Explorer and 8 more 2024-11-21 N/A
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1004, CVE-2019-1056, CVE-2019-1059.
CVE-2019-19994 1 Seling 1 Visual Access Manager 2024-11-21 9.8 Critical
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PHP Web page /common/vam_monitor_sap.php.
CVE-2019-19991 1 Seling 1 Visual Access Manager 2024-11-21 5.4 Medium
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Reflected Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /vam/vam_anagraphic.php, /vam/vam_vamuser.php, /common/vamp_main.php, and /wiz/change_password.php.
CVE-2019-19990 1 Seling 1 Visual Access Manager 2024-11-21 5.4 Medium
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Stored Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /monitor/s_headmodel.php and /vam/vam_user.php.
CVE-2019-19988 1 Seling 1 Visual Access Manager 2024-11-21 8.8 High
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vam_editXml.php in the web interface. The vulnerable PHP page checks none of these: the parameter that identifies the file name to be created, the destination path, or the extension. Thus, an attacker can manipulate the file name to create any type of file within the filesystem with arbitrary content.
CVE-2019-19979 1 Wp Maintenance Project 1 Wp Maintenance 2024-11-21 8.8 High
A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. There was CSRF with resultant XSS.
CVE-2019-19968 1 Pandorafms 1 Pandora Fms 2024-11-21 5.4 Medium
PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content.
CVE-2019-19958 1 Mz-automation 1 Libiec61850 2024-11-21 6.5 Medium
In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service.
CVE-2019-19951 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Backports and 1 more 2024-11-21 9.8 Critical
In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.
CVE-2019-19948 5 Canonical, Debian, Imagemagick and 2 more 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more 2024-11-21 9.8 Critical
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
CVE-2019-19943 1 Pablosoftwaresolutions 1 Quick \'n Easy Web Server 2024-11-21 7.5 High
The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3.8 allows Remote Unauthenticated Heap Memory Corruption via a large host or domain parameter. It may be possible to achieve remote code execution because of a double free.
CVE-2019-19941 1 Swisscom 2 Centro Grande, Centro Grande Firmware 2024-11-21 5.4 Medium
Missing hostname validation in Swisscom Centro Grande before 6.16.12 allows a remote attacker to inject its local IP address as a domain entry in the DNS service of the router via crafted hostnames in DHCP requests, causing XSS.
CVE-2019-19940 1 Swisscom 2 Centro Grande, Centro Grande Firmware 2024-11-21 7.2 High
Incorrect input sanitation in text-oriented user interfaces (telnet, ssh) in Swisscom Centro Grande before 6.16.12 allows remote authenticated users to execute arbitrary commands via command injection.
CVE-2019-19935 1 Froala 1 Froala Editor 2024-11-21 6.1 Medium
Froala Editor before 3.2.3 allows XSS.
CVE-2019-19931 1 Mz-automation 1 Libiec61850 2024-11-21 8.8 High
In libIEC61850 1.4.0, MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c has a heap-based buffer overflow.
CVE-2019-19924 6 Apache, Netapp, Oracle and 3 more 6 Bookkeeper, Cloud Backup, Mysql Workbench and 3 more 2024-11-21 5.3 Medium
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.
CVE-2019-19921 5 Canonical, Debian, Linuxfoundation and 2 more 8 Ubuntu Linux, Debian Linux, Runc and 5 more 2024-11-21 7.0 High
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
CVE-2019-19920 3 Canonical, Debian, Sa-exim Project 3 Ubuntu Linux, Debian Linux, Sa-exim 2024-11-21 8.8 High
sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.