Search Results (83259 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-19856 1 Serpico Project 1 Serpico 2024-11-21 4.8 Medium
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The User Type on the admin/list_user page allows stored XSS via the type parameter.
CVE-2019-19855 1 Serpico Project 1 Serpico 2024-11-21 4.8 Medium
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/list_user allows stored XSS via the auth_type parameter.
CVE-2019-19852 1 Sangoma 1 Freepbx 2024-11-21 4.8 Medium
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4.
CVE-2019-19851 1 Sangoma 1 Freepbx 2024-11-21 4.8 Medium
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20.
CVE-2019-19847 1 Libspiro Project 1 Libspiro 2024-11-21 8.1 High
Libspiro through 20190731 has a stack-based buffer overflow in the spiro_to_bpath0() function in spiro.c.
CVE-2019-19842 1 Ruckuswireless 17 C110, E510, H320 and 14 more 2024-11-21 9.8 Critical
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute.
CVE-2019-19841 1 Ruckuswireless 17 C110, E510, H320 and 14 more 2024-11-21 9.8 Critical
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute.
CVE-2019-19840 1 Ruckuswireless 17 C110, E510, H320 and 14 more 2024-11-21 9.8 Critical
A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request.
CVE-2019-19839 1 Ruckuswireless 17 C110, E510, H320 and 14 more 2024-11-21 9.8 Critical
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute.
CVE-2019-19838 1 Ruckuswireless 17 C110, E510, H320 and 14 more 2024-11-21 9.8 Critical
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute.
CVE-2019-19829 1 Solarwinds 1 Serv-u Ftp Server 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182.
CVE-2019-19824 1 Totolink 17 A3002ru, A3002ru Firmware, A702r and 14 more 2024-11-21 8.8 High
On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, N100RE through 3.4.0, and N302RE 2.0.2.
CVE-2019-19821 1 Combodo 1 Itop 2024-11-21 8.1 High
A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses. This is fixed in all iTop packages (community, essential, professional) in versions : 2.5.4, 2.6.3, 2.7.0
CVE-2019-19820 1 Kyrol 1 Internet Security 2024-11-21 7.8 High
An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402405 using METHOD_NEITHER results in a read primitive.
CVE-2019-19816 4 Canonical, Debian, Linux and 1 more 18 Ubuntu Linux, Debian Linux, Linux Kernel and 15 more 2024-11-21 7.8 High
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.
CVE-2019-19814 1 Linux 1 Linux Kernel 2024-11-21 7.8 High
In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.
CVE-2019-19797 3 Debian, Fedoraproject, Xfig Project 3 Debian Linux, Fedora, Fig2dev 2024-11-21 5.5 Medium
read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.
CVE-2019-19796 1 Yabasic 1 Yabasic 2024-11-21 7.8 High
Yabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source file.
CVE-2019-19795 1 Samurai Project 1 Samurai 2024-11-21 7.8 High
samurai 0.7 has a heap-based buffer overflow in canonpath in util.c via a crafted build file.
CVE-2019-19787 2 Atasm Project, Fedoraproject 2 Atasm, Fedora 2024-11-21 7.8 High
ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c via a crafted .m65 file.