Search Results (83259 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-19786 2 Atasm Project, Fedoraproject 2 Atasm, Fedora 2024-11-21 7.8 High
ATasm 1.06 has a stack-based buffer overflow in the parse_expr() function in setparse.c via a crafted .m65 file.
CVE-2019-19785 2 Atasm Project, Fedoraproject 2 Atasm, Fedora 2024-11-21 7.8 High
ATasm 1.06 has a stack-based buffer overflow in the to_comma() function in asm.c via a crafted .m65 file.
CVE-2019-19773 1 Lexmark 160 6500e, 6500e Firmware, C734 and 157 more 2024-11-21 5.4 Medium
Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.
CVE-2019-19772 1 Lexmark 160 6500e, 6500e Firmware, C734 and 157 more 2024-11-21 5.4 Medium
Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.
CVE-2019-19757 1 Lenovo 1 Xclarity Administrator 2024-11-21 5.4 Medium
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. The JavaScript code is executed on the user's system, not executed on LXCA itself.
CVE-2019-19748 1 Brizoit 1 Work Time Calendar 2024-11-21 6.1 Medium
The Work Time Calendar app before 4.7.1 for Jira allows XSS.
CVE-2019-19746 2 Fedoraproject, Fig2dev Project 2 Fedora, Fig2dev 2024-11-21 5.5 Medium
make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.
CVE-2019-19742 1 Dlink 2 Dir-615, Dir-615 Firmware 2024-11-21 4.8 Medium
On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.
CVE-2019-19738 1 Mfscripts 1 Yetishare 2024-11-21 6.1 Medium
log_file_viewer.php in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the lFile parameter on the page, which would allow an attacker to input HTML or execute scripts on the site, aka XSS.
CVE-2019-19736 1 Mfscripts 1 Yetishare 2024-11-21 6.1 Medium
MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies, allowing the cookie to be read by script, which can potentially be used by attackers to obtain the cookie via cross-site scripting.
CVE-2019-19733 1 Mfscripts 1 Yetishare 2024-11-21 6.1 Medium
_get_all_file_server_paths.ajax.php (aka get_all_file_server_paths.ajax.php) in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the fileIds parameter on the page, which would allow an attacker to input HTML or execute scripts on the site, aka XSS.
CVE-2019-19727 2 Opensuse, Schedmd 2 Leap, Slurm 2024-11-21 5.5 Medium
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.
CVE-2019-19721 1 Videolan 1 Vlc Media Player 2024-11-21 7.8 High
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.
CVE-2019-19720 1 Yabasic 1 Yabasic 2024-11-21 8.8 High
Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file.
CVE-2019-19719 3 Linux, Microsoft, Tableau 3 Linux Kernel, Windows, Tableau Server 2024-11-21 6.1 Medium
Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page.
CVE-2019-19708 1 Mediawiki 1 Visual Editor 2024-11-21 6.1 Medium
The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute.
CVE-2019-19692 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 6.1 Medium
Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected.
CVE-2019-19682 1 Nopcommerce 1 Nopcommerce 2024-11-21 4.8 Medium
nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/[id] Admin/Blog/BlogPostEdit/[id]. NOTE: the vendor reportedly considers this a "feature" because the affected components are an HTML content editor.
CVE-2019-19679 1 Xpand-it 1 Xray Test Mangaement 2024-11-21 5.4 Medium
In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action for a new Test Issue.
CVE-2019-19678 1 Xpand-it 1 Xray Test Mangaement 2024-11-21 5.4 Medium
In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test issue.