Search Results (83259 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-19661 1 Maxum 1 Rumpus Ftp 2024-11-21 6.1 Medium
A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp.
CVE-2019-19646 5 Netapp, Oracle, Siemens and 2 more 6 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 3 more 2024-11-21 9.8 Critical
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
CVE-2019-19642 1 Supermicro 3 X8sti-f, X8sti-f Bios, X8sti-f Firmware 2024-11-21 8.8 High
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareName. The attacker can achieve a persistent backdoor.
CVE-2019-19632 1 Bigswitch 3 Big Cloud Fabric, Big Monitoring Fabric, Multi-cloud Director 2024-11-21 6.1 Medium
An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. An unauthenticated attacker may inject stored arbitrary JavaScript (XSS), and execute it in the content of authenticated administrators.
CVE-2019-19630 3 Debian, Fedoraproject, Htmldoc Project 3 Debian Linux, Fedora, Htmldoc 2024-11-21 7.8 High
HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document.
CVE-2019-19619 1 Documize 1 Documize 2024-11-21 6.1 Medium
domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS.
CVE-2019-19615 1 Sangoma 1 Freepbx 2024-11-21 4.8 Medium
Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code via a link. When another user (such as an admin) clicks the link, the XSS payload will render and execute in the context of the victim user's account.
CVE-2019-19614 1 Halvotec 1 Raquest 2024-11-21 7.5 High
An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login page is vulnerable to wildcard injection, allowing an attacker to enumerate the list of users sharing an identical password. Fixed in Release 10.24.11206.1.
CVE-2019-19612 1 Halvotec 1 Raquest 2024-11-21 5.4 Medium
An issue was discovered in Halvotec RaQuest 10.23.10801.0. Several features of the application allow stored Cross-site Scripting (XSS). Fixed in Release 24.2020.20608.0.
CVE-2019-19609 1 Strapi 1 Strapi 2024-11-21 7.2 High
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.
CVE-2019-19606 1 X-plane 1 X-plane 2024-11-21 9.8 Critical
X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. This could be used to execute arbitrary commands on the system.
CVE-2019-19605 1 X-plane 1 X-plane 2024-11-21 9.8 Critical
X-Plane before 11.41 allows Arbitrary Memory Write via crafted network packets, which could cause a denial of service or arbitrary code execution.
CVE-2019-19604 4 Debian, Fedoraproject, Git-scm and 1 more 4 Debian Linux, Fedora, Git and 1 more 2024-11-21 7.8 High
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.
CVE-2019-19596 1 Gitbook 1 Gitbook 2024-11-21 5.4 Medium
GitBook through 2.6.9 allows XSS via a local .md file.
CVE-2019-19592 1 Jamasoftware 1 Connect 2024-11-21 6.1 Medium
Jama Connect 8.44.0 is vulnerable to stored Cross-Site Scripting
CVE-2019-19587 1 Wso2 1 Enterprise Integrator 2024-11-21 6.1 Medium
In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor configuration from the source view in the Management Console.
CVE-2019-19555 1 Xfig Project 1 Xfig 2024-11-21 5.5 Medium
read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.
CVE-2019-19552 1 Sangoma 1 Freepbx 2024-11-21 4.8 Medium
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account.
CVE-2019-19551 1 Sangoma 1 Freepbx 2024-11-21 4.8 Medium
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account.
CVE-2019-19547 2 Fedoraproject, Symantec 2 Fedora, Endpoint Detection And Response 2024-11-21 6.1 Medium
Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.