Search Results (83257 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-19540 1 Cridio 1 Listingpro 2024-11-21 6.1 Medium
The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage.
CVE-2019-19536 3 Debian, Linux, Opensuse 3 Debian Linux, Linux Kernel, Leap 2024-11-21 4.6 Medium
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.
CVE-2019-19535 4 Debian, Linux, Opensuse and 1 more 4 Debian Linux, Linux Kernel, Leap and 1 more 2024-11-21 4.6 Medium
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.
CVE-2019-19534 4 Canonical, Debian, Linux and 1 more 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more 2024-11-21 2.4 Low
In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.
CVE-2019-19533 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-11-21 2.4 Low
In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.
CVE-2019-19532 2 Linux, Redhat 7 Linux Kernel, Enterprise Linux, Rhel Aus and 4 more 2024-11-21 6.8 Medium
In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.
CVE-2019-19522 1 Openbsd 1 Openbsd 2024-11-21 7.8 High
OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root.
CVE-2019-19515 1 Ayision 2 Ays-wr01, Ays-wr01 Firmware 2024-11-21 6.1 Medium
Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in wireless settings.
CVE-2019-19514 1 Ayision 2 Ays-wr01, Ays-wr01 Firmware 2024-11-21 5.4 Medium
Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in basic repeater settings via an SSID.
CVE-2019-19513 2 Microsoft, Un4seen 2 Windows, Bassmidi 2024-11-21 9.8 Critical
The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. An attacker may exploit this to execute code on the target machine. A failure in exploitation leads to a denial of service.
CVE-2019-19509 1 Rconfig 1 Rconfig 2024-11-21 8.8 High
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.
CVE-2019-19505 1 Tendacn 2 Pa6, Pa6 Firmware 2024-11-21 8.8 High
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2019-19500 1 Matrix42 1 Workspace Management 2024-11-21 5.4 Medium
Matrix42 Workspace Management 9.1.2.2765 and below allows stored XSS via unfiltered description parameters, as demonstrated by the comment field of a special order for individual software.
CVE-2019-19497 1 Altn 1 Mdaemon Email Server 2024-11-21 5.4 Medium
MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message.
CVE-2019-19496 1 Alfresco 1 Alfresco 2024-11-21 5.4 Medium
Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document.
CVE-2019-19492 1 Freeswitch 1 Freeswitch 2024-11-21 9.8 Critical
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.
CVE-2019-19491 1 Testlink 1 Testlink 2024-11-21 6.1 Medium
TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request.
CVE-2019-19487 1 Centreon 1 Centreon 2024-11-21 8.8 High
Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test.
CVE-2019-19469 1 Zmanda 1 Amanda 2024-11-21 8.8 High
In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials.
CVE-2019-19466 1 Sceditor 1 Sceditor 2024-11-21 6.1 Medium
SCEditor 2.1.3 allows XSS.