Search Results (83254 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-19288 1 Siemens 1 Xhq 2024-11-21 6.1 Medium
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link.
CVE-2019-19285 1 Siemens 1 Xhq 2024-11-21 5.4 Medium
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow injections that could lead to XSS attacks if unsuspecting users are tricked into accessing a malicious link.
CVE-2019-19284 1 Siemens 1 Xhq 2024-11-21 5.4 Medium
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users.
CVE-2019-19277 1 Siemens 1 Siport Mp 2024-11-21 6.5 Medium
A vulnerability has been identified in SIPORT MP (All versions < 3.1.4). Vulnerable versions of the device allow the creation of special accounts ("service users") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area.
CVE-2019-19276 1 Siemens 4 Simatic Hmi Comfort Panels, Simatic Hmi Comfort Panels Firmware, Simatic Hmi Ktp Mobile Panels and 1 more 2024-11-21 5.3 Medium
A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 4). Specially crafted packets sent to port 161/udp can cause the SNMP service of affected devices to crash. A manual restart of the device is required to resume operation of the service.
CVE-2019-19273 2 Google, Samsung 5 Android, Exynos 8895, Galaxy Note8 and 2 more 2024-11-21 7.8 High
On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265.
CVE-2019-19266 1 Icewarp 1 Mail Server 2024-11-21 5.4 Medium
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.
CVE-2019-19265 1 Icewarp 1 Mail Server 2024-11-21 6.1 Medium
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.
CVE-2019-19263 1 Gitlab 1 Gitlab 2024-11-21 4.3 Medium
GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions.
CVE-2019-19262 1 Gitlab 1 Gitlab 2024-11-21 4.3 Medium
GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions.
CVE-2019-19240 1 Embedthis 1 Goahead 2024-11-21 5.3 Medium
Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak uninitialized data in a response.
CVE-2019-19223 1 Dlink 2 Dsl-2680, Dsl-2680 Firmware 2024-11-21 7.5 High
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface.
CVE-2019-19222 1 Dlink 2 Dsl-2680, Dsl-2680 Firmware 2024-11-21 5.4 Medium
A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request.
CVE-2019-19220 1 Bmcsoftware 1 Control-m\/agent 2024-11-21 8.8 High
BMC Control-M/Agent 7.0.00.000 allows OS Command Injection (issue 2 of 2).
CVE-2019-19218 1 Bmcsoftware 1 Control-m\/agent 2024-11-21 7.5 High
BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage.
CVE-2019-19217 1 Bmcsoftware 1 Control-m\/agent 2024-11-21 8.8 High
BMC Control-M/Agent 7.0.00.000 allows OS Command Injection.
CVE-2019-19212 1 Dolibarr 1 Dolibarr 2024-11-21 9.8 Critical
Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen).
CVE-2019-19211 1 Dolibarr 1 Dolibarr 2024-11-21 6.1 Medium
Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS.
CVE-2019-19210 1 Dolibarr 1 Dolibarr 2024-11-21 5.4 Medium
Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files.
CVE-2019-19206 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 5.4 Medium
Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture.