| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. |
| A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow injections that could lead to XSS attacks if unsuspecting users are tricked into accessing a malicious link. |
| A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users. |
| A vulnerability has been identified in SIPORT MP (All versions < 3.1.4). Vulnerable versions of the device allow the creation of special accounts ("service users") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area. |
| A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 4). Specially crafted packets sent to port 161/udp can cause the SNMP service of affected devices to crash. A manual restart of the device is required to resume operation of the service. |
| On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265. |
| IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects. |
| IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts. |
| GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions. |
| GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions. |
| Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak uninitialized data in a response. |
| A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface. |
| A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request. |
| BMC Control-M/Agent 7.0.00.000 allows OS Command Injection (issue 2 of 2). |
| BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage. |
| BMC Control-M/Agent 7.0.00.000 allows OS Command Injection. |
| Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen). |
| Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS. |
| Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files. |
| Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture. |