Search Results (83247 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-18957 1 Microstrategy 1 Microstrategy Library 2024-11-21 6.1 Medium
Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS.
CVE-2019-18955 1 Lansweeper 1 Lansweeper 2024-11-21 6.1 Medium
The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Product vulnerability has been fixed and disclosed within changelog as of 02 Dec 2019.
CVE-2019-18944 1 Microfocus 1 Solutions Business Manager 2024-11-21 4.9 Medium
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.
CVE-2019-18942 1 Microfocus 1 Solutions Business Manager 2024-11-21 5.5 Medium
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding.
CVE-2019-18934 4 Fedoraproject, Nlnetlabs, Opensuse and 1 more 4 Fedora, Unbound, Leap and 1 more 2024-11-21 7.3 High
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.
CVE-2019-18930 1 Western Digital 2 My Cloud Ex2 Ultra, My Cloud Ex2 Ultra Firmware 2024-11-21 8.8 High
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs.
CVE-2019-18929 1 Western Digital 2 My Cloud Ex2 Ultra, My Cloud Ex2 Ultra Firmware 2024-11-21 8.8 High
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow.
CVE-2019-18926 1 Systematicinc 1 Iris Standards Management 2024-11-21 6.1 Medium
Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting (XSS). A user input (related to dialog information) is reflected directly in the web page, allowing a malicious user to conduct a Cross Site Scripting attack against users of the application.
CVE-2019-18923 1 Go-camo Project 1 Go-camo 2024-11-21 6.1 Medium
Insufficient content type validation of proxied resources in go-camo before 2.1.1 allows a remote attacker to serve arbitrary content from go-camo's origin.
CVE-2019-18914 1 Hp 755 Digital Sender Flow 8500 Fn2 Document Capture Workstation L2762a, Futuresmart 3, Futuresmart 4 and 752 more 2024-11-21 6.1 Medium
A potential security vulnerability has been identified for certain HP printers and MFPs that would allow redirection page Cross-Site Scripting in a client’s browser by clicking on a third-party malicious link.
CVE-2019-18910 1 Hp 1 Thinpro 2024-11-21 6.8 Medium
The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges.
CVE-2019-18909 2 Hp, Linux 2 Thinpro, Linux Kernel 2024-11-21 8.0 High
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.
CVE-2019-18895 2 Microsoft, Scanguard 2 Windows, Scanguard Antivirus 2024-11-21 7.8 High
Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file.
CVE-2019-18894 1 Avast 1 Premium Security 2024-11-21 7.8 High
In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. A flaw in the processing of a command allows execution of arbitrary OS commands with the privileges of the currently logged in user. This allows for example attackers who compromised a browser extension to escape from the browser sandbox.
CVE-2019-18893 3 Avast, Avg, Video Downloader Project 3 Secure Browser, Secure Browser, Video Downloader 2024-11-21 6.1 Medium
XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component. While Video Downloader is technically a browser extension, it is granted a very wide set of privileges and can for example access cookies and browsing history, spy on the user while they are surfing the web, and alter their surfing experience in almost arbitrary ways.
CVE-2019-18883 1 Lavalite 1 Lavalite 2024-11-21 6.1 Medium
XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field.
CVE-2019-18882 1 Wso2 1 Identity Server 2024-11-21 6.1 Medium
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
CVE-2019-18881 1 Wso2 1 Identity Server 2024-11-21 6.1 Medium
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.
CVE-2019-18873 1 Fudforum 1 Fudforum 2024-11-21 9.0 Critical
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php.
CVE-2019-18859 1 Digi 2 Anywhereusb\/14, Anywhereusb\/14 Firmware 2024-11-21 6.1 Medium
Digi AnywhereUSB 14 allows XSS via a link for the Digi Page.