Search Results (83246 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-18664 1 Secudos 1 Domos 2024-11-21 5.4 Medium
The Log module in SECUDOS DOMOS before 5.6 allows XSS.
CVE-2019-18656 1 Pimcore 1 Pimcore 2024-11-21 6.1 Medium
Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements.
CVE-2019-18655 1 Upredsun 1 File Sharing Wizard 2024-11-21 9.8 Critical
File Sharing Wizard version 1.5.0 build 2008 is affected by a Structured Exception Handler based buffer overflow vulnerability. An unauthenticated attacker is able to perform remote command execution and obtain a command shell by sending a HTTP GET request including the malicious payload in the URL. A similar issue to CVE-2019-17415, CVE-2019-16724, and CVE-2010-2331.
CVE-2019-18654 2 Avg, Microsoft 2 Anti-virus, Windows 2024-11-21 6.1 Medium
A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name.
CVE-2019-18653 2 Avast, Microsoft 2 Antivirus, Windows 2024-11-21 6.1 Medium
A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name.
CVE-2019-18652 1 Watchguard 2 Xmt515, Xmt515 Firmware 2024-11-21 6.1 Medium
A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and Microsoft Edge 44.18362.387.0 (Microsoft EdgeHTML 18.18362).
CVE-2019-18649 1 Untangle 1 Ng Firewall 2024-11-21 4.8 Medium
When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS.
CVE-2019-18648 1 Untangle 1 Ng Firewall 2024-11-21 4.8 Medium
When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields.
CVE-2019-18647 1 Untangle 1 Ng Firewall 2024-11-21 7.2 High
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user.
CVE-2019-18636 1 Jitbit 1 .net Forum 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum (aka ASP.NET forum) 8.3.8 allows remote attackers to inject arbitrary web script or HTML via the gravatar URL parameter.
CVE-2019-18634 3 Debian, Redhat, Sudo Project 4 Debian Linux, Enterprise Linux, Rhel E4s and 1 more 2024-11-21 7.8 High
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
CVE-2019-18619 3 Hp, Lenovo, Synaptics 224 Envy - 13t-ah100, Envy - 13t-ah100 Firmware, Envy - 13t-aq100 and 221 more 2024-11-21 7.8 High
Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.
CVE-2019-18614 1 Cypress 2 Cyw20735, Cyw20735 Firmware 2024-11-21 7.8 High
On the Cypress CYW20735 evaluation board, any data that exceeds 384 bytes is copied and causes an overflow. This is because the maximum BLOC buffer size for sending and receiving data is set to 384 bytes, but everything else is still configured to the usual size of 1092 (which was used for everything in the previous CYW20719 and later CYW20819 evaluation board). To trigger the overflow, an attacker can either send packets over the air or as unprivileged local user. Over the air, the minimal PoC is sending "l2ping -s 600" to the target address prior to any pairing. Locally, the buffer overflow is immediately triggered by opening an ACL or SCO connection to a headset. This occurs because, in WICED Studio 6.2 and 6.4, BT_ACL_HOST_TO_DEVICE_DEFAULT_SIZE and BT_ACL_DEVICE_TO_HOST_DEFAULT_SIZE are set to 384.
CVE-2019-18609 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-11-21 9.8 Critical
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.
CVE-2019-18588 1 Dell 2 Emc Powermax, Emc Unisphere For Powermax 2024-11-21 5.4 Medium
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users' sessions.
CVE-2019-18578 1 Dell 1 Xtremio Management Server 2024-11-21 9.0 Critical
Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application.
CVE-2019-18577 1 Dell 1 Xtremio Management Server 2024-11-21 6.7 Medium
Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access.
CVE-2019-18574 2 Emc, Rsa 2 Rsa Authentication Manager, Authentication Manager 2024-11-21 4.8 Medium
RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could then be included in a report. When other Security Console administrators open the affected report, the injected scripts could potentially be executed in their browser.
CVE-2019-18571 1 Dell 1 Rsa Identity Governance And Lifecycle 2024-11-21 5.4 Medium
The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a reflected cross-site scripting vulnerability in the My Access Live module [MAL]. An authenticated malicious local user could potentially exploit this vulnerability by sending crafted URL with scripts. When victim users access the module through their browsers, the malicious code gets injected and executed by the web browser in the context of the vulnerable web application.
CVE-2019-18463 1 Gitlab 1 Gitlab 2024-11-21 4.3 Medium
An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4).