Search Results (83230 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-17430 1 Eyoucms 1 Eyoucms 2024-11-21 6.1 Medium
EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter.
CVE-2019-17427 1 Redmine 1 Redmine 2024-11-21 6.1 Medium
In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors.
CVE-2019-17424 1 Nipper-ng Project 1 Nipper-ng 2024-11-21 7.8 High
A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file.
CVE-2019-17417 1 Pbootcms 1 Pbootcms 2024-11-21 4.8 Medium
PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.
CVE-2019-17409 1 Open-emr 1 Openemr 2024-11-21 6.1 Medium
Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter.
CVE-2019-17405 1 Nokia 1 Impact 2024-11-21 6.1 Medium
Nokia IMPACT < 18A: has Reflected self XSS
CVE-2019-17391 1 Espressif 8 Esp32-d0wd, Esp32-d0wd Firmware, Esp32-d2wd and 5 more 2024-11-21 4.6 Medium
An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker (with physical access to the device) to read the contents of read-protected eFuses, such as flash encryption and secure boot keys, by injecting a glitch into the power supply of the chip shortly after reset.
CVE-2019-17388 4 Aviatrix, Freebsd, Linux and 1 more 4 Vpn Client, Freebsd, Linux Kernel and 1 more 2024-11-21 7.8 High
Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges through file modifications.
CVE-2019-17385 1 Eleopard 1 Animate It\! 2024-11-21 6.1 Medium
The animate-it plugin before 2.3.5 for WordPress has XSS.
CVE-2019-17384 1 Eleopard 1 Animate It\! 2024-11-21 6.1 Medium
The animate-it plugin before 2.3.4 for WordPress has XSS.
CVE-2019-17380 1 Cpanel 1 Cpanel 2024-11-21 6.1 Medium
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).
CVE-2019-17379 1 Cpanel 1 Cpanel 2024-11-21 6.1 Medium
cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527).
CVE-2019-17378 1 Cpanel 1 Cpanel 2024-11-21 6.1 Medium
cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526).
CVE-2019-17377 1 Cpanel 1 Cpanel 2024-11-21 6.1 Medium
cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524).
CVE-2019-17376 1 Cpanel 1 Cpanel 2024-11-21 6.1 Medium
cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521).
CVE-2019-17371 1 Gif2png Project 1 Gif2png 2024-11-21 6.5 Medium
gif2png 2.5.13 has a memory leak in the writefile function.
CVE-2019-17368 1 S-cms 1 S-cms 2024-11-21 6.1 Medium
S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter.
CVE-2019-17364 2 Petwant, Skymee 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more 2024-11-21 9.8 Critical
The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
CVE-2019-17361 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2024-11-21 9.8 Critical
In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.
CVE-2019-17358 3 Cacti, Debian, Opensuse 3 Cacti, Debian Linux, Leap 2024-11-21 8.1 High
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.