Search Results (83229 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-17250 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000042f5.
CVE-2019-17249 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d57b.
CVE-2019-17248 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000025b6.
CVE-2019-17246 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000258c.
CVE-2019-17245 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0000000000004359.
CVE-2019-17242 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000966f.
CVE-2019-17241 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d563.
CVE-2019-17239 1 Wpfactory 1 Download Plugins And Themes From Dashboard 2024-11-21 6.1 Medium
includes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin through 1.5.0 for WordPress has multiple unauthenticated stored XSS issues.
CVE-2019-17236 1 Getigniteup 1 Igniteup 2024-11-21 6.1 Medium
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS.
CVE-2019-17233 1 Etoilewebdesign 1 Ultimate Faq 2024-11-21 6.1 Medium
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection.
CVE-2019-17231 1 Mageewp 1 Onetone 2024-11-21 6.1 Medium
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues.
CVE-2019-17229 1 Stylemixthemes 1 Motors - Car Dealer\, Classifieds \& Listing 2024-11-21 6.1 Medium
includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues.
CVE-2019-17226 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 4.8 Medium
CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field.
CVE-2019-17225 1 Intelliants 1 Subrion 2024-11-21 5.4 Medium
Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue.
CVE-2019-17223 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 6.1 Medium
There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php.
CVE-2019-17222 1 Intelbras 2 Wrn 150, Wrn 150 Firmware 2024-11-21 6.1 Medium
An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is stored XSS in the Service Name tab of the WAN configuration screen, leading to a denial of service (inability to change the configuration).
CVE-2019-17220 1 Rocket.chat 1 Rocket.chat 2024-11-21 6.1 Medium
Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line.
CVE-2019-17214 1 Webarxsecurity 1 Webarx 2024-11-21 7.5 High
The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI.
CVE-2019-17213 1 Webarxsecurity 1 Webarx 2024-11-21 6.1 Medium
The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header.
CVE-2019-17212 1 Mbed 1 Mbed 2024-11-21 9.8 Critical
Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the 0xFF delimiter byte. Inside each while loop, the check of the value of *packet_data_pptr is not strictly enforced. More specifically, inside a loop, *packet_data_pptr could be increased and then dereferenced without checking. Moreover, there are many other functions in the format of sn_coap_parser_****() that do not check whether the pointer is within the bounds of the allocated buffer. All of these lead to heap-based or stack-based buffer overflows, depending on how the CoAP packet buffer is allocated.