Search Results (83216 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-16159 4 Debian, Fedoraproject, Nic and 1 more 4 Debian Linux, Fedora, Bird and 1 more 2024-11-21 7.5 High
BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed.
CVE-2019-16156 1 Fortinet 1 Fortiweb 2024-11-21 6.1 Medium
An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS).
CVE-2019-16154 1 Fortinet 1 Fortiauthenticator 2024-11-21 6.1 Medium
An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page.
CVE-2019-16153 1 Fortinet 1 Fortisiem 2024-11-21 9.8 Critical
A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials.
CVE-2019-16150 1 Fortinet 1 Forticlient 2024-11-21 5.5 Medium
Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key.
CVE-2019-16148 1 Sakailms 1 Sakai 2024-11-21 6.1 Medium
Sakai through 12.6 allows XSS via a chat user name.
CVE-2019-16147 1 Liferay 1 Liferay Portal 2024-11-21 6.1 Medium
Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib.
CVE-2019-16146 1 Getgophish 1 Gophish 2024-11-21 4.8 Medium
Gophish through 0.8.0 allows XSS via a username.
CVE-2019-16145 1 Padrinorb 1 Padrino-contrib 2024-11-21 6.1 Medium
The breadcrumbs contributed module through 0.2.0 for Padrino Framework allows XSS via a caption.
CVE-2019-16139 1 Compact Arena Project 1 Compact Arena 2024-11-21 9.8 Critical
An issue was discovered in the compact_arena crate before 0.4.0 for Rust. Generativity is mishandled, leading to an out-of-bounds write or read.
CVE-2019-16130 1 Hgw168cc 1 Yii-cms 2024-11-21 6.1 Medium
YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.php via a name field to /contact.html.
CVE-2019-16126 1 Getgrav 1 Grav Cms 2024-11-21 6.1 Medium
Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images.
CVE-2019-16118 1 10web 1 Photo Gallery 2024-11-21 6.1 Medium
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.
CVE-2019-16117 1 10web 1 Photo Gallery 2024-11-21 6.1 Medium
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php.
CVE-2019-16104 1 Silver-peak 2 Unity Edgeconnect Sd-wan, Unity Edgeconnect Sd-wan Firmware 2024-11-21 6.1 Medium
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO.
CVE-2019-16098 1 Msi 1 Afterburner 2024-11-21 7.8 High
The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.
CVE-2019-16096 1 Kilo Project 1 Kilo 2024-11-21 7.5 High
Kilo 0.0.1 has a heap-based buffer overflow because there is an integer overflow in a calculation involving the number of tabs in one row.
CVE-2019-16093 2 Canonical, Symonics 2 Ubuntu Linux, Libmysofa 2024-11-21 9.8 Critical
Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.
CVE-2019-16072 1 Netsas 1 Enigma Network Management Solution 2024-11-21 9.8 Critical
An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action.
CVE-2019-16070 1 Netsas 1 Enigma Network Management Solution 2024-11-21 6.1 Medium
A number of stored Cross-site Scripting (XSS) vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through web application form inputs.