Search Results (83204 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-15778 1 Getwooplugins 1 Additional Variation Images For Woocommerce 2024-11-21 N/A
The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS.
CVE-2019-15777 1 Shapepress 1 Wp Dsgvo Tools 2024-11-21 N/A
The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS.
CVE-2019-15767 1 Gnu 1 Chess 2024-11-21 N/A
In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.
CVE-2019-15753 1 Openstack 1 Os-vif 2024-11-21 N/A
In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py.
CVE-2019-15750 1 Sitos 1 Sitos Six 2024-11-21 6.1 Medium
A Cross-Site Scripting (XSS) vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2019-15746 1 Sitos 1 Sitos Six 2024-11-21 9.8 Critical
SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user.
CVE-2019-15745 1 Equeshome 2 Elf Smart Plug, Elf Smart Plug Firmware 2024-11-21 N/A
The Eques elf smart plug and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP port 27431. An attacker on the local network can use the same key to encrypt and send commands to discover all smart plugs in a network, take over control of a device, and perform actions such as turning it on and off.
CVE-2019-15739 1 Gitlab 1 Gitlab 2024-11-21 6.1 Medium
An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads.
CVE-2019-15736 1 Gitlab 1 Gitlab 2024-11-21 7.5 High
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack.
CVE-2019-15724 1 Gitlab 1 Gitlab 2024-11-21 6.1 Medium
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection.
CVE-2019-15722 1 Gitlab 1 Gitlab 2024-11-21 7.5 High
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources.
CVE-2019-15721 1 Gitlab 1 Gitlab 2024-11-21 5.4 Medium
An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings.
CVE-2019-15715 1 Mantisbt 1 Mantisbt 2024-11-21 7.2 High
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
CVE-2019-15713 1 My Calendar Project 1 My Calendar 2024-11-21 N/A
The my-calendar plugin before 3.1.10 for WordPress has XSS.
CVE-2019-15710 1 Fortiguard 2 Fortiextender, Fortiextender Firmware 2024-11-21 7.2 High
An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands.
CVE-2019-15708 1 Fortinet 4 Fortiap, Fortiap-s, Fortiap-u and 1 more 2024-11-21 6.7 Medium
A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.
CVE-2019-15701 1 Bloodhound Project 1 Bloodhound 2024-11-21 N/A
components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands (by spawning a child process as the current user on the victim's machine) when the search function's autocomplete feature is used. The victim must import data from an Active Directory with a GPO containing JavaScript in its name.
CVE-2019-15700 1 Frappe 1 Frappe 2024-11-21 N/A
public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text.
CVE-2019-15695 3 Opensuse, Redhat, Tigervnc 3 Leap, Enterprise Linux, Tigervnc 2024-11-21 7.2 High
TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
CVE-2019-15694 3 Opensuse, Redhat, Tigervnc 3 Leap, Enterprise Linux, Tigervnc 2024-11-21 7.2 High
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.