Search Results (83198 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-15661 1 Killernetworking 1 Killer Control Center 2024-11-21 7.2 High
An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64.sys fails to validate parameters, leading to a stack-based buffer overflow, which can lead to code execution or escalation of privileges.
CVE-2019-15652 1 Nssglobal 4 Satlink 2000, Satlink 2900, Satlink 2910 and 1 more 2024-11-21 6.1 Medium
The web interface for NSSLGlobal SatLink VSAT Modem Unit (VMU) devices before 18.1.0 doesn't properly sanitize input for error messages, leading to the ability to inject client-side code.
CVE-2019-15644 1 Zoho 1 Salesiq 2024-11-21 N/A
The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS.
CVE-2019-15643 1 Etoilewebdesign 1 Ultimate Faq 2024-11-21 N/A
The ultimate-faqs plugin before 1.8.22 for WordPress has XSS.
CVE-2019-15619 1 Nextcloud 3 Deck, Nextcloud Server, Talk 2024-11-21 4.8 Medium
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.
CVE-2019-15618 1 Nextcloud 1 Nextcloud Server 2024-11-21 4.8 Medium
Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location.
CVE-2019-15616 1 Nextcloud 1 Nextcloud Server 2024-11-21 4.3 Medium
Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long.
CVE-2019-15614 1 Nextcloud 1 Nextcloud 2024-11-21 5.4 Medium
Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files.
CVE-2019-15609 1 Kill-port-process Project 1 Kill-port-process 2024-11-21 9.8 Critical
The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability.
CVE-2019-15607 1 Nodered 1 Node-red 2024-11-21 5.4 Medium
A stored XSS vulnerability is present within node-red (version: <= 0.20.7) npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc.
CVE-2019-15603 1 Seeftl Project 1 Seeftl 2024-11-21 6.1 Medium
The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability via a malicious filename rendered in a directory listing.
CVE-2019-15602 1 Itwork 1 Fileview 2024-11-21 6.1 Medium
The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cross-Site Scripting (XSS) vulnerability in files it serves.
CVE-2019-15598 1 Treekill Project 1 Treekill 2024-11-21 9.8 Critical
A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command.
CVE-2019-15595 1 Ui 1 Unifi Video Controller 2024-11-21 8.8 High
A privilege escalation exists in UniFi Video Controller =<3.10.6 that would allow an attacker on the local machine to run arbitrary commands.
CVE-2019-15593 1 Gitlab 1 Gitlab 2024-11-21 6.5 Medium
GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.
CVE-2019-15588 1 Sonatype 1 Nexus Repository Manager 2024-11-21 7.2 High
There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability.
CVE-2019-15587 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2024-11-21 5.4 Medium
In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
CVE-2019-15586 1 Gitlab 1 Gitlab 2024-11-21 6.1 Medium
A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin.
CVE-2019-15575 1 Gitlab 1 Gitlab 2024-11-21 7.5 High
A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope.
CVE-2019-15554 1 Servo 1 Smallvec 2024-11-21 N/A
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity.