Search Results (83181 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-15275 1 Cisco 1 Telepresence Collaboration Endpoint 2024-11-21 6.7 Medium
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the remote support user and submitting malicious input to a specific command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system (OS) with root privileges.
CVE-2019-15274 1 Cisco 1 Telepresence Collaboration Endpoint 2024-11-21 6.7 Medium
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to perform command injections. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as an administrative level user within the restricted shell and submitting malicious input to a specific command. A successful exploit could allow the attacker to execute previously staged code from the underlying filesystem.
CVE-2019-15234 1 Ushareit 1 Shareit 2024-11-21 7.5 High
SHAREit through 4.0.6.177 does not check the full message length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. This is different from CVE-2019-14941.
CVE-2019-15233 1 Oldstreetsolutions 1 Live Input Macros 2024-11-21 6.1 Medium
The Live:Text Box macro in the Old Street Live Input Macros app before 2.11 for Confluence has XSS, leading to theft of the Administrator Session Cookie.
CVE-2019-15230 1 Librenms 1 Librenms 2024-11-21 N/A
LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account.
CVE-2019-15228 1 Thedaylightstudio 1 Fuel Cms 2024-11-21 N/A
FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.
CVE-2019-15227 1 Getflightpath 1 Flightpath 2024-11-21 N/A
FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. This could lead to cookie stealing and other malicious actions.
CVE-2019-15225 2 Envoyproxy, Redhat 2 Envoy, Service Mesh 2024-11-21 N/A
In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to CVE-2019-14993.
CVE-2019-15160 1 Kbrw 1 Sweet Xml 2024-11-21 N/A
The SweetXml (aka sweet_xml) package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service (resource consumption) via an XML entity expansion attack with an inline DTD.
CVE-2019-15148 1 Gopro 1 Gpmf-parser 2024-11-21 N/A
GoPro GPMF-parser 1.2.2 has an out-of-bounds write in OpenMP4Source in demo/GPMF_mp4reader.c.
CVE-2019-15127 1 Vanderbilt 1 Redcap 2024-11-21 N/A
REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file.
CVE-2019-15124 1 Mediawiki 1 Mobilefrontend 2024-11-21 6.1 Medium
In the MobileFrontend extension for MediaWiki, XSS exists within the edit summary field of the watchlist feed. This affects REL1_31, REL1_32, and REL1_33.
CVE-2019-15120 1 Kunena 1 Kunena 2024-11-21 5.4 Medium
The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode.
CVE-2019-15112 1 Wp-slimstat 1 Slimstat Analytics 2024-11-21 6.1 Medium
The wp-slimstat plugin before 4.8.1 for WordPress has XSS.
CVE-2019-15110 1 Wp Front End Profile Project 1 Wp Front End Profile 2024-11-21 N/A
The wp-front-end-profile plugin before 0.2.2 for WordPress has XSS.
CVE-2019-15109 1 Stellarwp 1 The Events Calendar 2024-11-21 N/A
The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter.
CVE-2019-15108 1 Wso2 1 Api Manager 2024-11-21 4.8 Medium
An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.
CVE-2019-15095 1 Diaowen 1 Dwsurvey 2024-11-21 N/A
DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter.
CVE-2019-15086 1 Prise 1 Adas 2024-11-21 6.1 Medium
An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message.
CVE-2019-15084 1 Maxx 1 Waves Maxx Audio 2024-11-21 N/A
Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, installs with incorrect file permissions. As a result, a local attacker can escalate to SYSTEM.