Search Results (83176 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-14976 1 Icmsdev 1 Icms 2024-11-21 N/A
iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter.
CVE-2019-14974 1 Sugarcrm 1 Sugarcrm 2024-11-21 N/A
SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.
CVE-2019-14970 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2024-11-21 N/A
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
CVE-2019-14969 1 Netwrix 1 Auditor 2024-11-21 N/A
Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. In addition, the service Netwrix.ADA.StorageAuditService (which writes to that directory) does not perform proper impersonation, and thus the target file will have the same permissions as the invoking process (in this case, granting Authenticated Users full access over the target file). This vulnerability can be triggered by a low-privileged user to perform DLL Hijacking/Binary Planting attacks and ultimately execute code as NT AUTHORITY\SYSTEM with the help of Symbolic Links.
CVE-2019-14967 1 Frappe 1 Frappe 2024-11-21 N/A
An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and 12. There exists an XSS vulnerability.
CVE-2019-14961 1 Jetbrains 1 Upsource 2024-11-21 6.1 Medium
JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS.
CVE-2019-14958 1 Jetbrains 1 Pycharm 2024-11-21 7.5 High
JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation.
CVE-2019-14953 2 Jetbrains, Mozilla 2 Youtrack, Firefox 2024-11-21 6.1 Medium
JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser.
CVE-2019-14952 1 Jetbrains 1 Youtrack 2024-11-21 6.1 Medium
JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles.
CVE-2019-14950 1 3cx 1 Live Chat 2024-11-21 N/A
The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page.
CVE-2019-14949 1 Wpseeds 1 Wp Database Backup 2024-11-21 6.1 Medium
The wp-database-backup plugin before 5.1.2 for WordPress has XSS.
CVE-2019-14948 1 Najeebmedia 1 Ppom For Woocommerce 2024-11-21 5.4 Medium
The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure.
CVE-2019-14947 1 Ultimatemember 1 Ultimate Member 2024-11-21 N/A
The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade.
CVE-2019-14946 1 Ultimatemember 1 Ultimate Member 2024-11-21 N/A
The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations.
CVE-2019-14945 1 Ultimatemember 1 Ultimate Member 2024-11-21 N/A
The ultimate-member plugin before 2.0.54 for WordPress has XSS.
CVE-2019-14943 1 Gitlab 1 Gitlab 2024-11-21 N/A
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials.
CVE-2019-14941 1 Ushareit 1 Shareit 2024-11-21 7.5 High
SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation.
CVE-2019-14935 2 3cx, Microsoft 2 3cx, Windows 2024-11-21 N/A
3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link.
CVE-2019-14934 3 Debian, Fedoraproject, Pdfresurrect Project 3 Debian Linux, Fedora, Pdfresurrect 2024-11-21 7.8 High
An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write.
CVE-2019-14931 2 Inea, Mitsubishielectric 4 Me-rtu, Me-rtu Firmware, Smartrtu and 1 more 2024-11-21 9.8 Critical
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data.