Search Results (83176 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-14884 1 Moodle 1 Moodle 2024-11-21 6.1 Medium
A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages.
CVE-2019-14881 1 Moodle 1 Moodle 2024-11-21 6.1 Medium
A vulnerability was found in moodle 3.7 before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed.
CVE-2019-14869 4 Artifex, Fedoraproject, Opensuse and 1 more 5 Ghostscript, Fedora, Leap and 2 more 2024-11-21 8.8 High
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.
CVE-2019-14868 4 Apple, Debian, Ksh Project and 1 more 8 Mac Os X, Debian Linux, Ksh and 5 more 2024-11-21 7.4 High
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.
CVE-2019-14862 3 Knockoutjs, Oracle, Redhat 7 Knockout, Business Intelligence, Goldengate and 4 more 2024-11-21 6.1 Medium
There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
CVE-2019-14853 2 Python-ecdsa Project, Redhat 3 Python-ecdsa, Satellite, Satellite Capsule 2024-11-21 7.5 High
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.
CVE-2019-14849 1 Redhat 2 3scale, 3scale Amp 2024-11-21 5.4 Medium
A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.
CVE-2019-14837 1 Redhat 4 Jboss Single Sign On, Keycloak, Red Hat Single Sign On and 1 more 2024-11-21 9.1 Critical
A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be 'service-account-test@placeholder.org'.
CVE-2019-14834 3 Fedoraproject, Redhat, Thekelleys 3 Fedora, Enterprise Linux, Dnsmasq 2024-11-21 3.7 Low
A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
CVE-2019-14821 8 Canonical, Debian, Fedoraproject and 5 more 41 Ubuntu Linux, Debian Linux, Fedora and 38 more 2024-11-21 8.8 High
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
CVE-2019-14816 7 Canonical, Debian, Fedoraproject and 4 more 60 Ubuntu Linux, Debian Linux, Fedora and 57 more 2024-11-21 7.8 High
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
CVE-2019-14815 3 Linux, Netapp, Redhat 19 Linux Kernel, Altavault, Baseboard Management Controller and 16 more 2024-11-21 7.8 High
A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.
CVE-2019-14814 6 Canonical, Debian, Linux and 3 more 50 Ubuntu Linux, Debian Linux, Linux Kernel and 47 more 2024-11-21 7.8 High
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
CVE-2019-14812 3 Artifex, Fedoraproject, Redhat 4 Ghostscript, Fedora, 3scale Amp and 1 more 2024-11-21 7.8 High
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
CVE-2019-14807 1 Mediawiki 1 Mobilefrontend 2024-11-21 6.1 Medium
In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php.
CVE-2019-14805 1 Una 1 Una 2024-11-21 N/A
studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets during set editing.
CVE-2019-14804 1 Una 1 Una 2024-11-21 N/A
studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing.
CVE-2019-14799 1 Foliovision 1 Fv Flowplayer Video Player 2024-11-21 6.1 Medium
The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.
CVE-2019-14797 1 10web 1 Photo Gallery 2024-11-21 N/A
The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.
CVE-2019-14796 1 Mq-woocommerce-products-price-bulk-edit Project 1 Mq-woocommerce-products-price-bulk-edit 2024-11-21 5.4 Medium
The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter.