Search Results (83176 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-14748 1 Osticket 1 Osticket 2024-11-21 N/A
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions. For example, a non-agent user can upload a .html file, and Content-Disposition will be set to inline instead of attachment.
CVE-2019-14747 1 Diaowen 1 Dwsurvey 2024-11-21 N/A
DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-design!copySurvey.action surveyName parameter.
CVE-2019-14745 2 Fedoraproject, Radare 2 Fedora, Radare2 2024-11-21 7.8 High
In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables.
CVE-2019-14744 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2024-11-21 7.8 High
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.
CVE-2019-14743 2 Microsoft, Valvesoftware 2 Windows, Steam Client 2024-11-21 N/A
In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit "Full control" for the Users group, which allows local users to gain NT AUTHORITY\SYSTEM access.
CVE-2019-14734 2 Adplug Project, Fedoraproject 2 Adplug, Fedora 2024-11-21 8.8 High
AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp.
CVE-2019-14733 2 Adplug Project, Fedoraproject 2 Adplug, Fedora 2024-11-21 8.8 High
AdPlug 2.3.1 has multiple heap-based buffer overflows in CradLoader::load() in rad.cpp.
CVE-2019-14732 2 Adplug Project, Fedoraproject 2 Adplug, Fedora 2024-11-21 8.8 High
AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp.
CVE-2019-14731 1 Cnezsoft 1 Zentao 2024-11-21 N/A
An issue was discovered in ZenTao 11.5.1. There is an XSS (stored) vulnerability that leads to the capture of other people's cookies via the Rich Text Box.
CVE-2019-14719 1 Verifone 2 Mx900, Mx900 Firmware 2024-11-21 7.8 High
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager.
CVE-2019-14715 1 Verifone 8 P200, P200 Firmware, P400 and 5 more 2024-11-21 6.8 Medium
Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation.
CVE-2019-14699 1 Microdigital 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more 2024-11-21 N/A
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server.
CVE-2019-14697 1 Musl-libc 1 Musl 2024-11-21 9.8 Critical
musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.
CVE-2019-14696 1 Open-school 1 Open-school 2024-11-21 N/A
Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter.
CVE-2019-14692 2 Adplug Project, Fedoraproject 2 Adplug, Fedora 2024-11-21 8.8 High
AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp.
CVE-2019-14691 2 Adplug Project, Fedoraproject 2 Adplug, Fedora 2024-11-21 8.8 High
AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in dtm.cpp.
CVE-2019-14690 2 Adplug Project, Fedoraproject 2 Adplug, Fedora 2024-11-21 8.8 High
AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp.
CVE-2019-14672 1 Firefly-iii 1 Firefly Iii 2024-11-21 N/A
Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code is executed upon an error condition during a visit to the account show page.
CVE-2019-14670 1 Firefly-iii 1 Firefly Iii 2024-11-21 N/A
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation.
CVE-2019-14669 1 Firefly-iii 1 Firefly Iii 2024-11-21 N/A
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page.