Search Results (83172 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-14512 1 Limesurvey 1 Limesurvey 2024-11-21 6.1 Medium
LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/PanelBoxWidget/views/box.php or a label title in application/views/admin/labels/labelview_view.php.
CVE-2019-14497 3 Canonical, Debian, Milkytracker Project 3 Ubuntu Linux, Debian Linux, Milkytracker 2024-11-21 7.8 High
ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow.
CVE-2019-14496 3 Canonical, Debian, Milkytracker Project 3 Ubuntu Linux, Debian Linux, Milkytracker 2024-11-21 7.8 High
LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow.
CVE-2019-14495 1 3proxy 1 3proxy 2024-11-21 9.8 Critical
webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface.
CVE-2019-14492 2 Opencv, Opensuse 2 Opencv, Leap 2024-11-21 7.5 High
An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
CVE-2019-14482 1 Adremsoft 1 Netcrunch 2024-11-21 9.8 Critical
AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web client. The same hardcoded SSL private key is used across different customers' installations when no other SSL certificate is installed, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
CVE-2019-14480 1 Adremsoft 1 Netcrunch 2024-11-21 9.8 Critical
AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges.
CVE-2019-14479 1 Adremsoft 1 Netcrunch 2024-11-21 8.8 High
AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In the NetCrunch web client, a read-only administrator can execute arbitrary code on the server running the NetCrunch server software.
CVE-2019-14478 1 Adremsoft 1 Netcrunch 2024-11-21 5.4 Medium
AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vulnerability in the NetCrunch web client. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript code in the context of the user's browser if the victim opens or searches for a node whose "Display Name" contains an XSS payload.
CVE-2019-14472 1 Zurmo 1 Zurmo 2024-11-21 N/A
Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO.
CVE-2019-14471 1 Testlink 1 Testlink 2024-11-21 N/A
TestLink 1.9.19 has XSS via the error.php message parameter.
CVE-2019-14470 2 Instagram-php-api Project, Userproplugin 2 Instagram-php-api, User Pro 2024-11-21 N/A
cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.
CVE-2019-14469 1 Sonatype 1 Nexus Repository Manager 2024-11-21 N/A
In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.
CVE-2019-14465 1 Schismtracker 1 Schism Tracker 2024-11-21 7.8 High
fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow.
CVE-2019-14464 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2024-11-21 5.5 Medium
XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow.
CVE-2019-14457 1 Vivotek 1 Camera 2024-11-21 9.8 Critical
VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header.
CVE-2019-14456 1 Opengear 1 Opengear 2024-11-21 N/A
Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. If a malicious user of an external system (connected to a serial port on an Opengear console server) sends crafted text to a serial port (that has logging enabled), the text will be replayed when the logs are viewed. Exploiting this vulnerability requires access to the serial port and/or console server.
CVE-2019-14449 1 Cloudera 1 Cloudera Manager 2024-11-21 5.4 Medium
An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting (XSS) when viewed within this product.
CVE-2019-14431 1 Matrixssl 1 Matrixssl 2024-11-21 9.8 Critical
In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the fragment length value provided in the DTLS message.
CVE-2019-14427 1 Webstudio 1 Ultimate Loan Manager 2024-11-21 N/A
XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code.