Search Results (83169 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-14298 1 Veeam 1 One Reporter 2024-11-21 N/A
Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx.
CVE-2019-14297 1 Veeam 1 One Reporter 2024-11-21 N/A
Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx.
CVE-2019-14287 7 Canonical, Debian, Fedoraproject and 4 more 21 Ubuntu Linux, Debian Linux, Fedora and 18 more 2024-11-21 8.8 High
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
CVE-2019-14286 1 Misp 1 Misp 2024-11-21 N/A
In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability.
CVE-2019-14275 3 Debian, Opensuse, Xfig Project 3 Debian Linux, Leap, Fig2dev 2024-11-21 5.5 Medium
Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.
CVE-2019-14274 2 Mcpp Project, Opensuse 3 Mcpp, Backports Sle, Leap 2024-11-21 5.5 Medium
MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c.
CVE-2019-14272 1 Silverstripe 1 Silverstripe 2024-11-21 5.4 Medium
In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.
CVE-2019-14267 2 Fedoraproject, Pdfresurrect Project 2 Fedora, Pdfresurrect 2024-11-21 7.8 High
PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled.
CVE-2019-14260 1 Al-enterprise 2 8008, 8008 Firmware 2024-11-21 N/A
On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) issue in the password change field for the Change Password interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request.
CVE-2019-14259 1 Polycom 2 Obihai Obi1022, Obihai Obi1022 Firmware 2024-11-21 N/A
On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request.
CVE-2019-14250 3 Canonical, Gnu, Opensuse 3 Ubuntu Linux, Binutils, Leap 2024-11-21 5.5 Medium
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.
CVE-2019-14247 1 Mpg321 Project 1 Mpg321 2024-11-21 5.5 Medium
The scan() function in mad.c in mpg321 0.3.2 allows remote attackers to trigger an out-of-bounds write via a zero bitrate in an MP3 file.
CVE-2019-14228 1 Angry-frog 1 Xavier 2024-11-21 N/A
Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based XSS via the username parameter when registering a new user at admin/includes/adminprocess.php. If there is an error when registering the user, the unsanitized username will reflect via the error page. Due to the lack of CSRF protection on the admin/includes/adminprocess.php endpoint, an attacker is able to chain the XSS with CSRF in order to cause remote exploitation.
CVE-2019-14227 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 6.1 Medium
OX App Suite 7.10.1 and 7.10.2 allows XSS.
CVE-2019-14221 1 1crm 1 1crm On-premise 2024-11-21 N/A
1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation.
CVE-2019-14210 2 Foxitsoftware, Microsoft 2 Phantompdf, Windows 2024-11-21 N/A
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Memory Corruption due to the use of an invalid pointer copy, resulting from a destructed string object.
CVE-2019-14209 2 Foxitsoftware, Microsoft 2 Phantompdf, Windows 2024-11-21 N/A
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Heap Corruption due to data desynchrony when adding AcroForm.
CVE-2019-14132 1 Qualcomm 6 Qcs605, Qcs605 Firmware, Sa6155p and 3 more 2024-11-21 9.8 Critical
Buffer over-write when this 0-byte buffer is typecasted to some other structure and hence memory corruption in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SA6155P, SM8150
CVE-2019-14131 1 Qualcomm 42 Apq8053, Apq8053 Firmware, Apq8096au and 39 more 2024-11-21 9.8 Critical
Out of bound write can occur in radio measurement request if STA receives multiple invalid rrm measurement request from AP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8096AU, MSM8998, Nicobar, QCA6574AU, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDM660, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
CVE-2019-14130 1 Qualcomm 18 Kamorta, Kamorta Firmware, Qcs404 and 15 more 2024-11-21 7.8 High
Memory corruption can occurs in trusted application if offset size from HLOS is more than actual mapped buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130