Search Results (83164 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-13658 1 Broadcom 1 Network Flow Analysis 2024-11-21 9.8 Critical
CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
CVE-2019-13657 1 Broadcom 2 Ca Performance Management, Network Operations 2024-11-21 9.8 Critical
CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
CVE-2019-13653 1 Tp-link 2 M7350, M7350 Firmware 2024-11-21 9.8 Critical
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow triggerPort OS Command Injection (issue 5 of 5).
CVE-2019-13652 1 Tp-link 2 M7350, M7350 Firmware 2024-11-21 9.8 Critical
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection (issue 4 of 5).
CVE-2019-13651 1 Tp-link 2 M7350, M7350 Firmware 2024-11-21 9.8 Critical
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow portMappingProtocol OS Command Injection (issue 3 of 5).
CVE-2019-13650 1 Tp-link 2 M7350, M7350 Firmware 2024-11-21 9.8 Critical
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow internalPort OS Command Injection (issue 2 of 5).
CVE-2019-13649 1 Tp-link 2 M7350, M7350 Firmware 2024-11-21 9.8 Critical
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow externalPort OS Command Injection (issue 1 of 5).
CVE-2019-13647 1 Firefly-iii 1 Firefly Iii 2024-11-21 N/A
Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attachment viewing. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability
CVE-2019-13646 1 Firefly-iii 1 Firefly Iii 2024-11-21 N/A
Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability
CVE-2019-13645 1 Firefly-iii 1 Firefly Iii 2024-11-21 N/A
Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachment editing. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability
CVE-2019-13644 1 Firefly-iii 1 Firefly Iii 2024-11-21 5.4 Medium
Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tag_number$ tag summary page. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability
CVE-2019-13643 1 Espocrm 1 Espocrm 2024-11-21 N/A
Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on the Notifications page.
CVE-2019-13640 1 Qbittorrent 1 Qbittorrent 2024-11-21 N/A
In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed.
CVE-2019-13638 3 Debian, Gnu, Redhat 7 Debian Linux, Patch, Enterprise Linux and 4 more 2024-11-21 N/A
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.
CVE-2019-13633 1 Blinger 1 Blinger 2024-11-21 6.1 Medium
Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel for conversations/all, conversations/inbox, conversations/unassigned, and conversations/closed.
CVE-2019-13631 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-11-21 N/A
In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages.
CVE-2019-13616 6 Canonical, Debian, Fedoraproject and 3 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2024-11-21 8.1 High
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
CVE-2019-13614 1 Tp-link 2 Archer C1200, Archer C1200 Firmware 2024-11-21 N/A
CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in TP-Link Archer C1200 1.0.0 Build 20180502 rel.45702 and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server.
CVE-2019-13613 1 Tp-link 2 Archer C1200, Archer C1200 Firmware 2024-11-21 N/A
CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wireless Router Archer Router version 1.0.0 Build 20180502 rel.45702 (EU) and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server.
CVE-2019-13607 1 Opera 1 Mini 2024-11-21 N/A
The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by performing navigation to a javascript: URL.