Search Results (83161 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-13538 1 Codesys 1 Codesys 2024-11-21 8.6 High
3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only.
CVE-2019-13537 1 Aveva 2 Iec870ip, Iec870ip Firmware 2024-11-21 7.5 High
The IEC870IP driver for AVEVA’s Vijeo Citect and Citect SCADA and Schneider Electric’s Power SCADA Operation has a buffer overflow vulnerability that could result in a server-side crash.
CVE-2019-13536 1 Deltaww 1 Tpeditor 2024-11-21 7.8 High
Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code.
CVE-2019-13530 1 Philips 19 865240, 865241, 865242 and 16 more 2024-11-21 7.2 High
Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). An attacker can use these credentials to login via ftp and upload a malicious firmware.
CVE-2019-13522 1 Ezautomation 1 Ez Plc Editor 2024-11-21 7.8 High
An attacker could use a specially crafted project file to corrupt the memory and execute code under the privileges of the EZ PLC Editor Versions 1.8.41 and prior.
CVE-2019-13520 1 Fujielectric 2 Alpha5 Smart Loader, Alpha5 Smart Loader Firmware 2024-11-21 7.8 High
Multiple buffer overflow issues have been identified in Alpha5 Smart Loader: All versions prior to 4.2. An attacker could use specially crafted project files to overflow the buffer and execute code under the privileges of the application.
CVE-2019-13506 1 Nuxtjs 2 \@nuxt\/devalue, Nuxt.js 2024-11-21 N/A
@nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandles object keys, leading to XSS.
CVE-2019-13505 1 Dwbooster 1 Appointment Hour Booking 2024-11-21 6.1 Medium
The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1.
CVE-2019-13495 1 Zyxel 2 Xgs2210-52hp, Xgs2210-52hp Firmware 2024-11-21 5.4 Medium
In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field.
CVE-2019-13494 1 Castlerock 1 Simple Network Management Protocol Console 2024-11-21 N/A
nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0.9 has a stack-based buffer overflow via a long variable string in a Map Objects text file.
CVE-2019-13493 1 Sitecore 1 Experience Platform 2024-11-21 N/A
In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript.
CVE-2019-13488 1 Trape Project 1 Trape 2024-11-21 N/A
A cross-site scripting (XSS) vulnerability in static/js/trape.js in Trape through 2019-05-08 allows remote attackers to inject arbitrary web script or HTML via the country, query, or refer parameter to the /register URI, because the jQuery prepend() method is used.
CVE-2019-13486 2 Debian, Xymon 2 Debian Linux, Xymon 2024-11-21 N/A
In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of   expansion in svcstatus.c.
CVE-2019-13485 2 Debian, Xymon 2 Debian Linux, Xymon 2024-11-21 N/A
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c.
CVE-2019-13482 1 Dlink 2 Dir-818lw, Dir-818lw Firmware 2024-11-21 8.8 High
An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings.
CVE-2019-13481 1 Dlink 2 Dir-818lw, Dir-818lw Firmware 2024-11-21 8.8 High
An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MTU field to SetWanSettings.
CVE-2019-13478 1 Yoast 1 Yoast Seo 2024-11-21 9.8 Critical
The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions.
CVE-2019-13476 1 Control-webpanel 1 Webpanel 2024-11-21 N/A
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page.
CVE-2019-13474 1 Telestar 22 Bobs Rock Radio, Bobs Rock Radio Firmware, Dabman D10 and 19 more 2024-11-21 9.8 Critical
TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have insufficient access control for the /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands.
CVE-2019-13473 2 Auna, Telestar 24 Connect 100, Connect 100 Firmware, Bobs Rock Radio and 21 more 2024-11-21 9.8 Critical
TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have an undocumented TELNET service within the BusyBox subsystem, leading to root access.