Search Results (83159 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-13239 1 Glpi-project 1 Glpi 2024-11-21 N/A
inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture.
CVE-2019-13236 1 Alkacon 1 Opencms 2024-11-21 N/A
In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface.
CVE-2019-13235 1 Alkacon 1 Opencms Apollo Template 2024-11-21 N/A
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form.
CVE-2019-13234 1 Alkacon 1 Opencms Apollo Template 2024-11-21 N/A
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine.
CVE-2019-13221 2 Debian, Stb Vorbis Project 2 Debian Linux, Stb Vorbis 2024-11-21 7.8 High
A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.
CVE-2019-13217 2 Debian, Stb Vorbis Project 2 Debian Linux, Stb Vorbis 2024-11-21 7.8 High
A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.
CVE-2019-13209 1 Suse 1 Rancher 2024-11-21 N/A
Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is accomplished, the exploiter is able to execute commands against the cluster's Kubernetes API with the permissions and identity of the victim.
CVE-2019-13208 1 Maxx 1 Waves Maxx Audio 2024-11-21 N/A
WavesSysSvc in Waves MAXX Audio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. This affects WavesSysSvc64.exe 1.9.29.0.
CVE-2019-13207 1 Nlnetlabs 1 Name Server Daemon 2024-11-21 N/A
nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() function in dname.c.
CVE-2019-13200 1 Kyocera 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware 2024-11-21 6.1 Medium
The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions.
CVE-2019-13198 1 Kyocera 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware 2024-11-21 6.1 Medium
The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions.
CVE-2019-13193 1 Brother 600 Ads-2400n, Ads-2400n Firmware, Ads-2800w and 597 more 2024-11-21 8.8 High
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. This would allow an attacker to execute arbitrary code on the device.
CVE-2019-13192 1 Brother 600 Ads-2400n, Ads-2400n Firmware, Ads-2800w and 597 more 2024-11-21 9.8 Critical
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly. This would allow an attacker to execute arbitrary code on the device.
CVE-2019-13189 1 Eng 1 Knowage 2024-11-21 N/A
In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page.
CVE-2019-13186 1 1234n 1 Minicms 2024-11-21 N/A
In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, and CVE-2018-20520.
CVE-2019-13182 1 Solarwinds 1 Serv-u Ftp Server 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7.
CVE-2019-13171 1 Xerox 2 Phaser 3320, Phaser 3320 Firmware 2024-11-21 9.8 Critical
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handling of the register parameters, because the size used within a memcpy() function, which copied the action value into a local variable, was not checked properly.
CVE-2019-13167 1 Xerox 2 Phaser 3320, Phaser 3320 Firmware 2024-11-21 6.1 Medium
Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions.
CVE-2019-13156 1 Naver 1 Cloud Explorer 2024-11-21 7.5 High
NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle.
CVE-2019-13155 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-11-21 N/A
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server.