Search Results (83152 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-12741 1 Fhir 1 Hapi Fhir 2024-11-21 N/A
XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafted URL. (This module is not generally used in production systems so the attack surface is expected to be low, but affected systems are recommended to upgrade immediately.)
CVE-2019-12739 1 Nextcloud 1 Extract 2024-11-21 N/A
lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php (nameOfFile and directory parameters).
CVE-2019-12736 1 Jetbrains 1 Ktor 2024-11-21 9.8 Critical
JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.
CVE-2019-12732 1 Chartkick Project 1 Chartkick 2024-11-21 N/A
The Chartkick gem through 3.1.0 for Ruby allows XSS.
CVE-2019-12725 1 Zeroshell 1 Zeroshell 2024-11-21 N/A
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
CVE-2019-12724 1 Teclib-edition 1 News 2024-11-21 6.1 Medium
An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS attack via the $_POST['name'] parameter.
CVE-2019-12717 1 Cisco 88 Nexus 3016, Nexus 3048, Nexus 3064 and 85 more 2024-11-21 7.8 High
A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges, which may lead to complete system compromise. An attacker would need valid administrator credentials to exploit this vulnerability.
CVE-2019-12709 1 Cisco 11 Asr 9000v, Asr 9001, Asr 9006 and 8 more 2024-11-21 6.7 Medium
A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker who has valid administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to run arbitrary commands on the underlying operating system with root privileges, which may lead to complete system compromise.
CVE-2019-12699 1 Cisco 7 Firepower 1000, Firepower 2100, Firepower 4100 and 4 more 2024-11-21 7.8 High
Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.
CVE-2019-12661 1 Cisco 1 Ios Xe 2024-11-21 6.7 Medium
A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on the affected device. An attacker who has administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges, which may lead to complete system compromise.
CVE-2019-12645 1 Cisco 1 Jabber 2024-11-21 7.8 High
A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to improper file level permissions on an affected device when it is running Cisco JCF for Mac Software. An attacker could exploit this vulnerability by authenticating to the affected device and executing arbitrary code or potentially modifying certain configuration files. A successful exploit could allow the attacker to execute arbitrary code or modify certain configuration files on the device using the privileges of the installed Cisco JCF for Mac Software.
CVE-2019-12629 1 Cisco 8 Sd-wan Firmware, Vedge-100, Vedge-1000 and 5 more 2024-11-21 7.2 High
A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system.
CVE-2019-12611 1 Bitdefender 2 Box, Box Firmware 2024-11-21 4.4 Medium
An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior can cause the miniupnpd component to crash or to trigger a device reboot.
CVE-2019-12597 1 Zohocorp 1 Manageengine Assetexplorer 2024-11-21 6.1 Medium
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName.
CVE-2019-12596 1 Zohocorp 1 Manageengine Assetexplorer 2024-11-21 6.1 Medium
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType.
CVE-2019-12595 1 Zohocorp 1 Manageengine Assetexplorer 2024-11-21 6.1 Medium
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter.
CVE-2019-12592 1 Evernote 1 Web Clipper 2024-11-21 N/A
A universal Cross-site scripting (UXSS) vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame.
CVE-2019-12591 1 Netgear 1 Insight 2024-11-21 N/A
NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection.
CVE-2019-12589 1 Firejail Project 1 Firejail 2024-11-21 N/A
In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker.
CVE-2019-12585 2 Apcupsd, Netgate 2 Apcupsd, Pfsense 2024-11-21 N/A
Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.