Search Results (83149 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-12519 5 Canonical, Debian, Opensuse and 2 more 7 Ubuntu Linux, Debian Linux, Leap and 4 more 2024-11-21 9.8 Critical
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.
CVE-2019-12517 1 Slickquiz Project 1 Slickquiz 2024-11-21 6.1 Medium
An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. The save_quiz_score functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users to submit quiz solutions/answers, which are stored in the database and later shown in the WordPress backend for all users with at least Subscriber rights. Because the plugin does not properly validate and sanitize this data, a malicious payload in either the name or email field is executed directly within the backend at /wp-admin/admin.php?page=slickquiz across all users with the privileges of at least Subscriber.
CVE-2019-12513 1 Netgear 2 Nighthawk X10-r9000, Nighthawk X10-r9000 Firmware 2024-11-21 6.1 Medium
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious hostname. This log entry may then be viewed at Advanced settings->Administration->Logs to trigger the exploit. Although this value is inserted into a textarea tag, converted to all-caps, and limited in length, attacks are still possible.
CVE-2019-12512 1 Netgear 2 Nighthawk X10-r9000, Nighthawk X10-r9000 Firmware 2024-11-21 6.1 Medium
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be inserted into administrative logs, found at Advanced settings->Administration->Logs, and may trigger when the page is viewed. Although this value is inserted into a textarea tag, the attack simply needs to supply a closing textarea tag.
CVE-2019-12511 1 Netgear 2 Nighthawk X10-r9000, Nighthawk X10-r9000 Firmware 2024-11-21 9.8 Critical
In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled, and a valid authentication JWT, additional vulnerabilities (CVE-2019-12510) allow an attacker to interact with the entire SOAP API without authentication. Additionally, DNS rebinding techniques may be used to exploit this vulnerability remotely. Exploiting this vulnerability is somewhat involved. The following limitations apply to the payload and must be overcome for successful exploitation: - No more than 17 characters may be used. - At least one colon must be included to prevent mangling. - A single-quote and meta-character must be used to break out of the existing command. - Parent command remnants after the injection point must be dealt with. - The payload must be in all-caps. Despite these limitations, it is still possible to gain access to an interactive root shell via this vulnerability. Since the web server assigns certain HTTP headers to environment variables with all-caps names, it is possible to insert a payload into one such header and reference the subsequent environment variable in the injection point.
CVE-2019-12507 1 Phprelativepath Project 1 Phprelativepath 2024-11-21 N/A
An XSS vulnerability exists in PHPRelativePath (aka Relative Path) through 1.0.2 via the RelativePath.Example1.php path parameter.
CVE-2019-12495 1 Tinycc 1 Tinycc 2024-11-21 N/A
An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to a one-byte out-of-bounds write in the gsym_addr function in x86_64-gen.c. This occurs because tccasm.c mishandles section switches.
CVE-2019-12489 1 Fastweb 2 Askey Rtv1907vw, Askey Rtv1907vw Firmware 2024-11-21 9.8 Critical
An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. By using the usb_remove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter.
CVE-2019-12475 1 Microstrategy 1 Microstrategy Web 2024-11-21 N/A
In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation.
CVE-2019-12471 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-11-21 N/A
Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVE-2019-12463 1 Librenms 1 Librenms 2024-11-21 8.8 High
An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php and html/graph-realtime.php scripts. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, disclosing file content, denial of service, or writing arbitrary files. NOTE: relative to CVE-2019-10665, this requires authentication and the pathnames differ.
CVE-2019-12461 1 Webport 1 Web Port 2024-11-21 N/A
Web Port 1.19.1 allows XSS via the /log type parameter.
CVE-2019-12460 1 Webport 1 Web Port 2024-11-21 N/A
Web Port 1.19.1 allows XSS via the /access/setup type parameter.
CVE-2019-12453 1 Microstrategy 1 Microstrategy Web 2024-11-21 N/A
In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation.
CVE-2019-12449 5 Canonical, Fedoraproject, Gnome and 2 more 5 Ubuntu Linux, Fedora, Gvfs and 2 more 2024-11-21 5.7 Medium
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.
CVE-2019-12445 1 Gitlab 1 Gitlab 2024-11-21 5.4 Medium
An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS.
CVE-2019-12444 1 Gitlab 1 Gitlab 2024-11-21 6.1 Medium
An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability.
CVE-2019-12442 1 Gitlab 1 Gitlab 2024-11-21 6.1 Medium
An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics.
CVE-2019-12441 1 Gitlab 1 Gitlab 2024-11-21 7.5 High
An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. The protected branches feature contained a access control issue which resulted in a bypass of the protected branches restriction rules. It has Incorrect Access Control.
CVE-2019-12430 1 Gitlab 1 Gitlab 2024-11-21 8.8 High
An issue was discovered in GitLab Community and Enterprise Edition 11.11. A specially crafted payload would allow an authenticated malicious user to execute commands remotely through the repository download feature. It allows Command Injection.