Search Results (83135 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-11868 1 Softether 1 See.sys 2024-11-21 7.8 High
See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call an IOCTL specifying any kernel address to which arbitrary bytes are written to.
CVE-2019-11853 1 Sierrawireless 9 Airlink Es450, Airlink Gx450, Airlink Lx40 and 6 more 2024-11-21 3.9 Low
Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4.
CVE-2019-11850 1 Sierrawireless 7 Airlink Lx40, Airlink Lx60, Airlink Mp70 and 4 more 2024-11-21 6.3 Medium
A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0. The vulnerability may allow code execution
CVE-2019-11849 1 Sierrawireless 7 Airlink Lx40, Airlink Lx60, Airlink Mp70 and 4 more 2024-11-21 6.3 Medium
A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS before 4.11.0. The vulnerability may allow code execution.
CVE-2019-11848 1 Sierrawireless 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more 2024-11-21 4.1 Medium
An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values.
CVE-2019-11846 1 Dotcms 1 Dotcms 2024-11-21 N/A
/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection.
CVE-2019-11845 1 Ricoh 2 Sp 4510dn, Sp 4510dn Firmware 2024-11-21 N/A
An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
CVE-2019-11844 1 Ricoh 2 Sp 4520dn, Sp 4520dn Firmware 2024-11-21 N/A
An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter.
CVE-2019-11839 1 F5 1 Njs 2024-11-21 N/A
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling.
CVE-2019-11838 1 F5 1 Njs 2024-11-21 N/A
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling.
CVE-2019-11829 1 Synology 1 Calendar 2024-11-21 7.3 High
OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header.
CVE-2019-11828 1 Synology 1 Office 2024-11-21 5.5 Medium
Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-11827 1 Synology 1 Note Station 2024-11-21 6.5 Medium
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter.
CVE-2019-11825 1 Synology 1 Calendar 2024-11-21 6.5 Medium
Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
CVE-2019-11818 1 Alkacon 1 Opencms 2024-11-21 N/A
Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert arbitrary JavaScript as user input (First Name or Last Name), which will be executed whenever the affected snippet is loaded.
CVE-2019-11814 1 Misp 1 Misp 2024-11-21 N/A
An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot.
CVE-2019-11813 1 Misp 1 Misp 2024-11-21 N/A
An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. There is persistent XSS via link type attributes with javascript:// links.
CVE-2019-11812 1 Misp 1 Misp 2024-11-21 N/A
A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link.
CVE-2019-11809 1 Joomla 1 Joomla\! 2024-11-21 N/A
An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.
CVE-2019-11806 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 N/A
OX App Suite 7.10.1 and earlier has Insecure Permissions.