Search Results (83116 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-10905 1 Parsedown 1 Parsedown 2024-11-21 N/A
Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script (already running on the affected page) executes the contents of any element with a specific class. This occurs because spaces are permitted in code block infostrings, which interferes with the intended behavior of a single class name beginning with the language- substring.
CVE-2019-10904 2 Debian, Roundup-tracker 2 Debian Linux, Roundup 2024-11-21 N/A
Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.
CVE-2019-10896 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-11-21 7.5 High
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.
CVE-2019-10893 1 Centos-webpanel 1 Centos Web Panel 2024-11-21 N/A
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen. By changing the email ID to any XSS Payload and clicking on Save Changes, the XSS Payload will execute.
CVE-2019-10892 1 Dlink 2 Dir-806, Dir-806 Firmware 2024-11-21 N/A
An issue was discovered in D-Link DIR-806 devices. There is a stack-based buffer overflow in function hnap_main at /htdocs/cgibin. The function will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users. And it finally leads to a stack-based buffer overflow via a special HTTP header.
CVE-2019-10887 1 Salicru 1 Slc-20-cube3\(5\) 2024-11-21 6.1 Medium
A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) devices running firmware version cs121-SNMP v4.54.82.130611 allows remote attackers to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data= or /createlog.cgi?name= request.
CVE-2019-10883 1 Citrix 2 Citrix Sd-wan Center, Netscaler Sd-wan Center 2024-11-21 N/A
Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.
CVE-2019-10882 1 Netskope 1 Netskope 2024-11-21 7.8 High
The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in "doHandshakefromServer" function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system.
CVE-2019-10881 1 Xerox 20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more 2024-11-21 9.8 Critical
Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.
CVE-2019-10880 1 Xerox 10 Colorqube 8700, Colorqube 8700 Firmware, Colorqube 8900 and 7 more 2024-11-21 N/A
Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary.
CVE-2019-10878 1 Teeworlds 1 Teeworlds 2024-11-21 N/A
In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions in engine/shared/datafile.cpp that can lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution.
CVE-2019-10864 1 Veronalabs 1 Wp Statistics 2024-11-21 N/A
The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request.
CVE-2019-10854 1 Computrols 1 Computrols Building Automation Software 2024-11-21 N/A
Computrols CBAS 18.0.0 allows Authenticated Command Injection.
CVE-2019-10851 1 Computrols 1 Computrols Building Automation Software 2024-11-21 N/A
Computrols CBAS 18.0.0 has hard-coded encryption keys.
CVE-2019-10850 1 Computrols 1 Computrols Building Automation Software 2024-11-21 N/A
Computrols CBAS 18.0.0 has Default Credentials.
CVE-2019-10846 1 Computrols 1 Computrols Building Automation System 2024-11-21 6.1 Medium
Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter.
CVE-2019-10807 1 Blamer Project 1 Blamer 2024-11-21 9.8 Critical
Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer.
CVE-2019-10804 1 Serial-number Project 1 Serial-number 2024-11-21 9.8 Critical
serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation.
CVE-2019-10803 1 Push-dir Project 1 Push-dir 2024-11-21 9.8 Critical
push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139". This could be abused by an attacker to inject arbitrary commands.
CVE-2019-10802 1 Mangoraft 1 Giting 2024-11-21 9.8 Critical
giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull()" is executed by the package without any validation.