Search Results (83104 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-10269 2 Burrow-wheeler Aligner Project, Canonical 2 Burrow-wheeler Aligner, Ubuntu Linux 2024-11-21 9.8 Critical
BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.
CVE-2019-10263 1 Ahsay 1 Cloud Backup Suite 2024-11-21 N/A
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the attacker to retrieve the admin's cookie and take over the account.
CVE-2019-10261 1 Centos-webpanel 1 Centos Web Panel 2024-11-21 N/A
CentOS Web Panel (CWP) 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via a "DNS Functions" "Edit Nameservers IPs" action.
CVE-2019-10260 1 Totaljs 1 Total.js Cms 2024-11-21 N/A
Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format).
CVE-2019-10254 1 Misp 1 Misp 2024-11-21 N/A
In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability.
CVE-2019-10241 5 Apache, Debian, Eclipse and 2 more 9 Activemq, Drill, Debian Linux and 6 more 2024-11-21 6.1 Medium
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.
CVE-2019-10238 1 Sitemagic 1 Sitemagic 2024-11-21 N/A
Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter.
CVE-2019-10227 1 It-novum 1 Openitcockpit 2024-11-21 6.1 Medium
openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component.
CVE-2019-10226 1 Fatfreecrm 1 Fat Free Crm 2024-11-21 N/A
HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is a XSS protection mechanism.
CVE-2019-10221 2 Dogtagpki, Redhat 3 Dogtagpki, Enterprise Linux, Rhel Eus 2024-11-21 4.3 Medium
A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.
CVE-2019-10215 2 Bootstrap-3-typeahead Project, Redhat 2 Bootstrap-3-typeahead, Openshift 2024-11-21 6.1 Medium
Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser.
CVE-2019-10193 5 Canonical, Debian, Oracle and 2 more 10 Ubuntu Linux, Debian Linux, Communications Operations Monitor and 7 more 2024-11-21 7.2 High
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.
CVE-2019-10192 5 Canonical, Debian, Oracle and 2 more 12 Ubuntu Linux, Debian Linux, Communications Operations Monitor and 9 more 2024-11-21 7.2 High
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.
CVE-2019-10180 2 Dogtagpki, Redhat 3 Dogtagpki, Certificate System, Certificate System Eus 2024-11-21 2.4 Low
A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.
CVE-2019-10179 2 Dogtagpki, Redhat 3 Dogtagpki, Enterprise Linux, Rhel Eus 2024-11-21 4.3 Medium
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.
CVE-2019-10178 2 Dogtagpki, Redhat 3 Dogtagpki, Certificate System, Certificate System Eus 2024-11-21 4.6 Medium
It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.
CVE-2019-10177 1 Redhat 1 Cloudforms Management Engine 2024-11-21 6.5 Medium
A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. An attacker with least privilege to edit compute is able to execute a XSS attack against other users, which could lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users.
CVE-2019-10171 2 Fedoraproject, Redhat 3 389 Directory Server, Enterprise Linux Server Eus, Rhel Eus 2024-11-21 7.5 High
It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service.
CVE-2019-10164 4 Fedoraproject, Opensuse, Postgresql and 1 more 7 Fedora, Leap, Postgresql and 4 more 2024-11-21 8.8 High
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
CVE-2019-10163 2 Opensuse, Powerdns 3 Backports, Leap, Authoritative 2024-11-21 4.3 Medium
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.