Search Results (83096 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-1020008 1 Stacktable.js Project 1 Stacktable.js 2024-11-21 N/A
stacktable.js before 1.0.4 allows XSS.
CVE-2019-1020007 1 Owasp 1 Dependency-track 2024-11-21 N/A
Dependency-Track before 3.5.1 allows XSS.
CVE-2019-1020006 1 Inveniosoftware 1 Invenio-app 2024-11-21 N/A
invenio-app before 1.1.1 allows host header injection.
CVE-2019-1020005 1 Inveniosoftware 1 Invenio-communities 2024-11-21 N/A
invenio-communities before 1.0.0a20 allows XSS.
CVE-2019-1020004 1 Tridactyl Project 1 Tridactyl 2024-11-21 N/A
Tridactyl before 1.16.0 allows fake key events.
CVE-2019-1020003 1 Inveniosoftware 1 Invenio-records 2024-11-21 N/A
invenio-records before 1.2.2 allows XSS.
CVE-2019-1010314 1 Gitea 1 Gitea 2024-11-21 N/A
Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page.
CVE-2019-1010310 1 Glpi-project 1 Glpi 2024-11-21 N/A
GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools > Reminder > Description .. Set the description to any iframe/form tags and apply. The attack vector is: The attacker puts a login form, the user fills it and clicks on submit .. the request is sent to the attacker domain saving the data. The fixed version is: 9.4.1.
CVE-2019-1010307 1 Glpi-project 1 Glpi 2024-11-21 N/A
GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vector is: 1- User Create a ticket , 2- Admin opens another ticket and click on the "Link Tickets" feature, 3- a request to the endpoint fetches js and executes it.
CVE-2019-1010301 3 Debian, Fedoraproject, Jhead Project 3 Debian Linux, Fedora, Jhead 2024-11-21 5.5 Medium
jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.
CVE-2019-1010287 1 Timesheet Next Gen Project 1 Timesheet Next Gen 2024-11-21 N/A
Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url.
CVE-2019-1010266 2 Lodash, Redhat 2 Lodash, Quay 2024-11-21 6.5 Medium
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.
CVE-2019-1010261 1 Gitea 1 Gitea 2024-11-21 N/A
Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically crafted URL. The fixed version is: 1.7.1 and later.
CVE-2019-1010258 1 Nanosvg Project 1 Nanosvg 2024-11-21 N/A
nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is: it's part of a svg processing library. function nsvg__parseColorRGB in src/nanosvg.h / line 1227. The attack vector is: It depends library usage. If input is passed from the network, then network connectivity is enough. Most likely an attack will require opening a specially crafted .svg file.
CVE-2019-1010247 1 Openidc 1 Mod Auth Openidc 2024-11-21 N/A
ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/mod_auth_openidc.c, Line: 3109. The fixed version is: 2.3.10.2.
CVE-2019-1010245 1 Linuxfoundation 1 Open Network Operating System 2024-11-21 N/A
The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attacker can execute arbitrary commands on the controller. The component is: apps/yang/src/main/java/org/onosproject/yang/impl/YangLiveCompilerManager.java. The attack vector is: network connectivity. The fixed version is: 1.15.
CVE-2019-1010238 6 Canonical, Debian, Fedoraproject and 3 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2024-11-21 9.8 Critical
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
CVE-2019-1010237 1 Ilias 1 Ilias 2024-11-21 N/A
Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections view (victim). The fixed version is: 5.3.12.
CVE-2019-1010235 1 Frog Cms Project 1 Frog Cms 2024-11-21 N/A
Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets.
CVE-2019-1010232 1 Juniper 1 Libslax 2024-11-21 N/A
Juniper juniper/libslax libslax latest version (as of commit 084ddf6ab4a55b59dfa9a53f9c5f14d192c4f8e5 Commits on Sep 1, 2018) is affected by: Buffer Overflow. The impact is: remote dos. The component is: slaxlexer.c:601(funtion:slaxGetInput). The attack vector is: ./slaxproc --slax-to-xslt POC0.