Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17331 | 1 Tibco | 1 Ebx Add-ons | 2019-11-15 | 3.5 LOW | 5.4 MEDIUM |
| The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, version 4.1.0. | |||||
| CVE-2010-3095 | 1 Mailscanner | 1 Mailscanner | 2019-11-15 | 3.3 LOW | 4.7 MEDIUM |
| mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313. | |||||
| CVE-2019-17332 | 1 Tibco | 1 Ebx Add-ons | 2019-11-15 | 4.3 MEDIUM | 5.4 MEDIUM |
| The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, versions 4.1.0, 4.2.0, 4.2.1, and 4.2.2. | |||||
| CVE-2010-3292 | 1 Mailscanner | 1 Mailscanner | 2019-11-15 | 2.1 LOW | 5.5 MEDIUM |
| The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing. | |||||
| CVE-2010-3299 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2019-11-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. | |||||
| CVE-2019-15005 | 1 Atlassian | 8 Bamboo, Bitbucket, Confluence and 5 more | 2019-11-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2. | |||||
| CVE-2019-18793 | 1 Parallels | 1 Parallels Plesk Panel | 2019-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the "fileName" parameter. | |||||
| CVE-2019-18649 | 1 Untangle | 1 Ng Firewall | 2019-11-14 | 3.5 LOW | 4.8 MEDIUM |
| When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS. | |||||
| CVE-2019-18648 | 1 Untangle | 1 Ng Firewall | 2019-11-14 | 3.5 LOW | 4.8 MEDIUM |
| When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields. | |||||
| CVE-2010-3439 | 3 Cor-entertainment, Debian, Fedoraproject | 3 Alien-arena, Debian Linux, Fedora | 2019-11-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command. | |||||
| CVE-2019-18883 | 1 Lavalite | 1 Lavalite | 2019-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. | |||||
| CVE-2011-2334 | 1 Google | 1 Blink | 2019-11-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| Use after free vulnerability exists in WebKit in Google Chrome before Blink M12 in RenderLayerwhen removing elements with reflections. | |||||
| CVE-2019-18926 | 1 Systematicinc | 1 Iris Standards Management | 2019-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting (XSS). A user input (related to dialog information) is reflected directly in the web page, allowing a malicious user to conduct a Cross Site Scripting attack against users of the application. | |||||
| CVE-2010-3857 | 1 Redhat | 1 Jboss Business Rules Management System | 2019-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter. | |||||
| CVE-2012-4384 | 2 Debian, Trilexnet | 2 Debian Linux, Letodms | 2019-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar | |||||
| CVE-2011-1802 | 1 Google | 1 Blink | 2019-11-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption). | |||||
| CVE-2019-17430 | 1 Eyoucms | 1 Eyoucms | 2019-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter. | |||||
| CVE-2014-3592 | 1 Redhat | 1 Openshift Origin | 2019-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenShift Origin: Improperly validated team names could allow stored XSS attacks | |||||
| CVE-2014-3655 | 1 Redhat | 2 Jboss Enterprise Web Server, Keycloak | 2019-11-14 | 4.3 MEDIUM | 4.3 MEDIUM |
| JBoss KeyCloak is vulnerable to soft token deletion via CSRF | |||||
| CVE-2019-1381 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-11-14 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations, aka 'Microsoft Windows Information Disclosure Vulnerability'. | |||||
| CVE-2010-3440 | 2 Babiloo Project, Debian | 2 Babiloo, Debian Linux | 2019-11-14 | 3.3 LOW | 5.5 MEDIUM |
| babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files. | |||||
| CVE-2019-1402 | 1 Microsoft | 2 Office, Office 365 | 2019-11-14 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Information Disclosure Vulnerability'. | |||||
| CVE-2019-18424 | 1 Xen | 1 Xen | 2019-11-14 | 6.9 MEDIUM | 6.8 MEDIUM |
| An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable. | |||||
| CVE-2011-5271 | 1 Clusterlabs | 1 Pacemaker | 2019-11-14 | 3.3 LOW | 5.5 MEDIUM |
| Pacemaker before 1.1.6 configure script creates temporary files insecurely | |||||
| CVE-2013-1820 | 2 Fedoraproject, Redhat | 2 Fedora, Tuned | 2019-11-14 | 4.7 MEDIUM | 5.5 MEDIUM |
| tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service. | |||||
| CVE-2018-18819 | 1 Mitel | 2 Micollab, Mivoice Business Express | 2019-11-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. A successful exploit could allow execution of arbitrary commands. | |||||
| CVE-2008-5083 | 1 Redhat | 1 Jboss Operations Network | 2019-11-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON. | |||||
| CVE-2013-1429 | 2 Canonical, Debian | 3 Ubuntu Linux, Debian Linux, Lintian | 2019-11-14 | 4.3 MEDIUM | 6.3 MEDIUM |
| Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks. | |||||
| CVE-2014-3599 | 1 Redhat | 1 Hornetq | 2019-11-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy | |||||
| CVE-2016-10006 | 1 Antisamy Project | 1 Antisamy | 2019-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS. | |||||
| CVE-2019-1369 | 1 Microsoft | 1 Open Enclave Software Development Kit | 2019-11-13 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'. | |||||
| CVE-2019-1370 | 1 Microsoft | 1 Open Enclave Software Development Kit | 2019-11-13 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'. | |||||
| CVE-2019-1324 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-11-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'. | |||||
| CVE-2019-1374 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-11-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. | |||||
| CVE-2019-1446 | 1 Microsoft | 7 Excel, Excel Services, Office and 4 more | 2019-11-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. | |||||
| CVE-2019-13557 | 1 Philips | 2 Tasy Emr, Tasy Webportal | 2019-11-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information. | |||||
| CVE-2011-2935 | 1 Elgg | 1 Elgg | 2019-11-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Elgg through 1.7.10 has XSS | |||||
| CVE-2019-1399 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-11-13 | 5.5 MEDIUM | 6.2 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309, CVE-2019-1310. | |||||
| CVE-2019-0712 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-11-13 | 6.8 MEDIUM | 6.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1309, CVE-2019-1310, CVE-2019-1399. | |||||
| CVE-2019-1310 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-11-13 | 6.8 MEDIUM | 6.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309, CVE-2019-1399. | |||||
| CVE-2019-1309 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-11-13 | 6.8 MEDIUM | 6.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1310, CVE-2019-1399. | |||||
| CVE-2018-19664 | 1 Libjpeg-turbo | 1 Libjpeg-turbo | 2019-11-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg. | |||||
| CVE-2011-2336 | 1 Google | 1 Blink | 2019-11-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue exists in WebKit in Google Chrome before Blink M12. when clearing lists in AnimationControllerPrivate that signal when a hardware animation starts. | |||||
| CVE-2011-2807 | 1 Google | 1 Blink | 2019-11-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of timer information in Timer.cpp in WebKit in Google Chrome before Blink M13. | |||||
| CVE-2011-2353 | 1 Google | 1 Blink | 2019-11-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Use after free vulnerability in documentloader in WebKit in Google Chrome before Blink M13 in DocumentWriter::replaceDocument function. | |||||
| CVE-2011-2808 | 1 Google | 1 Blink | 2019-11-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a child of a keygen with autofocus is accessed. | |||||
| CVE-2019-1439 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-11-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | |||||
| CVE-2019-1436 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-11-13 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1440. | |||||
| CVE-2018-9552 | 1 Google | 1 Android | 2019-11-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-113260892. | |||||
| CVE-2018-9566 | 1 Google | 1 Android | 2019-11-13 | 2.9 LOW | 5.7 MEDIUM |
| In process_service_search_rsp of sdp_discovery.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure when connecting to a malicious Bluetooth device with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-74249842. | |||||