Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1440 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-11-13 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1436. | |||||
| CVE-2010-2472 | 1 Drupal | 1 Drupal | 2019-11-13 | 3.5 LOW | 4.8 MEDIUM |
| Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission. | |||||
| CVE-2011-1459 | 1 Google | 1 Blink | 2019-11-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| The WebKit::WebPluginContainerImpl::handleEvent function in Google Chrome before Blink M11 allows an attacker to cause a denial of service (crash) via the htmlpluginelement.cpp plugin. | |||||
| CVE-2005-2351 | 2 Debian, Mutt | 2 Debian Linux, Mutt | 2019-11-13 | 2.1 LOW | 5.5 MEDIUM |
| Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. | |||||
| CVE-2010-2473 | 1 Drupal | 1 Drupal | 2019-11-13 | 3.5 LOW | 6.5 MEDIUM |
| Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked. | |||||
| CVE-2009-5046 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2019-11-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. | |||||
| CVE-2019-18924 | 1 Systematic | 1 Iris Webforms | 2019-11-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ (and variations), it is possible to list all the directories and check if a particular file exists. | |||||
| CVE-2013-1425 | 2 Debian, Ldap Git Backup Project | 2 Debian Linux, Ldap Git Backup | 2019-11-12 | 2.1 LOW | 5.5 MEDIUM |
| ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions. | |||||
| CVE-2009-2802 | 1 Mantisbt | 1 Mantisbt | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks. | |||||
| CVE-2011-3370 | 1 Status | 1 Statusnet | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| statusnet before 0.9.9 has XSS | |||||
| CVE-2019-7275 | 1 Optergy | 2 Enterprise, Proton | 2019-11-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| Optergy Proton/Enterprise devices allow Open Redirect. | |||||
| CVE-2009-5004 | 1 Apache | 1 Qpid-cpp | 2019-11-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use . | |||||
| CVE-2019-17236 | 1 Getigniteup | 1 Igniteup | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS. | |||||
| CVE-2019-18881 | 1 Wso2 | 1 Identity Server | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile. | |||||
| CVE-2019-18882 | 1 Wso2 | 1 Identity Server | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled. | |||||
| CVE-2013-5123 | 5 Debian, Fedoraproject, Pypa and 2 more | 6 Debian Linux, Fedora, Pip and 3 more | 2019-11-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | |||||
| CVE-2013-1426 | 1 Mahara | 1 Mahara | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6.4 allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor. | |||||
| CVE-2019-7255 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Linear eMerge E3-Series devices allow XSS. | |||||
| CVE-2019-4509 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2019-11-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430. | |||||
| CVE-2019-4470 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2019-11-12 | 3.5 LOW | 5.4 MEDIUM |
| IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163779. | |||||
| CVE-2019-4454 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2019-11-12 | 3.5 LOW | 5.4 MEDIUM |
| IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163618. | |||||
| CVE-2019-4450 | 1 Ibm | 1 I | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163492. | |||||
| CVE-2019-4412 | 1 Ibm | 1 Cognos Controller | 2019-11-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659. | |||||
| CVE-2018-12650 | 1 Myadrenalin | 1 Human Resource Management Software | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'. | |||||
| CVE-2018-12234 | 1 Myadrenalin | 1 Adrenalin | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the flexiportal/GeneralInfo.aspx strAction parameter. | |||||
| CVE-2019-4581 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167239. | |||||
| CVE-2019-4645 | 1 Ibm | 1 Cognos Analytics | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881. | |||||
| CVE-2019-17222 | 1 Intelbras | 2 Wrn 150, Wrn 150 Firmware | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is stored XSS in the Service Name tab of the WAN configuration screen, leading to a denial of service (inability to change the configuration). | |||||
| CVE-2019-5693 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2019-11-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) in which the program accesses or uses a pointer that has not been initialized, which may lead to denial of service. | |||||
| CVE-2007-3732 | 1 Linux | 1 Linux Kernel | 2019-11-12 | 1.9 LOW | 5.5 MEDIUM |
| In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without ensuring that the segments are set properly. The kernel's %fs needs to be restored before the call in TRACE_IRQS_ON and before enabling interrupts, so that "current" references work. Without this, "current" used in the window between iret_exc and the middle of error_code where %fs is reset, would crash. | |||||
| CVE-2018-19777 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2019-11-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. | |||||
| CVE-2019-2993 | 1 Oracle | 1 Mysql | 2019-11-11 | 3.5 LOW | 5.3 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-2914 | 1 Oracle | 1 Mysql | 2019-11-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-2968 | 1 Oracle | 1 Mysql | 2019-11-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-2967 | 1 Oracle | 1 Mysql | 2019-11-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-2966 | 1 Oracle | 1 Mysql | 2019-11-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-2963 | 1 Oracle | 1 Mysql | 2019-11-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-2960 | 1 Oracle | 1 Mysql | 2019-11-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-2946 | 1 Oracle | 1 Mysql | 2019-11-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-2957 | 1 Oracle | 1 Mysql | 2019-11-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-3011 | 1 Oracle | 1 Mysql | 2019-11-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-3009 | 1 Oracle | 1 Mysql | 2019-11-11 | 4.0 MEDIUM | 4.4 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-3004 | 1 Oracle | 1 Mysql | 2019-11-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-2998 | 1 Oracle | 1 Mysql | 2019-11-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-2997 | 1 Oracle | 1 Mysql | 2019-11-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-2991 | 1 Oracle | 1 Mysql | 2019-11-11 | 5.5 MEDIUM | 5.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.017 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | |||||
| CVE-2019-2982 | 1 Oracle | 1 Mysql | 2019-11-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-12386 | 1 Ampache | 1 Ampache | 2019-11-11 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known by the attacker. | |||||
| CVE-2010-2449 | 1 Gource | 1 Gource | 2019-11-09 | 5.5 MEDIUM | 6.5 MEDIUM |
| Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack. | |||||
| CVE-2014-8181 | 1 Redhat | 2 Enterprise Linux, Enterprise Mrg | 2019-11-09 | 2.1 LOW | 5.5 MEDIUM |
| The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace. | |||||