Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17579 | 1 Sonarsource | 1 Sonarqube | 2019-10-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| SonarSource SonarQube before 7.8 has XSS in project links on account/projects. | |||||
| CVE-2017-14955 | 1 Tribe29 | 1 Checkmk | 2019-10-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report. | |||||
| CVE-2019-16344 | 1 Scadabr | 1 Scadabr | 2019-10-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR/login.htm) in ScadaBR 1.0CE allows a remote attacker to inject arbitrary web script or HTML via the username or password parameter. | |||||
| CVE-2015-1828 | 1 Http.rb Project | 1 Http.rb | 2019-10-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack. | |||||
| CVE-2017-14506 | 1 Geminabox Project | 1 Geminabox | 2019-10-17 | 3.5 LOW | 5.4 MEDIUM |
| geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file. | |||||
| CVE-2019-15902 | 4 Debian, Linux, Netapp and 1 more | 7 Debian Linux, Linux Kernel, Active Iq Performance Analytics Services and 4 more | 2019-10-17 | 4.7 MEDIUM | 5.6 MEDIUM |
| A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped. | |||||
| CVE-2015-9469 | 1 Cybercraftit | 1 Content-grabber | 2019-10-16 | 3.5 LOW | 4.8 MEDIUM |
| The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id. | |||||
| CVE-2016-6800 | 1 Apache | 1 Ofbiz | 2019-10-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not properly sanitized. It is possible to inject arbitrary JavaScript code in these form fields. This code gets executed from the browser of every user who is visiting this article. Mitigation: Upgrade to Apache OFBiz 16.11.01. | |||||
| CVE-2019-16282 | 1 Nchsoftware | 1 Express Invoice | 2019-10-16 | 3.5 LOW | 5.4 MEDIUM |
| In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript. | |||||
| CVE-2019-4572 | 1 Ibm | 1 Filenet Content Manager | 2019-10-16 | 2.1 LOW | 4.4 MEDIUM |
| IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations, could log the web service user credentials into a log file that could be accessed by an administrator on the local machine. IBM X-Force ID: 166798. | |||||
| CVE-2018-1002204 | 1 Adm-zip Project | 1 Adm-zip | 2019-10-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. | |||||
| CVE-2019-17629 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-10-16 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen. | |||||
| CVE-2019-17630 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-10-16 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen. | |||||
| CVE-2019-17176 | 1 Genesys | 1 Eservices Chat | 2019-10-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPanel.jsp or HtmlChatFrameSet.jsp (ActionColor, ClientNickNameColor, Email, email, or email_address parameter). | |||||
| CVE-2019-17497 | 1 Tracker-software | 1 Pdf-xchange Editor | 2019-10-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction. | |||||
| CVE-2018-18065 | 5 Canonical, Debian, Net-snmp and 2 more | 10 Ubuntu Linux, Debian Linux, Net-snmp and 7 more | 2019-10-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | |||||
| CVE-2019-2183 | 1 Google | 1 Android | 2019-10-16 | 2.1 LOW | 5.5 MEDIUM |
| In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-136261465 | |||||
| CVE-2019-14225 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-10-16 | 5.5 MEDIUM | 5.4 MEDIUM |
| OX App Suite 7.10.1 and 7.10.2 allows SSRF. | |||||
| CVE-2019-14227 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-10-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite 7.10.1 and 7.10.2 allows XSS. | |||||
| CVE-2019-17535 | 1 Gilacms | 1 Gila Cms | 2019-10-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647. | |||||
| CVE-2019-17369 | 1 Otcms | 1 Otcms | 2019-10-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin. | |||||
| CVE-2019-17504 | 1 Kirona | 1 Dynamic Resource Scheduling | 2019-10-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. A reflected Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter. | |||||
| CVE-2019-1334 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-15 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1345. | |||||
| CVE-2019-1337 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-10-15 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory, aka 'Windows Update Client Information Disclosure Vulnerability'. | |||||
| CVE-2019-1356 | 1 Microsoft | 4 Edge, Windows 10, Windows Server 2016 and 1 more | 2019-10-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based on Edge HTML Information Disclosure Vulnerability'. | |||||
| CVE-2010-5339 | 1 Icewarp | 1 Webclient | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0. | |||||
| CVE-2010-5337 | 1 Icewarp | 1 Webclient | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0. | |||||
| CVE-2010-5338 | 1 Icewarp | 1 Webclient | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0. | |||||
| CVE-2010-5340 | 1 Icewarp | 1 Webclient | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0. | |||||
| CVE-2010-5336 | 1 Icewarp | 1 Webclient | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0. | |||||
| CVE-2015-9472 | 1 Monitorbacklinks | 1 Incoming Links | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header. | |||||
| CVE-2019-17496 | 1 Craftcms | 1 Craft Cms | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion. | |||||
| CVE-2018-9062 | 1 Lenovo | 97 20hm, 20hn, 20hq and 94 more | 2019-10-15 | 7.2 HIGH | 6.8 MEDIUM |
| In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code. | |||||
| CVE-2019-3652 | 2 Mcafee, Microsoft | 2 Endpoint Security, Windows | 2019-10-15 | 4.6 MEDIUM | 5.3 MEDIUM |
| Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer. | |||||
| CVE-2019-17494 | 1 Laravel-bjyblog Project | 1 Laravel-bjyblog | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| laravel-bjyblog 6.1.1 has XSS via a crafted URL. | |||||
| CVE-2015-9478 | 1 No-margin-for-error | 1 Prettyphoto | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS. | |||||
| CVE-2019-0381 | 1 Sap | 3 Dynamic Tier, Sap Iq, Sql Anywhere | 2019-10-15 | 2.1 LOW | 5.5 MEDIUM |
| A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user. | |||||
| CVE-2019-17108 | 1 Centreon | 1 Centreon Web | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. | |||||
| CVE-2019-17105 | 1 Centreon | 1 Centreon Web | 2019-10-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| The token generator in index.php in Centreon Web before 2.8.27 is predictable. | |||||
| CVE-2019-17488 | 1 B3log | 1 Symphony | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header. | |||||
| CVE-2019-1375 | 1 Microsoft | 1 Dynamics 365 | 2019-10-15 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. | |||||
| CVE-2018-16551 | 1 Lavalite | 1 Lavalite | 2019-10-15 | 3.5 LOW | 5.4 MEDIUM |
| LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit. | |||||
| CVE-2016-10894 | 2 Debian, Xtrlock Project | 2 Debian Linux, Xtrlock | 2019-10-15 | 2.1 LOW | 4.6 MEDIUM |
| xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger). | |||||
| CVE-2019-17092 | 1 Openproject | 1 Openproject | 2019-10-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled. | |||||
| CVE-2016-10873 | 1 Wpseeds | 1 Wp Database Backup | 2019-10-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-database-backup plugin before 4.3.3 for WordPress has XSS. | |||||
| CVE-2018-7866 | 2 Debian, Libming | 2 Debian Linux, Libming | 2019-10-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |||||
| CVE-2018-9132 | 2 Debian, Libming | 2 Debian Linux, Libming | 2019-10-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | |||||
| CVE-2018-7876 | 2 Debian, Libming | 2 Debian Linux, Libming | 2019-10-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file. | |||||
| CVE-2019-1070 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2019-10-11 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | |||||
| CVE-2019-1357 | 1 Microsoft | 9 Edge, Internet Explorer, Windows 10 and 6 more | 2019-10-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608. | |||||