Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16393 | 1 Opensc Project | 1 Opensc | 2019-08-06 | 4.6 MEDIUM | 6.8 MEDIUM |
| Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-8976 | 1 Exiv2 | 1 Exiv2 | 2019-08-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file. | |||||
| CVE-2018-19149 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2019-08-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. | |||||
| CVE-2017-15111 | 1 Keycloak-httpd-client-install Project | 1 Keycloak-httpd-client-install | 2019-08-06 | 3.6 LOW | 5.5 MEDIUM |
| keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link. | |||||
| CVE-2019-7869 | 1 Magento | 1 Magento | 2019-08-06 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage customer groups. | |||||
| CVE-2013-7474 | 1 Windu | 1 Windu Cms | 2019-08-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users. | |||||
| CVE-2019-12984 | 1 Linux | 1 Linux Kernel | 2019-08-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of service. | |||||
| CVE-2016-10854 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87). | |||||
| CVE-2016-10851 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84). | |||||
| CVE-2018-20900 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399). | |||||
| CVE-2016-10818 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124). | |||||
| CVE-2016-10815 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120). | |||||
| CVE-2016-10819 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125). | |||||
| CVE-2016-10821 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75). | |||||
| CVE-2017-18440 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244). | |||||
| CVE-2017-18453 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 4.0 MEDIUM | 4.9 MEDIUM |
| cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260). | |||||
| CVE-2017-18451 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade (SEC-257). | |||||
| CVE-2019-13387 | 1 Centos-webpanel | 1 Centos Web Panel | 2019-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows attackers to steal a cookie or session, or redirect to a phishing website. | |||||
| CVE-2019-14653 | 1 Ipandao | 1 Editor.md | 2019-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element. | |||||
| CVE-2019-14517 | 1 Editor.md Project | 1 Editor.md | 2019-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| pandao Editor.md 1.5.0 allows XSS via the Javascript: string. | |||||
| CVE-2019-12475 | 1 Microstrategy | 1 Microstrategy Web | 2019-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation. | |||||
| CVE-2019-14472 | 1 Zurmo | 1 Zurmo | 2019-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. | |||||
| CVE-2019-11199 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2019-08-05 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exploited by low privileged users to target administrators. The viewimage.php page did not perform any contextual output encoding and would display the content within the uploaded file with a user-requested MIME type. | |||||
| CVE-2019-2330 | 1 Qualcomm | 76 Ipq4019, Ipq4019 Firmware, Ipq8064 and 73 more | 2019-08-05 | 4.9 MEDIUM | 5.5 MEDIUM |
| improper input validation in allocation request for secure allocations can lead to page fault. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 | |||||
| CVE-2017-18417 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263). | |||||
| CVE-2017-18418 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265). | |||||
| CVE-2017-18419 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266). | |||||
| CVE-2019-14249 | 1 Libdwarf Project | 1 Libdwarf | 2019-08-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump. | |||||
| CVE-2017-18420 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269). | |||||
| CVE-2018-17211 | 1 Printeron | 1 Central Print Services | 2019-08-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. An unauthenticated attacker can view details about the printers associated with CPS via a crafted HTTP GET request. | |||||
| CVE-2018-18570 | 1 Planonsoftware | 1 Planon | 2019-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Planon before Live Build 41 has XSS. | |||||
| CVE-2019-1010202 | 1 Jeesite | 1 Jeesite | 2019-08-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jeesite 1.2.7 is affected by: XML External Entity (XXE). The impact is: sensitive information disclosure. The component is: convertToModel() function in src/main/java/com.thinkgem.jeesite/modules/act/service/ActProcessService.java. The attack vector is: network connectivity,authenticated,must upload a specially crafted xml file. The fixed version is: 4.0 and later. | |||||
| CVE-2019-1010147 | 2 Bmc, Yellowfinbi | 2 Remedy Smart Reporting, Yellowfin Bi | 2019-08-05 | 3.5 LOW | 5.4 MEDIUM |
| Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. The fixed version is: 7.4 and later. | |||||
| CVE-2019-12453 | 1 Microstrategy | 1 Microstrategy Web | 2019-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation. | |||||
| CVE-2019-12345 | 1 Kibokolabs | 1 Hostel | 2019-08-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress. | |||||
| CVE-2018-10372 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-08-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf. | |||||
| CVE-2018-19932 | 2 Gnu, Netapp | 3 Binutils, Cluster Data Ontap, Vasa Provider | 2019-08-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. | |||||
| CVE-2018-10373 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-08-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new. | |||||
| CVE-2018-10535 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-08-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy. | |||||
| CVE-2018-10534 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-08-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. | |||||
| CVE-2018-20651 | 1 Gnu | 1 Binutils | 2019-08-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld. | |||||
| CVE-2019-3958 | 1 Wallaceit | 1 Wallacepos | 2019-08-02 | 3.5 LOW | 5.4 MEDIUM |
| Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks via a crafted sales transaction. | |||||
| CVE-2019-14471 | 1 Testlink | 1 Testlink | 2019-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| TestLink 1.9.19 has XSS via the error.php message parameter. | |||||
| CVE-2019-14268 | 1 Octopus | 1 Octopus Deploy | 2019-08-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user (in certain limited circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.3. The fix was back-ported to LTS 2019.6.5 as well as LTS 2019.3.7. | |||||
| CVE-2018-10950 | 1 Synacor | 1 Zimbra Collaboration Suite | 2019-08-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump. | |||||
| CVE-2017-16807 | 1 Getkirby | 1 Panel | 2019-08-02 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file. | |||||
| CVE-2019-1010004 | 1 Sound Exchange Project | 1 Sound Exchange | 2019-08-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189. | |||||
| CVE-2019-5926 | 1 Kinagacms Project | 1 Kinagacms | 2019-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-20883 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 74.0.8 allows FTP access during account suspension (SEC-449). | |||||
| CVE-2018-20901 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400). | |||||