Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20865 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459). | |||||
| CVE-2018-20073 | 1 Google | 1 Chrome | 2019-07-30 | 2.1 LOW | 5.5 MEDIUM |
| Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem. | |||||
| CVE-2019-14387 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). | |||||
| CVE-2019-14386 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). | |||||
| CVE-2019-14390 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). | |||||
| CVE-2019-14329 | 1 Espocrm | 1 Espocrm | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code. | |||||
| CVE-2019-14330 | 1 Espocrm | 1 Espocrm | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create Case. A malicious attacker can modify the firstName and lastName to contain JavaScript code. | |||||
| CVE-2019-14331 | 1 Espocrm | 1 Espocrm | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create User. A malicious attacker can modify the firstName and lastName to contain JavaScript code. | |||||
| CVE-2019-14349 | 1 Espocrm | 1 Espocrm | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. An attacker can upload a crafted file that contains JavaScript code in its name. This code will be executed when a user opens a page of any profile with this. | |||||
| CVE-2019-14350 | 1 Espocrm | 1 Espocrm | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/KnowledgeBaseArticle knowledge-base record creation. | |||||
| CVE-2019-13648 | 1 Linux | 1 Linux Kernel | 2019-07-30 | 4.9 MEDIUM | 5.5 MEDIUM |
| In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c. | |||||
| CVE-2019-12970 | 1 Squirrelmail | 1 Squirrelmail | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element. | |||||
| CVE-2019-12865 | 1 Radare | 1 Radare2 | 2019-07-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command. | |||||
| CVE-2019-14370 | 1 Exiv2 | 1 Exiv2 | 2019-07-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial of service. | |||||
| CVE-2019-14298 | 1 Veeam | 1 One Reporter | 2019-07-29 | 3.5 LOW | 5.4 MEDIUM |
| Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx. | |||||
| CVE-2019-14297 | 1 Veeam | 1 One Reporter | 2019-07-29 | 3.5 LOW | 5.4 MEDIUM |
| Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx. | |||||
| CVE-2019-1010207 | 1 Genetechsolutions | 1 Pie Register | 2019-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting (XSS). The impact is: Stealing of session cookies. The component is: File: Login. Parameters: interim-login, wp-lang, and supplied URL. The attack vector is: If a victim clicks a malicious link, the attacker can steal his/her account. The fixed version is: 3.0.16. | |||||
| CVE-2016-1358 | 1 Cisco | 1 Prime Infrastructure | 2019-07-29 | 5.5 MEDIUM | 6.4 MEDIUM |
| Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuw81497. | |||||
| CVE-2017-3848 | 1 Cisco | 1 Prime Infrastructure | 2019-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCuw63001 CSCuw63003. Known Affected Releases: 2.2(2). Known Fixed Releases: 3.1(0.0). | |||||
| CVE-2017-6699 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2019-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B). | |||||
| CVE-2017-3884 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2019-07-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D). | |||||
| CVE-2019-11715 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2019-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
| CVE-2019-14292 | 1 Glyphandcog | 1 Xpdfreader | 2019-07-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1. | |||||
| CVE-2019-14293 | 1 Glyphandcog | 1 Xpdfreader | 2019-07-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2. | |||||
| CVE-2019-14291 | 1 Glyphandcog | 1 Xpdfreader | 2019-07-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3. | |||||
| CVE-2019-14290 | 1 Glyphandcog | 1 Xpdfreader | 2019-07-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2. | |||||
| CVE-2019-14289 | 1 Glyphandcog | 1 Xpdfreader | 2019-07-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case. | |||||
| CVE-2019-11697 | 1 Mozilla | 1 Firefox | 2019-07-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. This vulnerability affects Firefox < 67. | |||||
| CVE-2019-7954 | 1 Adobe | 1 Experience Manager | 2019-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager version 6.4 and ealier have a Stored Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user. | |||||
| CVE-2019-1010252 | 1 Linuxfoundation | 1 Open Network Operating System | 2019-07-29 | 5.5 MEDIUM | 4.9 MEDIUM |
| The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is: network management and connectivity. | |||||
| CVE-2019-9230 | 1 Audiocodes | 8 Mediant 500-mbsr, Mediant 500-mbsr Firmware, Mediant 500l-msbr and 5 more | 2019-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | |||||
| CVE-2019-11698 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2019-07-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. | |||||
| CVE-2019-13228 | 1 Deepin | 1 Deepin-clone | 2019-07-28 | 6.6 MEDIUM | 4.7 MEDIUM |
| deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. By winning a race condition to replace the /tmp/repo.iso symlink by an attacker controlled ISO file, further privilege escalation may be possible. | |||||
| CVE-2019-13227 | 1 Deepin | 1 Deepin-clone | 2019-07-28 | 6.6 MEDIUM | 5.5 MEDIUM |
| In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. | |||||
| CVE-2018-1042 | 1 Moodle | 1 Moodle | 2019-07-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| Moodle 3.x has Server Side Request Forgery in the filepicker. | |||||
| CVE-2019-13977 | 1 Ovidentia | 1 Ovidentia | 2019-07-27 | 3.5 LOW | 5.4 MEDIUM |
| index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=. | |||||
| CVE-2019-1010193 | 1 Hisiphp | 1 Hisiphp | 2019-07-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| hisiphp 1.0.8 is affected by: Cross Site Scripting (XSS). | |||||
| CVE-2019-11701 | 1 Mozilla | 1 Firefox | 2019-07-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed. *Note: this issue only affects users with an account on the vulnerable service. Other users are unaffected.*. This vulnerability affects Firefox < 67. | |||||
| CVE-2019-2236 | 1 Qualcomm | 76 Ipq8074, Ipq8074 Firmware, Mdm9206 and 73 more | 2019-07-26 | 2.1 LOW | 5.5 MEDIUM |
| Null pointer dereference during secure application termination using specific application ids. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2019-2237 | 1 Qualcomm | 34 Mdm9206, Mdm9206 Firmware, Mdm9607 and 31 more | 2019-07-26 | 2.1 LOW | 5.5 MEDIUM |
| Failure in taking appropriate action to handle the error case If keypad gpio deactivation fails leads to silent failure scenario and subsequent logic gets executed everytime in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 8CX, SXR1130 | |||||
| CVE-2019-9817 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2019-07-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. | |||||
| CVE-2015-7666 | 1 Codepeople | 1 Payment Form For Paypal Pro | 2019-07-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter. | |||||
| CVE-2019-8286 | 1 Kaspersky | 5 Anti-virus, Free Anti-virus, Internet Security and 2 more | 2019-07-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6 | |||||
| CVE-2019-14247 | 1 Mpg321 Project | 1 Mpg321 | 2019-07-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| The scan() function in mad.c in mpg321 0.3.2 allows remote attackers to trigger an out-of-bounds write via a zero bitrate in an MP3 file. | |||||
| CVE-2019-3591 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2019-07-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extension in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted upload to a remote website which is correctly blocked by DLPe Web Protection. This would then render as an XSS when the DLP Admin viewed the event in the ePO UI. | |||||
| CVE-2019-13631 | 1 Linux | 1 Linux Kernel | 2019-07-26 | 4.6 MEDIUM | 6.8 MEDIUM |
| In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages. | |||||
| CVE-2018-18095 | 1 Intel | 4 Ssd Dc S4500, Ssd Dc S4500 Firmware, Ssd Dc S4600 and 1 more | 2019-07-26 | 4.6 MEDIUM | 6.8 MEDIUM |
| Improper authentication in firmware for Intel(R) SSD DC S4500 Series and Intel(R) SSD DC S4600 Series before SCV10150 may allow an unprivileged user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2019-1010113 | 1 Premiumsoftware | 1 Cleditor | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting (XSS). The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a link (A) element. | |||||
| CVE-2019-1010199 | 1 Servicestack | 1 Servicestack | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting (XSS). The impact is: JavaScrpit is reflected in the server response, hence executed by the browser. The component is: the query used in the GET request is prone. The attack vector is: Since there is no server-side validation and If Browser encoding is bypassed, the victim is affected when opening a crafted URL. The fixed version is: 5.2.0. | |||||
| CVE-2018-18671 | 1 Gnuboard | 1 Gnuboard5 | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board head contents" parameter, aka the adm/board_form_update.php bo_mobile_content_head parameter. | |||||