Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13959 | 1 Axiosys | 1 Bento4 | 2019-07-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer. This is different from CVE-2018-20186. | |||||
| CVE-2019-1134 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2019-07-19 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | |||||
| CVE-2019-1075 | 1 Microsoft | 1 Asp.net Core | 2019-07-19 | 5.8 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'. | |||||
| CVE-2019-13972 | 1 Layerbb | 1 Layerbb | 2019-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997. | |||||
| CVE-2019-0321 | 1 Sap | 1 Netweaver As Abap | 2019-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-13948 | 1 Syguestbook A5 Project | 1 Syguestbook A5 | 2019-07-19 | 3.5 LOW | 5.4 MEDIUM |
| SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element. | |||||
| CVE-2019-13950 | 1 Syguestbook A5 Project | 1 Syguestbook A5 | 2019-07-19 | 3.5 LOW | 5.4 MEDIUM |
| index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment. | |||||
| CVE-2019-5221 | 1 Huawei | 2 Mate 20 X, Mate 20 X Firmware | 2019-07-18 | 3.3 LOW | 6.5 MEDIUM |
| There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successful exploit could allow the attacker to transport a file to arbitrary path on the phone. Affected products: Mate 20 X versions earlier than Ever-L29B 9.1.0.300(C432E3R1P12), versions earlier than Ever-L29B 9.1.0.300(C636E3R2P1), and versions earlier than Ever-L29B 9.1.0.300(C185E3R3P1). | |||||
| CVE-2016-10763 | 1 Automattic | 1 Camptix Event Ticketing | 2019-07-18 | 3.5 LOW | 4.8 MEDIUM |
| The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body. | |||||
| CVE-2019-10017 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-07-18 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker. | |||||
| CVE-2019-0966 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-07-18 | 5.5 MEDIUM | 6.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. | |||||
| CVE-2019-13493 | 1 Sitecore | 1 Experience Platform | 2019-07-18 | 3.5 LOW | 5.4 MEDIUM |
| In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript. | |||||
| CVE-2019-13448 | 1 Sertek | 1 Xpare | 2019-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could exploit the vulnerable function in order to prepare an XSS payload to send to the product's clients. | |||||
| CVE-2019-1076 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-18 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. | |||||
| CVE-2019-1010307 | 1 Glpi-project | 1 Glpi | 2019-07-18 | 3.5 LOW | 5.4 MEDIUM |
| GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vector is: 1- User Create a ticket , 2- Admin opens another ticket and click on the "Link Tickets" feature, 3- a request to the endpoint fetches js and executes it. | |||||
| CVE-2018-9861 | 2 Ckeditor, Drupal | 2 Enhanced Image, Drupal | 2019-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG element. | |||||
| CVE-2019-1010008 | 1 Openenergymonitor | 1 Emoncms | 2019-07-18 | 3.5 LOW | 5.4 MEDIUM |
| OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting (XSS). The impact is: Theoretically low, but might potentially enable persistent XSS (user could embed mal. code). The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting Page" fields in the "My Account" page. File: Lib/listjs/list.js, line 67. The attack vector is: unknown, victim must open profile page if persistent was possible. | |||||
| CVE-2019-0281 | 1 Sap | 1 Openui5 | 2019-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-13346 | 1 Myt Project | 1 Myt | 2019-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MyT 1.5.1, the User[username] parameter has XSS. | |||||
| CVE-2019-13506 | 1 Nuxtjs | 2 \@nuxt\/devalue, Nuxt.js | 2019-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| @nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandles object keys, leading to XSS. | |||||
| CVE-2016-3059 | 1 Ibm | 2 Tivoli Storage Flashcopy Manager For Sql Server, Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server | 2019-07-18 | 2.1 LOW | 6.2 MEDIUM |
| IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server (aka IBM Spectrum Protect Snapshot) 3.1 before 3.1.1.7 and 3.2 before 3.2.1.9 allow local users to discover a cleartext SQL Server password by reading the Task List in the MMC GUI. | |||||
| CVE-2019-0326 | 1 Sap | 1 Businessobjects Business Intelligence | 2019-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), versions 4.1, 4.2, 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-3415 | 1 Zte | 2 Zxmw Nr8000, Zxmw Nr8000 Firmware | 2019-07-17 | 2.7 LOW | 5.7 MEDIUM |
| ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Due to path traversal,users can download any files. | |||||
| CVE-2019-1116 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2019-07-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101. | |||||
| CVE-2019-13396 | 1 Getflightpath | 1 Flightpath | 2019-07-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in system_handle_form_submit in modules/system/system.module. | |||||
| CVE-2018-14831 | 1 Damicms | 1 Damicms | 2019-07-17 | 4.0 MEDIUM | 4.9 MEDIUM |
| An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI. | |||||
| CVE-2018-11734 | 1 E107 | 1 E107 | 2019-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| In e107 v2.1.7, output without filtering results in XSS. | |||||
| CVE-2017-15123 | 1 Redhat | 1 Cloudforms Management Engine | 2019-07-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines. | |||||
| CVE-2019-13240 | 1 Glpi-project | 1 Glpi | 2019-07-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is possible to change that user's password again during the next 24 hours without any information except the associated email address. | |||||
| CVE-2018-17960 | 1 Ckeditor | 1 Ckeditor | 2019-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. | |||||
| CVE-2019-1091 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-07-17 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Unistore.dll fails to properly handle objects in memory, aka 'Microsoft unistore.dll Information Disclosure Vulnerability'. | |||||
| CVE-2019-1108 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-07-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Client Information Disclosure Vulnerability'. | |||||
| CVE-2019-1112 | 1 Microsoft | 2 Office, Office 365 Proplus | 2019-07-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. | |||||
| CVE-2019-12732 | 1 Chartkick Project | 1 Chartkick | 2019-07-17 | 2.6 LOW | 4.7 MEDIUM |
| The Chartkick gem through 3.1.0 for Ruby allows XSS. | |||||
| CVE-2019-1096 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-07-17 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | |||||
| CVE-2019-13449 | 1 Zoom | 1 Zoom | 2019-07-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a sequence of invalid launch?action=join&confno= requests to localhost port 19421. | |||||
| CVE-2019-1010005 | 1 Hexoeditor Project | 1 Hexoeditor | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| HexoEditor v1.1.8-beta is affected by: XSS to code execution. | |||||
| CVE-2018-19577 | 1 Gitlab | 1 Gitlab | 2019-07-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue. | |||||
| CVE-2019-13122 | 1 Ozlabs | 1 Patchwork | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in the template tag used to render message ids in Patchwork v1.1 through v2.1.x. This allows an attacker to insert JavaScript or HTML into the patch detail page via an email sent to a mailing list consumed by Patchwork. This affects the function msgid in templatetags/patch.py. Patchwork versions v2.1.4 and v2.0.4 will contain the fix. | |||||
| CVE-2019-12923 | 1 Mailenable | 1 Mailenable | 2019-07-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF token parameter from the request. This could allow an attacker to manipulate a user into unwittingly performing actions within the application (such as sending email, adding contacts, or changing settings) on behalf of the attacker. | |||||
| CVE-2019-1097 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-07-16 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1093. | |||||
| CVE-2019-1093 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-07-16 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1097. | |||||
| CVE-2019-0872 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-16 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0979. | |||||
| CVE-2019-0874 | 1 Microsoft | 1 Azure Devops Server | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'. | |||||
| CVE-2019-0868 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871. | |||||
| CVE-2019-0979 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-16 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0872. | |||||
| CVE-2019-0996 | 1 Microsoft | 1 Azure Devops Server | 2019-07-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery, aka 'Azure DevOps Server Spoofing Vulnerability'. | |||||
| CVE-2019-0867 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871. | |||||
| CVE-2019-0866 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871. | |||||
| CVE-2019-0870 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871. | |||||