Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10326 | 1 Jenkins | 1 Warnings Next Generation | 2019-06-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future builds. | |||||
| CVE-2019-10325 | 1 Jenkins | 1 Warnings Next Generation | 2019-06-03 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages. | |||||
| CVE-2019-10324 | 1 Jfrog | 1 Artifactory | 2019-06-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed attackers to schedule a release build, perform release staging for Gradle and Maven projects, and promote previously staged builds, respectively. | |||||
| CVE-2019-10045 | 1 Pydio | 1 Pydio | 2019-06-03 | 6.4 MEDIUM | 6.5 MEDIUM |
| The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session cookie value in the response body, enabling scripts to get access to its value. This identifier can be reused by an attacker to impersonate a user and perform actions on behalf of him/her (if the session is still active). | |||||
| CVE-2019-12566 | 1 Veronalabs | 1 Wp Statistics | 2019-06-03 | 3.5 LOW | 5.4 MEDIUM |
| The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user. | |||||
| CVE-2019-12495 | 1 Tinycc | 1 Tinycc | 2019-06-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to a one-byte out-of-bounds write in the gsym_addr function in x86_64-gen.c. This occurs because tccasm.c mishandles section switches. | |||||
| CVE-2019-4264 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2019-06-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sensitive information by spoofing a trusted entity using man in the middle techniques due to not validating or incorrectly validating a certificate. IBM X-Force ID: 160072. | |||||
| CVE-2019-4137 | 1 Ibm | 1 Spectrum Control | 2019-06-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158333. | |||||
| CVE-2017-9434 | 1 Cryptopp | 1 Crypto\+\+ | 2019-06-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter. | |||||
| CVE-2016-1494 | 3 Fedoraproject, Opensuse, Python | 4 Fedora, Leap, Opensuse and 1 more | 2019-05-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack. | |||||
| CVE-2019-12507 | 1 Phprelativepath Project | 1 Phprelativepath | 2019-05-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability exists in PHPRelativePath (aka Relative Path) through 1.0.2 via the RelativePath.Example1.php path parameter. | |||||
| CVE-2015-7609 | 1 Synacor | 1 Zimbra Collaboration Suite | 2019-05-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra. | |||||
| CVE-2019-4184 | 1 Ibm | 1 Jazz Reporting Service | 2019-05-31 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158974. | |||||
| CVE-2018-18849 | 4 Canonical, Fedoraproject, Opensuse and 1 more | 4 Ubuntu Linux, Fedora, Leap and 1 more | 2019-05-31 | 2.1 LOW | 5.5 MEDIUM |
| In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value. | |||||
| CVE-2019-3812 | 4 Canonical, Fedoraproject, Opensuse and 1 more | 4 Ubuntu Linux, Fedora, Leap and 1 more | 2019-05-31 | 2.1 LOW | 5.5 MEDIUM |
| QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host. | |||||
| CVE-2018-18954 | 3 Canonical, Opensuse, Qemu | 3 Ubuntu Linux, Leap, Qemu | 2019-05-31 | 2.1 LOW | 5.5 MEDIUM |
| The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory. | |||||
| CVE-2018-10948 | 1 Synacor | 1 Zimbra Collaboration Suite | 2019-05-31 | 3.5 LOW | 4.8 MEDIUM |
| Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs. | |||||
| CVE-2018-7191 | 1 Linux | 1 Linux Kernel | 2019-05-31 | 4.9 MEDIUM | 5.5 MEDIUM |
| In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. | |||||
| CVE-2018-14425 | 1 Synacor | 1 Zimbra Collaboration Suite | 2019-05-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1. | |||||
| CVE-2018-15131 | 1 Synacor | 1 Zimbra Collaboration Suite | 2019-05-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests. | |||||
| CVE-2019-6981 | 1 Synacor | 1 Zimbra Collaboration Suite | 2019-05-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component. | |||||
| CVE-2018-13365 | 1 Fortinet | 1 Fortios | 2019-05-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page. | |||||
| CVE-2018-18631 | 1 Synacor | 1 Zimbra Collaboration Suite | 2019-05-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS. | |||||
| CVE-2018-14013 | 1 Synacor | 1 Zimbra Collaboration Suite | 2019-05-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients. | |||||
| CVE-2018-13375 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2019-05-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled). | |||||
| CVE-2019-12347 | 1 Netgate | 1 Pfsense | 2019-05-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action. The vulnerability occurs due to input validation errors. | |||||
| CVE-2016-5760 | 1 Novell | 1 Groupwise | 2019-05-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp. | |||||
| CVE-2016-5025 | 1 Nvidia | 40 Geforce 910m, Geforce 920m, Geforce 920mx and 37 more | 2019-05-30 | 6.1 MEDIUM | 6.6 MEDIUM |
| For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVAPI support layer causes a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers. | |||||
| CVE-2016-9798 | 1 Bluez | 1 Bluez | 2019-05-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. | |||||
| CVE-2016-9797 | 1 Bluez | 1 Bluez | 2019-05-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. | |||||
| CVE-2016-9802 | 1 Bluez | 1 Bluez | 2019-05-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. | |||||
| CVE-2016-5761 | 1 Novell | 1 Groupwise | 2019-05-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email. | |||||
| CVE-2017-0400 | 1 Google | 1 Android | 2019-05-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32584034. | |||||
| CVE-2016-6710 | 1 Google | 1 Android | 2019-05-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the download manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Android ID: A-30537115. | |||||
| CVE-2019-7324 | 1 Kanboard | 1 Kanboard | 2019-05-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting. | |||||
| CVE-2019-11604 | 1 Quest | 1 Kace Systems Management Appliance | 2019-05-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbot_service_notsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input to the METHOD GET parameter is processed by the web application. Since the application does not properly validate and sanitize this parameter, it is possible to place arbitrary script code into the context of the same page. | |||||
| CVE-2019-9221 | 1 Gitlab | 1 Gitlab | 2019-05-29 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 3 of 5). | |||||
| CVE-2019-7129 | 1 Adobe | 1 Experience Manager Forms | 2019-05-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-13885 | 1 Qualcomm | 74 Mdm9150, Mdm9150 Firmware, Mdm9206 and 71 more | 2019-05-29 | 4.9 MEDIUM | 5.5 MEDIUM |
| Possible memory overread may be lead to access of sensitive data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9650, MDM9655, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, SXR1130 | |||||
| CVE-2018-12005 | 1 Qualcomm | 70 Mdm9150, Mdm9150 Firmware, Mdm9206 and 67 more | 2019-05-29 | 4.9 MEDIUM | 5.5 MEDIUM |
| An unprivileged user can issue a binder call and cause a system halt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150 | |||||
| CVE-2017-14186 | 1 Fortinet | 1 Fortios | 2019-05-29 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter. | |||||
| CVE-2019-8346 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2019-05-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service password reset and MFA token. | |||||
| CVE-2018-18058 | 1 Bitdefender | 1 Scan Engines | 2019-05-29 | 2.6 LOW | 5.3 MEDIUM |
| An issue was discovered in Bitdefender Engines before 7.76662. A vulnerability has been discovered in the iso.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a division-by-zero circumstance. Paired with other vulnerabilities, this can result in denial-of-service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2018-18059 | 1 Bitdefender | 1 Scan Engines | 2019-05-29 | 2.6 LOW | 5.3 MEDIUM |
| An issue was discovered in Bitdefender Engines before 7.76675. A vulnerability has been discovered in the rar.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Paired with other vulnerabilities, this can result in denial-of-service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2018-18060 | 1 Bitdefender | 1 Scan Engines | 2019-05-29 | 2.6 LOW | 5.3 MEDIUM |
| An issue was discovered in Bitdefender Engines before 7.76808. A vulnerability has been discovered in the dalvik.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Paired with other vulnerabilities, this can result in denial-of-service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2019-12195 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2019-05-29 | 3.5 LOW | 4.8 MEDIUM |
| TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet. | |||||
| CVE-2018-5995 | 1 Linux | 1 Linux Kernel | 2019-05-28 | 2.1 LOW | 5.5 MEDIUM |
| The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call. | |||||
| CVE-2019-12362 | 1 Phome | 1 Empirecms | 2019-05-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php. | |||||
| CVE-2019-12315 | 1 Samsung | 2 Scx-824, Scx-824 Firmware | 2019-05-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Samsung SCX-824 printers allow a reflected Cross-Site-Scripting (XSS) vulnerability that can be triggered by using the "print from file" feature, as demonstrated by the sws/swsAlert.sws?popupid=successMsg msg parameter. | |||||
| CVE-2019-8339 | 1 Falco | 1 Falco | 2019-05-28 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Falco through 0.14.0. A missing indicator for insufficient resources allows local users to bypass the detection engine. | |||||