Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10020 | 1 Xpdfreader | 1 Xpdf | 2019-03-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters. | |||||
| CVE-2019-10022 | 1 Xpdfreader | 1 Xpdf | 2019-03-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc. | |||||
| CVE-2019-10024 | 1 Xpdfreader | 1 Xpdf | 2019-03-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters. | |||||
| CVE-2019-10025 | 1 Xpdfreader | 1 Xpdf | 2019-03-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits. | |||||
| CVE-2019-10026 | 1 Xpdfreader | 1 Xpdf | 2019-03-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case. | |||||
| CVE-2019-7223 | 1 Invoiceplane | 1 Invoiceplane | 2019-03-25 | 3.5 LOW | 5.4 MEDIUM |
| InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoice_password parameter, aka the "PDF password" field to the "Create Invoice" option. The XSS payload is rendered at an index.php/invoices/view/## URI. NOTE: this is different from CVE-2018-12255. | |||||
| CVE-2018-10091 | 1 Audiocodes | 2 420hd Ip Phone, 420hd Ip Phone Firmware | 2019-03-25 | 3.5 LOW | 4.8 MEDIUM |
| AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS. | |||||
| CVE-2016-4578 | 5 Canonical, Debian, Linux and 2 more | 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more | 2019-03-25 | 2.1 LOW | 5.5 MEDIUM |
| sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions. | |||||
| CVE-2019-3482 | 1 Hp | 1 Arcsight Logger | 2019-03-25 | 6.8 MEDIUM | 6.5 MEDIUM |
| Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7. | |||||
| CVE-2019-3480 | 1 Hp | 1 Arcsight Logger | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7. | |||||
| CVE-2019-9093 | 1 Humhub | 1 Humhub | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing a JavaScript payload in the filename parameter is echoed back, which resulted in reflected XSS. | |||||
| CVE-2019-8938 | 1 Vertrigoserv Project | 1 Vertrigoserv | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter. | |||||
| CVE-2019-9094 | 1 Humhub | 1 Humhub | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS. | |||||
| CVE-2018-20165 | 1 Opentext | 1 Opentext Portal | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI. | |||||
| CVE-2016-1802 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app. | |||||
| CVE-2016-1814 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app. | |||||
| CVE-2016-1811 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image. | |||||
| CVE-2016-1807 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-25 | 1.9 LOW | 5.1 MEDIUM |
| Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors. | |||||
| CVE-2018-20629 | 1 Charity Donation Script Project | 1 Charity Donation Script | 2019-03-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Charity Donation Script readymadeb2bscript has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | |||||
| CVE-2016-1784 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2019-03-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site. | |||||
| CVE-2018-20630 | 1 Advance Crowdfunding Script Project | 1 Advance Crowdfunding Script | 2019-03-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | |||||
| CVE-2016-1752 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-25 | 7.1 HIGH | 5.5 MEDIUM |
| The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app. | |||||
| CVE-2018-20631 | 1 Website Seller Script Project | 1 Website Seller Script | 2019-03-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file. | |||||
| CVE-2018-20637 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2019-03-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 allows remote attackers to cause a denial of service (unrecoverable blank profile) via crafted JavaScript code in the First Name and Last Name field. | |||||
| CVE-2016-1839 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2019-03-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | |||||
| CVE-2016-1838 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2019-03-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | |||||
| CVE-2016-1837 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2019-03-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document. | |||||
| CVE-2016-1836 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2019-03-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document. | |||||
| CVE-2018-19934 | 1 Solarwinds | 1 Serv-u Ftp Server | 2019-03-25 | 3.5 LOW | 4.8 MEDIUM |
| SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter. | |||||
| CVE-2018-20638 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2019-03-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. | |||||
| CVE-2016-1833 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2019-03-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | |||||
| CVE-2018-20639 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar. | |||||
| CVE-2017-2475 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site. | |||||
| CVE-2016-7579 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-25 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information. | |||||
| CVE-2016-4680 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2019-03-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app. | |||||
| CVE-2016-1858 | 2 Apple, Webkitgtk | 4 Iphone Os, Safari, Tvos and 1 more | 2019-03-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site. | |||||
| CVE-2018-20643 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2019-03-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. | |||||
| CVE-2019-9914 | 1 Yop-poll | 1 Yop-poll | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS. | |||||
| CVE-2018-20626 | 1 Consumer Reviews Script Project | 1 Consumer Reviews Script | 2019-03-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | |||||
| CVE-2019-9911 | 1 Nextscripts | 1 Social Networks Auto-poster | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS. | |||||
| CVE-2019-9910 | 1 King-theme | 1 Kingcomposer | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS. | |||||
| CVE-2017-7060 | 1 Apple | 2 Iphone Os, Safari | 2019-03-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "Safari Printing" component. It allows remote attackers to cause a denial of service (excessive print dialogs) via a crafted web site. | |||||
| CVE-2017-7038 | 1 Apple | 4 Iphone Os, Safari, Tvos and 1 more | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. | |||||
| CVE-2017-7029 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||
| CVE-2017-7028 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||
| CVE-2019-9909 | 1 Givewp | 1 Give | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS. | |||||
| CVE-2019-9908 | 1 Hivewebstudios | 1 Font Organizer | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS. | |||||
| CVE-2019-7421 | 1 Samsung | 3 Syncthru Web Service, X7400gx, X7400gx Firmware | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL. | |||||
| CVE-2019-7417 | 1 Ericsson | 1 Active Library Explorer | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the "/cgi-bin/alexserv" servlet, as demonstrated by the DB, FN, fn, or id parameter. | |||||
| CVE-2019-7418 | 1 Samsung | 3 Syncthru Web Service, X7400gx, X7400gx Firmware | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc. | |||||