Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3473 | 2020-01-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | |||||
| CVE-2019-6020 | 1 Alfasado | 1 Powercms | 2020-01-06 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x), 4.42 and earlier (PowerCMS 4.x), and 3.293 and earlier (PowerCMS 3.x) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | |||||
| CVE-2019-6016 | 1 Remise | 1 Payment Module | 2020-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-6021 | 1 Ricoh | 1 Limedio | 2020-01-06 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | |||||
| CVE-2018-20451 | 1 Libdoc Project | 1 Libdoc | 2020-01-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| The process_file function in reader.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file. | |||||
| CVE-2019-9737 | 1 Ipandao | 1 Editor.md | 2020-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Editor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring. | |||||
| CVE-2019-9537 | 1 Telos | 1 Automated Message Handling System | 2020-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | |||||
| CVE-2019-9538 | 1 Telos | 1 Automated Message Handling System | 2020-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | |||||
| CVE-2019-9539 | 1 Telos | 1 Automated Message Handling System | 2020-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | |||||
| CVE-2019-9540 | 1 Telos | 1 Automated Message Handling System | 2020-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prefs.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | |||||
| CVE-2019-20205 | 1 Libsixel Project | 1 Libsixel | 2020-01-06 | 6.8 MEDIUM | 8.8 HIGH |
| libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c. | |||||
| CVE-2019-9542 | 1 Telos | 1 Automated Message Handling System | 2020-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | |||||
| CVE-2018-1300 | 2020-01-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none. | |||||
| CVE-2018-1326 | 2020-01-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none. | |||||
| CVE-2019-6031 | 1 Dayz | 1 Kinza | 2020-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in KINZA for Windows version 5.9.2 and earlier and for Mac version 5.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via RSS reader. | |||||
| CVE-2015-9540 | 1 Chamilo | 1 Chamilo Lms | 2020-01-06 | 5.8 MEDIUM | 6.1 MEDIUM |
| Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503. | |||||
| CVE-2019-18781 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2020-01-06 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site. | |||||
| CVE-2019-6035 | 1 Yahoo | 1 Athenz | 2020-01-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page. | |||||
| CVE-2013-4621 | 1 Magdevgroup | 1 Magnolia Cms | 2020-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities | |||||
| CVE-2012-2736 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, Networkmanager and 1 more | 2020-01-04 | 3.3 LOW | 4.4 MEDIUM |
| In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network. | |||||
| CVE-2013-4695 | 1 Winamp | 1 Winamp | 2020-01-04 | 6.8 MEDIUM | 7.8 HIGH |
| Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution | |||||
| CVE-2013-4693 | 1 Xorbin | 1 Digital Flash Clock | 2020-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress Xorbin Digital Flash Clock 1.0 has XSS | |||||
| CVE-2013-4691 | 1 Sencha | 1 Connect | 2020-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sencha Labs Connect has XSS with connect.methodOverride() | |||||
| CVE-2013-4665 | 1 Spbas | 1 Business Automation Software | 2020-01-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| SPBAS Business Automation Software 2012 has CSRF. | |||||
| CVE-2013-4664 | 1 Spbas | 1 Business Automation Software | 2020-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| SPBAS Business Automation Software 2012 has XSS. | |||||
| CVE-2013-4692 | 1 Xorbin | 1 Analog Flash Clock | 2020-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS | |||||
| CVE-2019-5390 | 1 Hp | 1 Intelligent Management Center | 2020-01-04 | 10.0 HIGH | 9.8 CRITICAL |
| A remote command injection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-19580 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2020-01-03 | 6.0 MEDIUM | 6.6 MEDIUM |
| An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice. | |||||
| CVE-2019-19581 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2020-01-03 | 2.1 LOW | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable. | |||||
| CVE-2019-19582 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2020-01-03 | 2.1 LOW | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable. | |||||
| CVE-2019-20221 | 1 Sitracker | 1 Support Incident Tracker | 2020-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page. | |||||
| CVE-2019-20223 | 1 Sitracker | 1 Support Incident Tracker | 2020-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235. | |||||
| CVE-2019-20220 | 1 Sitracker | 1 Support Incident Tracker | 2020-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS. | |||||
| CVE-2019-20222 | 1 Sitracker | 1 Support Incident Tracker | 2020-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS. | |||||
| CVE-2013-3246 | 1 Xnview | 1 Xnview | 2020-01-03 | 6.8 MEDIUM | 7.8 HIGH |
| Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file. | |||||
| CVE-2014-6420 | 1 Livefyre | 1 Livecomments | 2020-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture. | |||||
| CVE-2019-6018 | 1 Netcommons | 1 Netcommons | 2020-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in NetCommons 3.2.2 and earlier (NetCommons3.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-3247 | 1 Xnview | 1 Xnview | 2020-01-03 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file. | |||||
| CVE-2012-3462 | 1 Fedoraproject | 1 Sssd | 2020-01-03 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context. | |||||
| CVE-2019-16557 | 1 Jenkins | 1 Redgate Sql Change Automation | 2020-01-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-16558 | 1 Jenkins | 1 Spira Importer | 2020-01-03 | 6.4 MEDIUM | 8.2 HIGH |
| Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM. | |||||
| CVE-2019-16556 | 1 Jenkins | 1 Rundeck | 2020-01-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-16555 | 1 Jenkins | 1 Build Failure Analyzer | 2020-01-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process. | |||||
| CVE-2019-16554 | 1 Jenkins | 1 Build Failure Analyzer | 2020-01-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression. | |||||
| CVE-2019-16553 | 1 Jenkins | 1 Build Failure Analyzer | 2020-01-03 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression. | |||||
| CVE-2019-16552 | 1 Jenkins | 1 Gerrit Trigger | 2020-01-03 | 5.5 MEDIUM | 5.4 MEDIUM |
| A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins master. | |||||
| CVE-2019-16551 | 1 Jenkins | 1 Gerrit Trigger | 2020-01-03 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials. | |||||
| CVE-2012-5645 | 2 Fedoraproject, Freeciv | 2 Fedora, Freeciv | 2020-01-03 | 7.8 HIGH | 7.5 HIGH |
| A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption. | |||||
| CVE-2019-16559 | 1 Jenkins | 1 Websphere Deployer | 2020-01-03 | 5.5 MEDIUM | 5.4 MEDIUM |
| A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system. | |||||
| CVE-2019-16560 | 1 Jenkins | 1 Websphere Deployer | 2020-01-03 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system. | |||||
