Vulnerabilities (CVE)

Filter

10483 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17263 1 Libfwsi Project 1 Libfwsi 2019-10-14 2.1
** DISPUTED ** In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though...
CVE-2019-1070 1 Microsoft 1 Sharepoint Enterprise Server 2019-10-11 3.5
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
CVE-2019-17417 1 Pbootcms 1 Pbootcms 2019-10-11 3.5
PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.
CVE-2019-1363 1 Microsoft 2 Windows 7, Windows Server 2008 2019-10-11 2.1
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure...
CVE-2019-1328 1 Microsoft 2 Sharepoint Enterprise Server, Sharepoint Foundation 2019-10-11 3.5
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.
CVE-2019-1329 1 Microsoft 2 Sharepoint Enterprise Server, Sharepoint Foundation 2019-10-11 3.5
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE...
CVE-2019-1345 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-11 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1334.
CVE-2019-17401 1 Liblnk Project 1 Liblnk 2019-10-11 2.1
** DISPUTED ** libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue than CVE-2019-17264. NOTE: the...
CVE-2019-0369 1 Sap 1 Financial Consolidation 2019-10-10 3.5
SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site...
CVE-2019-17433 1 Laravel-admin 1 Laravel-admin 2019-10-10 3.5
z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen.
CVE-2019-4265 1 Ibm 1 Maximo Anywhere 2019-10-10 2.1
IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198.
CVE-2019-17434 1 Lavalite 1 Lavalite 2019-10-10 3.5
LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen.
CVE-2019-0374 1 Sap 1 Businessobjects Business Intelligence Platform 2019-10-10 3.5
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected...
CVE-2019-0375 1 Sap 1 Businessobjects Business Intelligence Platform 2019-10-10 3.5
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name...
CVE-2019-0376 1 Sap 1 Businessobjects Business Intelligence Platform 2019-10-10 3.5
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which...
CVE-2019-0377 1 Sap 1 Businessobjects Business Intelligence Platform 2019-10-10 3.5
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in...
CVE-2019-0378 1 Sap 1 Businessobjects Business Intelligence Platform 2019-10-10 3.5
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background...
CVE-2019-13628 1 Wolfssl 1 Wolfssl 2019-10-10 1.2
wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration...
CVE-2019-10917 1 Siemens 4 Simatic Pcs 7, Simatic Wincc, Simatic Wincc %28tia Portal%29 and 1 more 2019-10-10 2.1
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All...
CVE-2019-16116 1 Enterprisedt 1 Completeftp Server 2019-10-10 3.5
EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash.