Vulnerabilities (CVE)

Filter

10212 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-1000227 1 Parallelus 1 Salutation 2019-08-24 3.5
Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can
CVE-2019-1552 1 Openssl 1 Openssl 2019-08-23 1.9
OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix /...
CVE-2019-11522 1 Open-xchange 1 Open-xchange Appsuite 2019-08-23 3.5
OX App Suite 7.10.0 to 7.10.2 allows XSS.
CVE-2019-4482 1 Ibm 1 Emptoris Spend Analysis 2019-08-23 3.5
IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...
CVE-2019-4420 1 Ibm 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics 2019-08-23 2.1
IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738.
CVE-2019-4120 1 Ibm 1 Cloud Private 2019-08-23 3.5
IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
CVE-2018-20986 2019-08-23 3.5
The advanced-custom-fields plugin before 5.7.8 for WordPress has XSS by authors.
CVE-2019-4425 1 Ibm 2 Business Automation Workflow, Business Process Manager 2019-08-23 3.5
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771.
CVE-2019-4049 2019-08-23 2.1
IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398.
CVE-2019-15127 1 Vanderbilt 1 Redcap 2019-08-23 3.5
REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file.
CVE-2017-18550 1 Linux 1 Linux Kernel 2019-08-23 2.1
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure.
CVE-2017-18549 1 Linux 1 Linux Kernel 2019-08-23 2.1
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure.
CVE-2018-13137 1 Wp-events-plugin 1 Events Manager 2019-08-23 3.5
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI.
CVE-2019-14939 1 Mysql Project 1 Mysql 2019-08-22 2.1
An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default.
CVE-2019-14787 1 Tribulant 1 Newsletters 2019-08-22 3.5
The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter.
CVE-2019-2743 1 Oracle 1 Mysql 2019-08-22 3.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.12 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access...
CVE-2019-2741 2 Oracle, Canonical 2 Mysql, Ubuntu Linux 2019-08-22 3.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Log). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with...
CVE-2019-14355 1 Shapeshift 1 Keepkey Firmware 2019-08-21 1.9
** DISPUTED ** On ShapeShift KeepKey devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display...
CVE-2019-14357 1 Mooltipass 1 Mooltipass Mini Firmware 2019-08-21 1.9
** DISPUTED ** On Mooltipass Mini devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display...
CVE-2019-14354 1 Ledger 2 Nano S Firmware, Nano X Firmware 2019-08-21 1.9
On Ledger Nano S and Nano X devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For...