Vulnerabilities (CVE)

Filter

122140 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-10078 2019-05-20 N/A
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple...
CVE-2019-10077 2019-05-20 N/A
A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
CVE-2019-10076 2019-05-20 N/A
A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
CVE-2019-0976 1 Microsoft 1 Nuget 2019-05-20 2.1
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default "obj"), aka 'NuGet Package Manager Tampering Vulnerability'.
CVE-2018-14324 1 Oracle 1 Glassfish Server 2019-05-20 10.0
The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations,...
CVE-2019-1000 1 Microsoft 1 Azure Active Directory Connect 2019-05-20 3.5
An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows an attacker to execute two PowerShell cmdlets in context of a privileged account, and perform privileged actions.To exploit...
CVE-2019-12211 1 Freeimage Project 1 Freeimage 2019-05-20 5.0
When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.
CVE-2019-12241 2019-05-20 N/A
The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source cookie to classes/wc-cartsguru-event-handler.php.
CVE-2019-12240 2019-05-20 N/A
The Virim plugin 0.4 for WordPress allows Insecure Deserialization via s_values, t_values, or c_values in graph.php.
CVE-2019-12239 2019-05-20 N/A
The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access.
CVE-2019-11057 1 Vtiger 1 Vtiger Crm 2019-05-20 6.5
SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands.
CVE-2018-19826 1 Sass-lang 1 Libsass 2019-05-20 4.3
** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&'...
CVE-2019-1823 1 Cisco 3 Evolved Programmable Network Manager, Network Level Service, Prime Infrastructure 2019-05-20 9.0
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the...
CVE-2019-1821 1 Cisco 3 Evolved Programmable Network Manager, Network Level Service, Prime Infrastructure 2019-05-20 10.0
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the...
CVE-2019-8936 5 Netapp, Ntp, Fedoraproject and 2 more 5 Data Ontap Operating In 7-mode, Ntp, Fedora and 2 more 2019-05-20 5.0
NTP through 4.2.8p12 has a NULL Pointer Dereference.
CVE-2019-12213 1 Freeimage Project 1 Freeimage 2019-05-20 4.3
When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
CVE-2018-20007 1 Yeelight 1 Smart Ai Speaker Firmware 2019-05-20 7.2
Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data, read cleartext Wi-Fi credentials in a log...
CVE-2018-20839 1 Freedesktop 1 Systemd 2019-05-20 5.0
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current...
CVE-2019-6781 1 Gitlab 1 Gitlab 2019-05-20 5.0
An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into...
CVE-2019-8352 2019-05-20 N/A
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could...