Total
314418 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8938 | 1 Vertrigoserv Project | 1 Vertrigoserv | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter. | |||||
| CVE-2019-8937 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php. | |||||
| CVE-2019-8936 | 5 Fedoraproject, Hpe, Netapp and 2 more | 6 Fedora, Hpux-ntp, Clustered Data Ontap and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| NTP through 4.2.8p12 has a NULL Pointer Dereference. | |||||
| CVE-2019-8935 | 1 O-dyn | 1 Collabtive | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter. | |||||
| CVE-2019-8934 | 2 Opensuse, Qemu | 2 Leap, Qemu | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. | |||||
| CVE-2019-8933 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on New Template, and modifying the filename from ../index.html to ../index.php. | |||||
| CVE-2019-8932 | 1 Rdbrck | 1 Shift | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. | |||||
| CVE-2019-8931 | 1 Rdbrck | 1 Shift | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application. | |||||
| CVE-2019-8929 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype. | |||||
| CVE-2019-8928 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName. | |||||
| CVE-2019-8927 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Type, schDesc, schName, schSource, selectDeviceDone, task, val10, and val11. | |||||
| CVE-2019-8926 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource. | |||||
| CVE-2019-8925 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:\boot.ini value. | |||||
| CVE-2019-8924 | 1 Apachefriends | 1 Xampp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued. | |||||
| CVE-2019-8923 | 1 Apachefriends | 1 Xampp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued. | |||||
| CVE-2019-8922 | 3 Bluez, Debian, Linux | 3 Bluez, Debian Linux, Linux Kernel | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer. | |||||
| CVE-2019-8921 | 3 Bluez, Debian, Linux | 3 Bluez, Debian Linux, Linux Kernel | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same. | |||||
| CVE-2019-8920 | 1 Apachefriends | 1 Xampp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569. | |||||
| CVE-2019-8919 | 1 Seafile | 1 Seadroid | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks. | |||||
| CVE-2019-8917 | 1 Solarwinds | 1 Orion Network Performance Monitor | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may be abused by an attacker to execute commands as the SYSTEM user. | |||||