Total
316156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9674 | 3 Canonical, Netapp, Python | 3 Ubuntu Linux, Active Iq Unified Manager, Python | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. | |||||
| CVE-2019-9673 | 1 Freenetproject | 1 Freenet | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI. | |||||
| CVE-2019-9669 | 1 Wordfence | 1 Wordfence | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** The Wordfence plugin 7.2.3 for WordPress allows XSS via a unique attack vector. NOTE: It has been asserted that this is not a valid vulnerability in the context of the Wordfence WordPress plugin as the firewall rules are not maintained as part of the Wordfence software but rather it is a set of rules hosted on vendor servers and pushed to the plugin with no versioning associated. Bypassing a WAF rule doesn't make a WordPress site vulnerable (speaking in terms of software vulnerabilities). | |||||
| CVE-2019-9668 | 1 Rovinbhandari Ftp Project | 1 Rovinbhandari Ftp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in rovinbhandari FTP through 2012-03-28. receive_file in file_transfer_functions.c allows remote attackers to cause a denial of service (daemon crash) via a 0xffff datalen field value. | |||||
| CVE-2019-9662 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in JTBC(PHP) 3.0.1.8. Its cache management module is flawed. An arbitrary file ending in "inc.php" can be deleted via a console/cache/manage.php?type=action&action=batch&batch=delete&ids=../ substring. | |||||
| CVE-2019-9661 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html "value" parameter, | |||||
| CVE-2019-9660 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter. | |||||
| CVE-2019-9659 | 2 Chuango, Eminent | 22 A11 Pstn\/lcd\/rfid Touch Alarm System, A11 Pstn\/lcd\/rfid Touch Alarm System Firmware, A8 Pstn Alarm System and 19 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System. | |||||
| CVE-2019-9658 | 3 Checkstyle, Debian, Fedoraproject | 3 Checkstyle, Debian Linux, Fedora | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Checkstyle before 8.18 loads external DTDs by default. | |||||
| CVE-2019-9657 | 1 Alarm | 2 Adc-v522ir, Adc-v522ir Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a different issue than CVE-2018-19588. This occurs because of incorrect protection of VPN certificates (used for initiating a VPN session to the Alarm.com infrastructure) on the local camera device. | |||||
| CVE-2019-9656 | 1 Libofx Project | 1 Libofx | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump. | |||||
| CVE-2019-9653 | 1 Nuuo | 2 Network Video Recorder, Network Video Recorder Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php. | |||||
| CVE-2019-9652 | 1 Sdcms | 1 Sdcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter. | |||||
| CVE-2019-9651 | 1 Sdcms | 1 Sdcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the check_bad() function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions (such as "eval") are blocked but others (such as "system") are not, and because ".php" is blocked but ".PHP" is not blocked. | |||||
| CVE-2019-9650 | 1 Upcoming Events Project | 1 Upcoming Events | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in upcoming_events.php in the Upcoming Events plugin before 1.33 for MyBB via a crafted name for an event. | |||||
| CVE-2019-9649 | 1 Coreftp | 1 Core Ftp | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date. | |||||
| CVE-2019-9648 | 1 Coreftp | 1 Core Ftp | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information. | |||||
| CVE-2019-9647 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gila CMS 1.9.1 has XSS. | |||||
| CVE-2019-9646 | 1 Codepeople | 1 Contact Form Email | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Contact Form Email plugin before 1.2.66 for WordPress allows wp-admin/admin.php item XSS, related to cp_admin_int_edition.inc.php in the "custom edition area." | |||||
| CVE-2019-9644 | 1 Jupyter | 1 Notebook | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of error messages, though not reproduced with other browsers. This occurs because Internet Explorer's error messages can include the content of any invalid JavaScript that was encountered. | |||||