Vulnerabilities (CVE)

Total 310061 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-17674 1 Wordpress 1 Wordpress 2024-11-21 3.5 LOW 5.4 MEDIUM
WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer.
CVE-2019-17673 2 Debian, Wordpress 2 Debian Linux, Wordpress 2024-11-21 5.0 MEDIUM 7.5 HIGH
WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.
CVE-2019-17672 1 Wordpress 1 Wordpress 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.
CVE-2019-17671 1 Wordpress 1 Wordpress 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.
CVE-2019-17670 2 Debian, Wordpress 2 Debian Linux, Wordpress 2024-11-21 7.5 HIGH 9.8 CRITICAL
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.
CVE-2019-17669 1 Wordpress 1 Wordpress 2024-11-21 7.5 HIGH 9.8 CRITICAL
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.
CVE-2019-17668 1 Samsung 4 Galaxy S10, Galaxy S10 Firmware, Note 10 and 1 more 2024-11-21 4.4 MEDIUM 6.8 MEDIUM
Samsung Galaxy S10 and Note10 devices allow unlock operations via unregistered fingerprints in certain situations involving a third-party screen protector.
CVE-2019-17667 1 Comtechtel 2 H8 Heights Remote Gateway, H8 Heights Remote Gateway Firmware 2024-11-21 3.5 LOW 5.4 MEDIUM
Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name (aka SiteName) field.
CVE-2019-17666 1 Linux 1 Linux Kernel 2024-11-21 8.3 HIGH 8.8 HIGH
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
CVE-2019-17665 1 Nsa 1 Ghidra 2024-11-21 4.4 MEDIUM 7.8 HIGH
NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory.
CVE-2019-17664 1 Nsa 1 Ghidra 2024-11-21 4.4 MEDIUM 7.8 HIGH
NSA Ghidra through 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching the Python interpreter via the "Ghidra Codebrowser > Window > Python" option, Ghidra will try to execute the cmd.exe program from this working directory.
CVE-2019-17663 2 D-link, Dlink 2 Dir-866l Firmware, Dir-866l 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in the device common gateway interface, leading to common injection.
CVE-2019-17662 1 Cybelsoft 1 Thinvnc 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.
CVE-2019-17661 1 Admincolumns 1 Admin Columns 2024-11-21 9.0 HIGH 8.8 HIGH
A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC.
CVE-2019-17660 1 Limesurvey 1 Limesurvey 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO.
CVE-2019-17658 1 Fortinet 1 Forticlient 2024-11-21 7.5 HIGH 9.8 CRITICAL
An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.
CVE-2019-17657 1 Fortinet 5 Fortianalyzer, Fortiap-s, Fortiap-w2 and 2 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks.
CVE-2019-17656 1 Fortinet 2 Fortios, Fortiproxy 2024-11-21 4.0 MEDIUM 5.4 MEDIUM
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.
CVE-2019-17655 1 Fortinet 1 Fortios 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system.
CVE-2019-17654 1 Fortinet 1 Fortimanager 2024-11-21 6.8 MEDIUM 8.8 HIGH
An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.