Total
310061 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17674 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. | |||||
| CVE-2019-17673 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header. | |||||
| CVE-2019-17672 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements. | |||||
| CVE-2019-17671 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. | |||||
| CVE-2019-17670 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs. | |||||
| CVE-2019-17669 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters. | |||||
| CVE-2019-17668 | 1 Samsung | 4 Galaxy S10, Galaxy S10 Firmware, Note 10 and 1 more | 2024-11-21 | 4.4 MEDIUM | 6.8 MEDIUM |
| Samsung Galaxy S10 and Note10 devices allow unlock operations via unregistered fingerprints in certain situations involving a third-party screen protector. | |||||
| CVE-2019-17667 | 1 Comtechtel | 2 H8 Heights Remote Gateway, H8 Heights Remote Gateway Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name (aka SiteName) field. | |||||
| CVE-2019-17666 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. | |||||
| CVE-2019-17665 | 1 Nsa | 1 Ghidra | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory. | |||||
| CVE-2019-17664 | 1 Nsa | 1 Ghidra | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| NSA Ghidra through 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching the Python interpreter via the "Ghidra Codebrowser > Window > Python" option, Ghidra will try to execute the cmd.exe program from this working directory. | |||||
| CVE-2019-17663 | 2 D-link, Dlink | 2 Dir-866l Firmware, Dir-866l | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in the device common gateway interface, leading to common injection. | |||||
| CVE-2019-17662 | 1 Cybelsoft | 1 Thinvnc | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector. | |||||
| CVE-2019-17661 | 1 Admincolumns | 1 Admin Columns | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC. | |||||
| CVE-2019-17660 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO. | |||||
| CVE-2019-17658 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path. | |||||
| CVE-2019-17657 | 1 Fortinet | 5 Fortianalyzer, Fortiap-s, Fortiap-w2 and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks. | |||||
| CVE-2019-17656 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4.0 MEDIUM | 5.4 MEDIUM |
| A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution. | |||||
| CVE-2019-17655 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system. | |||||
| CVE-2019-17654 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack. | |||||