Total
354702 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8954 | 1 Indexhibit | 1 Indexhibit | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Indexhibit 2.1.5, remote attackers can execute arbitrary code via the v parameter (in conjunction with the id parameter) in a upd_jxcode=true action to the ndxzstudio/?a=system URI. | |||||
| CVE-2019-8953 | 1 Netgate | 1 Haproxy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php. | |||||
| CVE-2019-8952 | 1 Bosch | 6 Divar Ip 2000, Divar Ip 2000 Firmware, Divar Ip 5000 and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Path Traversal vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote authorized user to access arbitrary files on the system via the network interface. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; 3.70; 3.71 before 3.71.0032 ; fixed versions: 3.71.0032; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; 3.70.0056; fixed versions: 7.5; 3.71.0032). | |||||
| CVE-2019-8951 | 1 Bosch | 6 Divar Ip 2000, Divar Ip 2000 Firmware, Divar Ip 5000 and 3 more | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An Open Redirect vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote attacker to redirect users to an arbitrary URL. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.70.0056 and newer; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; fixed versions: 7.5; 3.70.0056). | |||||
| CVE-2019-8950 | 1 Dasannetworks | 2 H665, H665 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET. | |||||
| CVE-2019-8948 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163. | |||||
| CVE-2019-8947 | 1 Zimbra | 1 Collaboration Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS. | |||||
| CVE-2019-8946 | 1 Zimbra | 1 Collaboration Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. | |||||
| CVE-2019-8945 | 1 Zimbra | 1 Collaboration Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. | |||||
| CVE-2019-8944 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files. | |||||
| CVE-2019-8943 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring. | |||||
| CVE-2019-8942 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943. | |||||
| CVE-2019-8939 | 1 Tautulli | 1 Tautulli | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page. | |||||
| CVE-2019-8938 | 1 Vertrigoserv Project | 1 Vertrigoserv | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter. | |||||
| CVE-2019-8937 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php. | |||||
| CVE-2019-8936 | 5 Fedoraproject, Hpe, Netapp and 2 more | 6 Fedora, Hpux-ntp, Clustered Data Ontap and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| NTP through 4.2.8p12 has a NULL Pointer Dereference. | |||||
| CVE-2019-8935 | 1 O-dyn | 1 Collabtive | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter. | |||||
| CVE-2019-8934 | 2 Opensuse, Qemu | 2 Leap, Qemu | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. | |||||
| CVE-2019-8933 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on New Template, and modifying the filename from ../index.html to ../index.php. | |||||
| CVE-2019-8932 | 1 Rdbrck | 1 Shift | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. | |||||