Export limit exceeded: 361494 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361494 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11830 | 1 Typo3 | 1 Pharstreamwrapper | 2024-11-21 | N/A |
| PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection mechanism. | ||||
| CVE-2019-11829 | 1 Synology | 1 Calendar | 2024-11-21 | 7.3 High |
| OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header. | ||||
| CVE-2019-11828 | 1 Synology | 1 Office | 2024-11-21 | 5.5 Medium |
| Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2019-11827 | 1 Synology | 1 Note Station | 2024-11-21 | 6.5 Medium |
| Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter. | ||||
| CVE-2019-11826 | 1 Synology | 1 Moments | 2024-11-21 | 8 High |
| Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter. | ||||
| CVE-2019-11825 | 1 Synology | 1 Calendar | 2024-11-21 | 6.5 Medium |
| Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter. | ||||
| CVE-2019-11823 | 1 Synology | 1 Router Manager | 2024-11-21 | 8.6 High |
| CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. | ||||
| CVE-2019-11822 | 1 Synology | 1 Photo Station | 2024-11-21 | 4.3 Medium |
| Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter. | ||||
| CVE-2019-11821 | 1 Synology | 1 Photo Station | 2024-11-21 | 7.3 High |
| SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter. | ||||
| CVE-2019-11820 | 1 Synology | 1 Calendar | 2024-11-21 | 5.5 Medium |
| Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline. | ||||
| CVE-2019-11819 | 1 Alkacon | 1 Opencms | 2024-11-21 | N/A |
| Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name. | ||||
| CVE-2019-11818 | 1 Alkacon | 1 Opencms | 2024-11-21 | N/A |
| Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert arbitrary JavaScript as user input (First Name or Last Name), which will be executed whenever the affected snippet is loaded. | ||||
| CVE-2019-11816 | 2 Netgate, Opnsense | 2 Pfsense, Opnsense | 2024-11-21 | 7.2 High |
| Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request. | ||||
| CVE-2019-11815 | 5 Canonical, Debian, Linux and 2 more | 15 Ubuntu Linux, Debian Linux, Linux Kernel and 12 more | 2024-11-21 | 8.1 High |
| An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. | ||||
| CVE-2019-11814 | 1 Misp | 1 Misp | 2024-11-21 | N/A |
| An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot. | ||||
| CVE-2019-11813 | 1 Misp | 1 Misp | 2024-11-21 | N/A |
| An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. There is persistent XSS via link type attributes with javascript:// links. | ||||
| CVE-2019-11812 | 1 Misp | 1 Misp | 2024-11-21 | N/A |
| A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link. | ||||
| CVE-2019-11811 | 3 Linux, Opensuse, Redhat | 15 Linux Kernel, Leap, Enterprise Linux and 12 more | 2024-11-21 | 7.0 High |
| An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. | ||||
| CVE-2019-11810 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2024-11-21 | 7.5 High |
| An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free. | ||||
| CVE-2019-11809 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector. | ||||