Export limit exceeded: 361808 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361808 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16997 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 7.2 High |
| In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter. | ||||
| CVE-2019-16996 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 7.2 High |
| In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter. | ||||
| CVE-2019-16995 | 3 Linux, Netapp, Opensuse | 27 Linux Kernel, Aff A700s, Aff A700s Firmware and 24 more | 2024-11-21 | 7.5 High |
| In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d. | ||||
| CVE-2019-16994 | 3 Linux, Opensuse, Redhat | 4 Linux Kernel, Leap, Enterprise Linux and 1 more | 2024-11-21 | 4.7 Medium |
| In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a. | ||||
| CVE-2019-16993 | 2 Debian, Phpbb | 2 Debian Linux, Phpbb | 2024-11-21 | 8.8 High |
| In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them. | ||||
| CVE-2019-16992 | 1 Keybase | 1 Keybase | 2024-11-21 | 7.5 High |
| The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be used for Stellar payments to the user), which might be incompatible with a user's personal position on the semantics of an attestation. | ||||
| CVE-2019-16991 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||||
| CVE-2019-16990 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.5 Medium |
| In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it. | ||||
| CVE-2019-16989 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to v4.5.7, the file app\conferences_active\conference_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||||
| CVE-2019-16988 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitized "eavesdrop_dest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS. | ||||
| CVE-2019-16987 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||||
| CVE-2019-16986 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.5 Medium |
| In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. (resources\secure_download.php is also affected.) | ||||
| CVE-2019-16985 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.5 Medium |
| In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system. | ||||
| CVE-2019-16984 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php uses an unsanitized "filename" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS. | ||||
| CVE-2019-16983 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS. | ||||
| CVE-2019-16982 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to v4.5.7, the file app\access_controls\access_control_nodes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||||
| CVE-2019-16981 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to v4.5.7, the file app\conference_profiles\conference_profile_params.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | ||||
| CVE-2019-16980 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 8.8 High |
| In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection. | ||||
| CVE-2019-16979 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||||
| CVE-2019-16978 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to v4.5.7, the file app\devices\device_settings.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | ||||