Export limit exceeded: 362748 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362748 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14811 | 5 Artifex, Debian, Fedoraproject and 2 more | 7 Ghostscript, Debian Linux, Fedora and 4 more | 2024-11-21 | 7.8 High |
| A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | ||||
| CVE-2019-14810 | 1 Arista | 10 7020r, 7280e, 7280r and 7 more | 2024-11-21 | 5.9 Medium |
| A vulnerability has been found in the implementation of the Label Distribution Protocol (LDP) protocol in EOS. Under race conditions, the LDP agent can establish an LDP session with a malicious peer potentially allowing the possibility of a Denial of Service (DoS) attack on route updates and in turn potentially leading to an Out of Memory (OOM) condition that is disruptive to traffic forwarding. Affected EOS versions include: 4.22 release train: 4.22.1F and earlier releases 4.21 release train: 4.21.0F - 4.21.2.3F, 4.21.3F - 4.21.7.1M 4.20 release train: 4.20.14M and earlier releases 4.19 release train: 4.19.12M and earlier releases End of support release trains (4.18 and 4.17) | ||||
| CVE-2019-14809 | 3 Debian, Golang, Redhat | 4 Debian Linux, Go, Devtools and 1 more | 2024-11-21 | N/A |
| net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com. | ||||
| CVE-2019-14808 | 1 Renpho | 1 Renpho | 2024-11-21 | 6.8 Medium |
| An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab (e.g., exposure of his birthday) or logs into his account (i.e., exposure of credentials). | ||||
| CVE-2019-14807 | 1 Mediawiki | 1 Mobilefrontend | 2024-11-21 | 6.1 Medium |
| In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php. | ||||
| CVE-2019-14806 | 2 Opensuse, Palletsprojects | 2 Leap, Werkzeug | 2024-11-21 | 7.5 High |
| Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. | ||||
| CVE-2019-14805 | 1 Una | 1 Una | 2024-11-21 | N/A |
| studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets during set editing. | ||||
| CVE-2019-14804 | 1 Una | 1 Una | 2024-11-21 | N/A |
| studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing. | ||||
| CVE-2019-14801 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | N/A |
| The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection. | ||||
| CVE-2019-14800 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | N/A |
| The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI. | ||||
| CVE-2019-14799 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | 6.1 Medium |
| The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS. | ||||
| CVE-2019-14798 | 1 10web | 1 Photo Gallery | 2024-11-21 | N/A |
| The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter. | ||||
| CVE-2019-14797 | 1 10web | 1 Photo Gallery | 2024-11-21 | N/A |
| The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS. | ||||
| CVE-2019-14796 | 1 Mq-woocommerce-products-price-bulk-edit Project | 1 Mq-woocommerce-products-price-bulk-edit | 2024-11-21 | 5.4 Medium |
| The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter. | ||||
| CVE-2019-14795 | 1 Toggle-the-title Project | 1 Toggle-the-title | 2024-11-21 | N/A |
| The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter. | ||||
| CVE-2019-14794 | 1 Metabox | 1 Meta Box | 2024-11-21 | N/A |
| The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders. | ||||
| CVE-2019-14793 | 1 Metabox | 1 Meta Box | 2024-11-21 | N/A |
| The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter. | ||||
| CVE-2019-14792 | 1 Codecabin | 1 Wp Go Maps | 2024-11-21 | N/A |
| The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter. | ||||
| CVE-2019-14791 | 1 Codepeople | 1 Appointment Booking Calendar | 2024-11-21 | N/A |
| The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. | ||||
| CVE-2019-14790 | 1 Limbcode | 1 Limb-gallery | 2024-11-21 | N/A |
| The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter, | ||||