Total
2025 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-6034 | 1 Appleple | 1 A-blog Cms | 2024-11-21 | 6.1 Medium |
| a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors. | ||||
| CVE-2019-5977 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.3 Medium |
| Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'. | ||||
| CVE-2019-5404 | 1 Hp | 1 3par Storeserv Management Console | 2024-11-21 | N/A |
| A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | ||||
| CVE-2019-5314 | 1 Arubanetworks | 1 Arubaos | 2024-11-21 | 6.1 Medium |
| Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability. | ||||
| CVE-2019-4558 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | 7.8 High |
| A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files. | ||||
| CVE-2019-4461 | 1 Ibm | 1 Cloud Orchestrator | 2024-11-21 | 5.4 Medium |
| IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682. | ||||
| CVE-2019-4396 | 1 Ibm | 1 Cloud Orchestrator | 2024-11-21 | 5.4 Medium |
| IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236. | ||||
| CVE-2019-4216 | 1 Ibm | 1 Smartcloud Analytics Log Analysis | 2024-11-21 | 4.6 Medium |
| IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187. | ||||
| CVE-2019-3562 | 1 Oculus | 1 Oculus Browser | 2024-11-21 | N/A |
| A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2.7 until 5.7.11. | ||||
| CVE-2019-3498 | 4 Canonical, Debian, Djangoproject and 1 more | 4 Ubuntu Linux, Debian Linux, Django and 1 more | 2024-11-21 | N/A |
| In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content. | ||||
| CVE-2019-25031 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-11-21 | 5.9 Medium |
| Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation | ||||
| CVE-2019-20409 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-11-21 | 9.8 Critical |
| The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability. | ||||
| CVE-2019-20213 | 1 Dlink | 28 Dir-818lx, Dir-818lx Firmware, Dir-822 and 25 more | 2024-11-21 | 7.5 High |
| D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. | ||||
| CVE-2019-1939 | 2 Cisco, Microsoft | 2 Webex Teams, Windows | 2024-11-21 | 8.8 High |
| A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to visit a website designed to submit malicious input to the affected application. A successful exploit could allow the attacker to cause the application to modify files and execute arbitrary commands on the system with the privileges of the targeted user. | ||||
| CVE-2019-1490 | 1 Microsoft | 1 Skype For Business | 2024-11-21 | 5.4 Medium |
| A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'. | ||||
| CVE-2019-19614 | 1 Halvotec | 1 Raquest | 2024-11-21 | 7.5 High |
| An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login page is vulnerable to wildcard injection, allowing an attacker to enumerate the list of users sharing an identical password. Fixed in Release 10.24.11206.1. | ||||
| CVE-2019-19389 | 1 Jetbrains | 1 Ktor | 2024-11-21 | 5.4 Medium |
| JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting. | ||||
| CVE-2019-19330 | 4 Canonical, Debian, Haproxy and 1 more | 6 Ubuntu Linux, Debian Linux, Haproxy and 3 more | 2024-11-21 | 9.8 Critical |
| The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks. | ||||
| CVE-2019-18860 | 5 Canonical, Debian, Opensuse and 2 more | 5 Ubuntu Linux, Debian Linux, Leap and 2 more | 2024-11-21 | 6.1 Medium |
| Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. | ||||
| CVE-2019-18657 | 1 Yandex | 1 Clickhouse | 2024-11-21 | 5.3 Medium |
| ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function. | ||||