CVE-2015-9414

The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter.

Source: CVE-2015-9414

CVE-2015-9411

The Postmatic plugin before 1.4.6 for WordPress has XSS.

Source: CVE-2015-9411

CVE-2015-9412

The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rstype parameter.

Source: CVE-2015-9412

CVE-2015-9410

The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter.

Source: CVE-2015-9410

CVE-2019-16253

The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755.

Source: CVE-2019-16253

CVE-2017-18635

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.

Source: CVE-2017-18635

CVE-2019-16892

In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).

Source: CVE-2019-16892

CVE-2019-16890

Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments.

Source: CVE-2019-16890

CVE-2019-12670

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by modifying files that they should not have access to. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container.

Source: CVE-2019-12670

CVE-2019-12709

A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker who has valid administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to run arbitrary commands on the underlying operating system with root privileges, which may lead to complete system compromise.

Source: CVE-2019-12709