CVE-2019-1010314

Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting XSS. The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page...

Cross site scripting

Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting XSS. The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page...

CVE-2019-1010314

Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting XSS. The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page...

F5 BIG-IP Access Control Error Vulnerability (CNVD-2019-32032)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. An access control error vulnerability exists in F5 BIG-IP, which can be exploited by an attacker to overwrite arbitrary files...

UBUNTU-CVE-2019-5052

An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a...

DEBIAN-CVE-2019-13075

Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a...

GHSA-28HP-FGCR-2R4H Cross-Site Scripting via JSONP

JSONP allows untrusted resource URLs, which provides a vector for attack by malicious actors...

Sohu Video Player suffers from dll hijacking vulnerability

Sohu Video Player is an online network video player officially launched by Sohu. Sohu Video Player has a dll hijacking vulnerability, which can be exploited by attackers to load a malicious dll and execute malicious code...

PRODSECBUG-2267: Use of insufficiently random values when generating initialization vector

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

CVE-2019-3787

Cloud Foundry UAA vulnerability CVE-2019-3787 affects UAA releases prior to v73.0.0. When a user email is not provided or the username lacks an @, UAA falls back to appending unknown.org to the email, which means password-recovery emails can be sent to an owned domain. This creates a potential ta...

CVE-2019-2003

In addLinks of Linkify.java, there is a possible phishing vector due to an unusual root cause. This could lead to remote code execution or misdirection of clicks with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0...

Remote code execution

In addLinks of Linkify.java, there is a possible phishing vector due to an unusual root cause. This could lead to remote code execution or misdirection of clicks with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0...

CVE-2019-2003

CVE-2019-2003 affects Android platforms (7.0–9) and is described across multiple sources (NVD, Red Hat, CVE entries, and Android bulletin) as an elevation of privilege/remote code execution risk via Linkify.java in addLinks, enabling phishing-like misdirection. Root cause is an unusual issue in L...

Concrete5 Cross-Site Scripting Vulnerability (CNVD-2019-18846)

concrete5 is an open source content management system CMS for publishing content on the World Wide Web and intranet. A cross-site scripting vulnerability exists in Concrete5 8.4.3. The vulnerability stems from config/concrete.php allowing the upload of SVG files that may contain HTML data with...

Spring Security OAuth - Open Redirector Vulnerability

Exploit for java platform in category web applications Exploit Title: Open Redirector in spring-security-oauth2 Exploit Author: Riemann Vendor Homepage: https://spring.io/projects/spring-security-oauth Software Link: https://spring.io Version: Spring Security OAuth versions 2.3 prior to 2.3.6...

PT-2020-5868 · Go +1 · Crypto/X509 +5

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.12.16 Go versions 1.13.x prior to 1.13.7 crypto/cryptobyte package versions prior to 0.0.0-20200124225646-8b5121be2f68 Description: The issue is related to errors in the certificate authentication procedure in the...

CVE-2018-19146

Concrete5 8.4.3 has XSS because config/concrete.php allows uploads by administrators of SVG files that may contain HTML data with a SCRIPT element...

Spring Security OAuth - Open Redirector

Spring Security OAuth - Open Redirector Exploit Title: Open Redirector in spring-security-oauth2 Date: 17 June 2019 Exploit Author: Riemann Vendor Homepage: https://spring.io/projects/spring-security-oauth Software Link: https://spring.io Version: Spring Security OAuth versions 2.3 prior to 2.3.6...

Processing of maliciously crafted length fields causes memory allocation SIGABRTs

Affected versions of this crate tried to preallocate a vector for an arbitrary amount of bytes announced by the ASN.1-DER length field without further checks. This allows an attacker to trigger a SIGABRT by creating length fields that announce more bytes than the allocator can provide. The flaw w...

Pronestor Health Monitoring Privilege Escalation

Summary The Pronestor service "PNHM" aka Health Monitoring or HealthMonitor before 8.1.12.0 has "BUILTIN\Users:IF" permissions for the "%PROGRAMFILESX86%\proNestor\Outlook add-in for Pronestor\PronestorHealthMonitor.exe" file, which allows local users to gain privileges via a Trojan horse...