Lucene search
K

7046 matches found

NVD
NVD
added 2019/07/12 6:15 p.m.20 views

CVE-2019-1010310

GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools Reminder Description .. Set the...

3.5CVSS4.3AI score0.00718EPSS
Exploits0References2
Prion
Prion
added 2019/07/12 6:15 p.m.20 views

Code injection

GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools Reminder Description .. Set the...

3.5CVSS4.5AI score0.00718EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/07/12 5:45 p.m.21 views

CVE-2019-1010310

GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools Reminder Description .. Set the...

4.4AI score0.00718EPSS
Exploits0References2
NVD
NVD
added 2019/07/11 8:15 p.m.25 views

CVE-2019-1010317

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig caff.c:486. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

5.5CVSS5.8AI score0.01456EPSS
Exploits1References8
NVD
NVD
added 2019/07/11 8:15 p.m.22 views

CVE-2019-1010316

pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. The impact is: False locking impression when run in a non-X11 session. The fixed version is: 0.4...

7.8CVSS7.7AI score0.00308EPSS
Exploits0References1
OSV
OSV
added 2019/07/11 8:15 p.m.30 views

CVE-2019-1010319

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig wave64.c:211. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

5.5CVSS6.7AI score
Exploits0References8
OSV
OSV
added 2019/07/11 8:15 p.m.28 views

CVE-2019-1010317

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig caff.c:486. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

5.5CVSS6.7AI score
Exploits0References8
Debian CVE
Debian CVE
added 2019/07/11 7:34 p.m.16 views

CVE-2019-1010315

WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig dsdiff.c:282. The attack vector is: Maliciously crafted .wav file. The fixed...

5.5CVSS5.1AI score0.01534EPSS
Exploits1
Debian CVE
Debian CVE
added 2019/07/11 7:24 p.m.26 views

CVE-2019-1010317

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig caff.c:486. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

5.5CVSS5.1AI score0.01456EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2019/07/11 12:0 a.m.28 views

CVE-2019-1010319

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig wave64.c:211. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

5.5CVSS6.4AI score0.01503EPSS
Exploits1References4
OSV
OSV
added 2019/07/10 5:15 p.m.24 views

CVE-2019-12469

MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

6.5CVSS6.7AI score
Exploits0References4
Prion
Prion
added 2019/07/10 4:15 p.m.27 views

Design/Logic Flaw

Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

5CVSS7.8AI score0.02043EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2019/07/10 4:4 p.m.27 views

CVE-2019-12470

Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

6.5AI score0.01382EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/07/09 12:0 a.m.4 views

PT-2019-2724 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows versions prior to the fixed version Description: The issue is related to errors in handling objects in memory by the Win32k component of the Windows operating system. This can allow an attacker to execute arbitrary code in kernel mode...

7.8CVSS8.4AI score0.09788EPSS
Exploits2References13
NVD
NVD
added 2019/07/05 1:15 p.m.9 views

CVE-2019-13144

myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. This is fixed in 1.5...

9.8CVSS9.3AI score0.01837EPSS
Exploits0References1
Vaadin
Vaadin
added 2019/07/04 12:0 a.m.53 views

Stored cross-site scripting in Grid component in Vaadin 7 and 8

Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 Vaadin 7.4.0 through 7.7.19, and 8.0.0 through 8.8.4 Vaadin 8.0.0 through 8.8.4 allows attacker to inject malicious JavaScript via unspecified vector. See CWE-80: Improper Neutralization of...

6.1CVSS1.4AI score0.00923EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2019/07/03 7:15 p.m.6 views

CVE-2019-12850

A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168...

9.8CVSS5.8AI score0.02079EPSS
Exploits0References1
Snyk
Snyk
added 2019/07/03 7:15 p.m.2 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound. An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, whi...

8.8CVSS9AI score0.04515EPSS
Exploits1References2
Snyk
Snyk
added 2019/07/03 7:15 p.m.1 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write. An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can...

8.8CVSS7.9AI score0.04043EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2019/06/27 12:0 a.m.5 views

PT-2019-16993 · Ibm · Ibm Jazz Foundation +1

Name of the Vulnerable Software and Affected Versions: IBM Jazz Foundation products IBM Rational Collaborative Lifecycle Management versions 6.0 through 6.0.6.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentiall...

5.4CVSS5.7AI score0.00673EPSS
Exploits0References4
Rows per page
Query Builder