10 matches found
EUVD-2019-18622
Malware in sbrugna...
Upgraded Q -> 2 from #362 [1676219107265]
Judge has assessed an item in Issue 362 as 2 risk. The relevant finding follows: N‑01 Upgradeable contract is missing a gap50 storage variable to allow for new storage variables in later versions --- The text was updated successfully, but these errors were encountered: All reactions...
Upgraded Q -> 2 from #533 [1676218902616]
Judge has assessed an item in Issue 533 as 2 risk. The relevant finding follows: Upgradeable contract is missing a gap50 storage variable to allow for new storage variables in later versions --- The text was updated successfully, but these errors were encountered: All reactions...
Stored cross-site scripting in Grid component in Vaadin 7 and 8
Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 Vaadin 7.4.0 through 7.7.19, and 8.0.0 through 8.8.4 Vaadin 8.0.0 through 8.8.4 allows attacker to inject malicious JavaScript via unspecified vector. -...
CVE-2020-24455
Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3...
CVE-2019-9319
In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111762100...
Information disclosure
In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112052258...
CVE-2019-9319
CVE-2019-9319 affects Android 10 media stack (libavc) where a missing variable initialization in the library can lead to remote information disclosure without extra execution privileges. Exploitation requires user interaction. The Android 10 security release notes state these issues are addressed...
Qibo CMS SQL Injection Vulnerability
Qibo CMS system is a PHP168 website management system created by Guangzhou Xietian Software Technology Co. A SQL injection vulnerability exists in Qibo CMS v7.0, due to the omission of the variable $TBpre, which can be exploited by attackers to obtain sensitive information...
Moderate: Red Hat Security Advisory: squirrelmail security update
An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. Jimmy Conner...