Last 20 Scored Vulnerability IDs & Summaries
CVSS Severity
-
CVE-2019-12875 —
Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key.
Published: June 18, 2019; 03:15:11 PM -04:00
-
CVE-2019-12436 —
Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit.
Published: June 19, 2019; 08:15:10 AM -04:00
-
CVE-2019-0316 —
SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from t... read CVE-2019-0316
Published: June 14, 2019; 03:29:00 PM -04:00
-
CVE-2019-10085 —
In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. The XSS executes when a user engages with that dropdown on that page.
Published: June 18, 2019; 08:15:12 PM -04:00
-
CVE-2019-3954 —
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call.
Published: June 18, 2019; 08:15:13 PM -04:00
-
CVE-2019-3953 —
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call.
Published: June 18, 2019; 07:15:10 PM -04:00
-
CVE-2018-18863 —
NGA ResourceLink 20.0.2.1 allows local file inclusion.
Published: June 19, 2019; 12:15:10 PM -04:00
-
CVE-2019-10962 —
BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation ter... read CVE-2019-10962
Published: June 13, 2019; 05:29:15 PM -04:00
-
CVE-2019-7579 —
An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ability exists for an unauthenticated user to browse a confidential ui/1.0.99.187766/dynamic/js/setup.js.localized file on the router's webserver, allowing for an attacker to iden... read CVE-2019-7579
Published: June 17, 2019; 03:15:11 PM -04:00
-
CVE-2019-4303 —
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tr... read CVE-2019-4303
Published: June 19, 2019; 10:15:10 AM -04:00
-
CVE-2019-4364 —
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.
Published: June 19, 2019; 10:15:11 AM -04:00
-
CVE-2019-12828 —
An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution b... read CVE-2019-12828
Published: June 14, 2019; 04:29:00 PM -04:00
-
CVE-2015-2125 —
Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.
Published: June 07, 2015; 02:59:06 PM -04:00
-
CVE-2019-12592 —
A universal Cross-site scripting (UXSS) vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame.
Published: June 18, 2019; 05:15:10 PM -04:00
-
CVE-2019-6114 —
An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. An integer overflow in the jp2 parsing library allows an attacker to overwrite memory and to execute arbitrary code.
Published: June 19, 2019; 12:15:11 PM -04:00
-
CVE-2019-11649 —
Cross-site scripting in Micro Focus Fortify software security center server, version 18.1, 18.2. The vulnerability may allow remote code execution.
Published: June 19, 2019; 01:15:11 PM -04:00
-
CVE-2019-9842 —
madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in app_code/handlers/PostHandler.cs writes a decoded base64 string to a file without valida... read CVE-2019-9842
Published: June 14, 2019; 04:29:00 PM -04:00
-
CVE-2018-18958 —
OPNsense 18.7.x before 18.7.7 has Incorrect Access Control.
Published: June 17, 2019; 05:15:09 PM -04:00
-
CVE-2019-12549 —
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key.
Published: June 17, 2019; 01:15:11 PM -04:00
-
CVE-2019-4385 —
IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.
Published: June 19, 2019; 10:15:11 AM -04:00