Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-15787 |
libZetta.rs through 0.1.2 has an integer overflow in the zpool parser (for error stats) that leads to a panic. Published: August 29, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2019-15783 |
Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc. Published: August 29, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-15782 |
WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name. Published: August 29, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-15780 |
The formidable plugin before 4.02.01 for WordPress has unsafe deserialization. Published: August 29, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-15777 |
The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS. Published: August 29, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-15776 |
The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file. Published: August 29, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2019-15775 |
The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. Published: August 29, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2019-15774 |
The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. Published: August 29, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2019-15773 |
The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. Published: August 29, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2019-15772 |
The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. Published: August 29, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2019-15770 |
The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks. Published: August 29, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-15769 |
The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option. Published: August 29, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-14943 |
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials. Published: August 29, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-21007 |
The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads. Published: August 29, 2019; 8:15:10 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-15767 |
In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file. Published: August 28, 2019; 11:15:11 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-15759 |
An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js. Published: August 28, 2019; 10:15:10 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-15758 |
An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js. Published: August 28, 2019; 10:15:10 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-5530 |
Windows binaries generated with InstallBuilder versions earlier than 19.7.0 are vulnerable to tampering even if they contain a valid Authenticode signature. Published: August 28, 2019; 9:15:11 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-15757 |
libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG parser in parser.c. Published: August 28, 2019; 9:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-13408 |
A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication. Published: August 28, 2019; 9:15:11 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |