Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-15134 |
RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _receive in sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloop.c upon receiving an ACK before a SYN. Published: August 17, 2019; 2:15:10 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2019-15133 |
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero. Published: August 17, 2019; 2:15:10 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-15132 |
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php. Published: August 17, 2019; 2:15:10 PM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2019-14937 |
REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data. Published: August 17, 2019; 1:15:10 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 6.0 MEDIUM |
CVE-2019-13069 |
extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service. Published: August 17, 2019; 1:15:09 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2019-15116 |
The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging. Published: August 16, 2019; 5:15:13 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-15115 |
The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF. Published: August 16, 2019; 5:15:13 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-15114 |
The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF. Published: August 16, 2019; 5:15:13 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-15113 |
The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF. Published: August 16, 2019; 5:15:13 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-20974 |
The js-jobs plugin before 1.0.7 for WordPress has CSRF. Published: August 16, 2019; 5:15:11 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-20973 |
The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion. Published: August 16, 2019; 5:15:11 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-20972 |
The companion-auto-update plugin before 3.2.1 for WordPress has CSRF. Published: August 16, 2019; 5:15:11 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-20971 |
The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan. Published: August 16, 2019; 5:15:11 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-18547 |
The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms. Published: August 16, 2019; 5:15:11 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-18546 |
The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF. Published: August 16, 2019; 5:15:10 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-18545 |
The invite-anyone plugin before 1.3.16 for WordPress has incorrect escaping of untrusted Dashboard and front-end input. Published: August 16, 2019; 5:15:10 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-18544 |
The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF. Published: August 16, 2019; 5:15:10 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-18543 |
The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations. Published: August 16, 2019; 5:15:10 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-18542 |
The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues. Published: August 16, 2019; 5:15:10 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-18541 |
The xo-security plugin before 1.5.3 for WordPress has XSS. Published: August 16, 2019; 5:15:10 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |