Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-5456 |
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later. Published: July 30, 2019; 5:15:12 PM -0400 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 4.3 MEDIUM |
CVE-2019-5455 |
Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process. Published: July 30, 2019; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.8 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2019-5454 |
SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account. Published: July 30, 2019; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-5453 |
Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider. Published: July 30, 2019; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 3.6 LOW |
CVE-2019-5452 |
Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved. Published: July 30, 2019; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 2.4 LOW V2.0: 2.1 LOW |
CVE-2019-5451 |
Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time. Published: July 30, 2019; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 4.6 MEDIUM V2.0: 2.1 LOW |
CVE-2019-5450 |
Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML. Published: July 30, 2019; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.8 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2019-5449 |
A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events. Published: July 30, 2019; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2019-5448 |
Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network. Published: July 30, 2019; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 4.3 MEDIUM |
CVE-2019-13026 |
OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary. Published: July 30, 2019; 4:15:12 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-14383 |
J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. Published: July 30, 2019; 3:15:13 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-14382 |
DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. Published: July 30, 2019; 3:15:13 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-14380 |
libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files. Published: July 30, 2019; 3:15:13 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20871 |
In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on root_squash, weak file permissions ("other" write access) occur in certain cases (GE-6890). Published: July 30, 2019; 3:15:13 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2018-20861 |
libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files. Published: July 30, 2019; 3:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20860 |
libopenmpt before 0.3.13 allows a crash with malformed MED files. Published: July 30, 2019; 3:15:13 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20859 |
edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem. Published: July 30, 2019; 3:15:12 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-18381 |
The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials. Published: July 30, 2019; 3:15:11 PM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2019-14313 |
A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php. Published: July 30, 2019; 2:15:16 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2019-14242 |
An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges. Published: July 30, 2019; 2:15:16 PM -0400 |
V4.0:(not available) V3.0: 6.7 MEDIUM V2.0: 7.2 HIGH |