Security Vulnerabilities, CVEs, Published In July 2019
invenio-previewer before 1.0.0a12 allows XSS.
Max CVSS
6.1
EPSS Score
0.09%
Published
2019-07-29
Updated
2019-07-31
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.
Max CVSS
7.5
EPSS Score
0.10%
Published
2019-07-29
Updated
2022-04-18
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP.
Max CVSS
5.3
EPSS Score
0.09%
Published
2019-07-29
Updated
2023-03-03
ASH-AIO before 2.0.0.3 allows an open redirect.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-07-29
Updated
2019-08-01
graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT.
Max CVSS
7.5
EPSS Score
0.08%
Published
2019-07-29
Updated
2021-07-21
docker-credential-helpers before 0.6.3 has a double free in the List functions.
Max CVSS
5.5
EPSS Score
0.05%
Published
2019-07-29
Updated
2022-10-06
parse-server before 3.6.0 allows account enumeration.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-07-29
Updated
2020-08-24
parse-server before 3.4.1 allows DoS after any POST to a volatile class.
Max CVSS
7.5
EPSS Score
0.10%
Published
2019-07-29
Updated
2019-08-02
SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority.
Max CVSS
9.0
EPSS Score
0.10%
Published
2019-07-29
Updated
2022-04-18
Misskey before 10.102.4 allows hijacking a user's token.
Max CVSS
6.1
EPSS Score
0.11%
Published
2019-07-29
Updated
2019-09-05
Fleet before 2.1.2 allows exposure of SMTP credentials.
Max CVSS
7.5
EPSS Score
0.17%
Published
2019-07-29
Updated
2020-08-24
stacktable.js before 1.0.4 allows XSS.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-07-29
Updated
2019-07-31
Dependency-Track before 3.5.1 allows XSS.
Max CVSS
5.4
EPSS Score
0.05%
Published
2019-07-29
Updated
2020-02-13
invenio-app before 1.1.1 allows host header injection.
Max CVSS
6.1
EPSS Score
0.11%
Published
2019-07-29
Updated
2019-08-01
invenio-communities before 1.0.0a20 allows XSS.
Max CVSS
5.4
EPSS Score
0.05%
Published
2019-07-29
Updated
2019-08-01
Tridactyl before 1.16.0 allows fake key events.
Max CVSS
7.5
EPSS Score
0.08%
Published
2019-07-29
Updated
2021-07-21
invenio-records before 1.2.2 allows XSS.
Max CVSS
5.4
EPSS Score
0.05%
Published
2019-07-29
Updated
2019-08-01
Pterodactyl before 0.7.14 with 2FA allows credential sniffing.
Max CVSS
7.5
EPSS Score
0.17%
Published
2019-07-29
Updated
2020-08-24
yard before 0.9.20 allows path traversal.
Max CVSS
7.5
EPSS Score
0.26%
Published
2019-07-29
Updated
2024-03-06
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.
Max CVSS
5.5
EPSS Score
0.14%
Published
2019-07-11
Updated
2021-02-09
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b.
Max CVSS
5.5
EPSS Score
0.14%
Published
2019-07-11
Updated
2022-10-06
pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. The impact is: False locking impression when run in a non-X11 session. The fixed version is: 0.4.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-07-11
Updated
2019-07-14
WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc.
Max CVSS
5.5
EPSS Score
0.14%
Published
2019-07-11
Updated
2022-10-07
Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-07-11
Updated
2019-07-12
GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools > Reminder > Description .. Set the description to any iframe/form tags and apply. The attack vector is: The attacker puts a login form, the user fills it and clicks on submit .. the request is sent to the attacker domain saving the data. The fixed version is: 9.4.1.
Max CVSS
3.5
EPSS Score
0.05%
Published
2019-07-12
Updated
2020-08-24