invenio-previewer before 1.0.0a12 allows XSS.
Source: DWF
Max CVSS
6.1
EPSS Score
0.09%
Published
2019-07-29
Updated
2019-07-31
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.
Source: DWF
Max CVSS
7.5
EPSS Score
0.10%
Published
2019-07-29
Updated
2022-04-18
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP.
Source: DWF
Max CVSS
5.3
EPSS Score
0.09%
Published
2019-07-29
Updated
2023-03-03
ASH-AIO before 2.0.0.3 allows an open redirect.
Source: DWF
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-07-29
Updated
2019-08-01
graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT.
Source: DWF
Max CVSS
7.5
EPSS Score
0.08%
Published
2019-07-29
Updated
2021-07-21
docker-credential-helpers before 0.6.3 has a double free in the List functions.
Source: DWF
Max CVSS
5.5
EPSS Score
0.05%
Published
2019-07-29
Updated
2022-10-06
parse-server before 3.6.0 allows account enumeration.
Source: DWF
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-07-29
Updated
2020-08-24
parse-server before 3.4.1 allows DoS after any POST to a volatile class.
Source: DWF
Max CVSS
7.5
EPSS Score
0.10%
Published
2019-07-29
Updated
2019-08-02
SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority.
Source: DWF
Max CVSS
9.0
EPSS Score
0.10%
Published
2019-07-29
Updated
2022-04-18
Misskey before 10.102.4 allows hijacking a user's token.
Source: DWF
Max CVSS
6.1
EPSS Score
0.11%
Published
2019-07-29
Updated
2019-09-05
Fleet before 2.1.2 allows exposure of SMTP credentials.
Source: DWF
Max CVSS
7.5
EPSS Score
0.17%
Published
2019-07-29
Updated
2020-08-24
stacktable.js before 1.0.4 allows XSS.
Source: DWF
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-07-29
Updated
2019-07-31
Dependency-Track before 3.5.1 allows XSS.
Source: DWF
Max CVSS
5.4
EPSS Score
0.05%
Published
2019-07-29
Updated
2020-02-13
invenio-app before 1.1.1 allows host header injection.
Source: DWF
Max CVSS
6.1
EPSS Score
0.11%
Published
2019-07-29
Updated
2019-08-01
invenio-communities before 1.0.0a20 allows XSS.
Source: DWF
Max CVSS
5.4
EPSS Score
0.05%
Published
2019-07-29
Updated
2019-08-01
Tridactyl before 1.16.0 allows fake key events.
Source: DWF
Max CVSS
7.5
EPSS Score
0.08%
Published
2019-07-29
Updated
2021-07-21
invenio-records before 1.2.2 allows XSS.
Source: DWF
Max CVSS
5.4
EPSS Score
0.05%
Published
2019-07-29
Updated
2019-08-01
Pterodactyl before 0.7.14 with 2FA allows credential sniffing.
Source: DWF
Max CVSS
7.5
EPSS Score
0.17%
Published
2019-07-29
Updated
2020-08-24
yard before 0.9.20 allows path traversal.
Source: DWF
Max CVSS
7.5
EPSS Score
0.26%
Published
2019-07-29
Updated
2024-03-06
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.
Source: DWF
Max CVSS
5.5
EPSS Score
0.14%
Published
2019-07-11
Updated
2021-02-09
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b.
Source: DWF
Max CVSS
5.5
EPSS Score
0.14%
Published
2019-07-11
Updated
2022-10-06
pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. The impact is: False locking impression when run in a non-X11 session. The fixed version is: 0.4.
Source: DWF
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-07-11
Updated
2019-07-14
WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc.
Source: DWF
Max CVSS
5.5
EPSS Score
0.14%
Published
2019-07-11
Updated
2022-10-07
Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page.
Source: DWF
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-07-11
Updated
2019-07-12
GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools > Reminder > Description .. Set the description to any iframe/form tags and apply. The attack vector is: The attacker puts a login form, the user fills it and clicks on submit .. the request is sent to the attacker domain saving the data. The fixed version is: 9.4.1.
Source: DWF
Max CVSS
3.5
EPSS Score
0.05%
Published
2019-07-12
Updated
2020-08-24
1618 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!