Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 100857 entries
IDDescriptionPriorityModified date
CVE-2019-1020019 invenio-previewer before 1.0.0a12 allows XSS. MEDIUM Jul 31, 2019
CVE-2019-1020018 Discourse before v2.4.0.beta2 lacks a confirmation screen when logging in via an email link. HIGH Aug 1, 2019
CVE-2019-1020017 Discourse before v2.4.0.beta2 lacks a confirmation screen when logging in via a user-api OTP. MEDIUM Aug 1, 2019
CVE-2019-1020016 ASH-AIO before 2.0.0.3 allows an open redirect. MEDIUM Aug 1, 2019
CVE-2019-1020015 graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT. MEDIUM Aug 5, 2019
CVE-2019-1020014 docker-credential-helpers before 0.6.3 has a double free in the List functions. LOW Aug 5, 2019
CVE-2019-1020013 parse-server before 3.6.0 allows account enumeration. MEDIUM Aug 1, 2019
CVE-2019-1020012 parse-server before 3.4.1 allows DoS after any POST to a volatile class. MEDIUM Aug 2, 2019
CVE-2019-1020011 SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority. MEDIUM Aug 5, 2019
CVE-2019-1020010 Misskey before 10.102.4 allows hijacking a user\'s token. MEDIUM Aug 5, 2019
CVE-2019-1020009 Fleet before 2.1.2 allows exposure of SMTP credentials. MEDIUM Jul 31, 2019
CVE-2019-1020008 stacktable.js before 1.0.4 allows XSS. MEDIUM Jul 31, 2019
CVE-2019-1020007 Dependency-Track before 3.5.1 allows XSS. LOW Jul 30, 2019
CVE-2019-1020006 invenio-app before 1.1.1 allows host header injection. MEDIUM Aug 1, 2019
CVE-2019-1020005 invenio-communities before 1.0.0a20 allows XSS. LOW Aug 1, 2019
CVE-2019-1020004 Tridactyl before 1.16.0 allows fake key events. MEDIUM Aug 1, 2019
CVE-2019-1020003 invenio-records before 1.2.2 allows XSS. LOW Aug 1, 2019
CVE-2019-1020002 Pterodactyl before 0.7.14 with 2FA allows credential sniffing. MEDIUM Jul 31, 2019
CVE-2019-1020001 yard before 0.9.20 allows path traversal. MEDIUM Jul 29, 2019
CVE-2019-1010319 WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe. MEDIUM Jul 11, 2019
CVE-2019-1010318 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11498. Reason: This candidate is a reservation duplicate of CVE-2019-11498. Notes: All CVE users should reference CVE-2019-11498 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. -- Jul 14, 2019
CVE-2019-1010317 WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b. MEDIUM Jul 11, 2019
CVE-2019-1010316 pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. The impact is: False locking impression when run in a non-X11 session. The fixed version is: 0.4. MEDIUM Jul 14, 2019
CVE-2019-1010315 WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc. MEDIUM Jul 11, 2019
CVE-2019-1010314 Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim\'s browser, when the vulnerable repo page is loaded. The component is: repository\'s description. The attack vector is: victim must navigate to public and affected repo page. MEDIUM Jul 12, 2019
CVE-2019-1010312 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11455. Reason: This candidate is a reservation duplicate of CVE-2019-11455. Notes: All CVE users should reference CVE-2019-11455 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. -- Jul 13, 2019
CVE-2019-1010311 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11454. Reason: This candidate is a reservation duplicate of CVE-2019-11454. Notes: All CVE users should reference CVE-2019-11454 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. -- Jul 13, 2019
CVE-2019-1010310 GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools > Reminder > Description .. Set the description to any iframe/form tags and apply. The attack vector is: The attacker puts a login form, the user fills it and clicks on submit .. the request is sent to the attacker domain saving the data. The fixed version is: 9.4.1. LOW Jul 18, 2019
CVE-2019-1010309 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-9686. Reason: This candidate is a reservation duplicate of CVE-2019-9686. Notes: All CVE users should reference CVE-2019-9686 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. -- Jul 13, 2019
CVE-2019-1010308 Aquaverde GmbH Aquarius CMS prior to version 4.1.1 is affected by: Incorrect Access Control. The impact is: The access to the log file is not restricted. It contains sensitive information like passwords etc. The component is: log file. The attack vector is: open the file. MEDIUM Jul 22, 2019
CVE-2019-1010307 GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vector is: 1- User Create a ticket , 2- Admin opens another ticket and click on the \"Link Tickets\" feature, 3- a request to the endpoint fetches js and executes it. LOW Jul 18, 2019
CVE-2019-1010306 Slanger 0.6.0 is affected by: Remote Code Execution (RCE). The impact is: A remote attacker can execute arbitrary commands by sending a crafted request to the server. The component is: Message handler & request validator. The attack vector is: Remote unauthenticated. The fixed version is: after commit 5267b455caeb2e055cccf0d2b6a22727c111f5c3. HIGH Jul 30, 2019
CVE-2019-1010305 libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d. MEDIUM Jul 15, 2019
CVE-2019-1010304 Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. This commit was released as part of 2.0.0 release is affected by: Incorrect Access Control. The impact is: Important. The component is: ProductVariant type in GraphQL API. The attack vector is: Unauthenticated user can access the GraphQL API (which is by default publicly exposed under `/graphql/` URL) and fetch products data which may include admin-restricted shop\'s revenue data. The fixed version is: 2.3.1. MEDIUM Jul 30, 2019
CVE-2019-1010302 jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file. MEDIUM Jul 17, 2019
CVE-2019-1010301 jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file. MEDIUM Jul 17, 2019
CVE-2019-1010300 mz-automation libiec61850 1.3.2 1.3.1 1.3.0 is affected by: Buffer Overflow. The impact is: Software crash. The component is: server_example_complex_array. The attack vector is: Send a specific MMS protocol packet. MEDIUM Jul 22, 2019
CVE-2019-1010299 The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator over an empty VecDeque. The fixed version is: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d. MEDIUM Jul 18, 2019
CVE-2019-1010298 Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later. HIGH Jul 16, 2019
CVE-2019-1010297 Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later. HIGH Jul 16, 2019
CVE-2019-1010296 Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later. HIGH Jul 16, 2019
CVE-2019-1010295 Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later. HIGH Jul 16, 2019
CVE-2019-1010294 Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later. MEDIUM Jul 16, 2019
CVE-2019-1010293 Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later. HIGH Jul 16, 2019
CVE-2019-1010292 Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0. HIGH Jul 22, 2019
CVE-2019-1010290 Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a \"newurl\" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any legitimate site using Babel to redirect user to a URL of his/her choosing. MEDIUM Jul 19, 2019
CVE-2019-1010287 Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a \"redirect\" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url. MEDIUM Jul 22, 2019
CVE-2019-1010283 Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later. MEDIUM Jul 22, 2019
CVE-2019-1010279 Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3. MEDIUM Jul 18, 2019
CVE-2019-1010275 helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm (many files updated, see https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50). The attack vector is: A malicious client could connect to the server over the network. The fixed version is: 2.7.2. HIGH Jul 24, 2019
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version.
Live chat
Online