CVE-2019-6804
An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp.
Source: CVE-2019-6804
[월:] 2019년 01월
CVE-2019-6803
CVE-2019-6803
typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outline bar.
Source: CVE-2019-6803
CVE-2017-18359
CVE-2017-18359
PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D(‘LINESTRING EMPTY’);" because empty geometries are mishandled.
Source: CVE-2017-18359
CVE-2019-6802
CVE-2019-6802
CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI.
Source: CVE-2019-6802
CVE-2018-16098
CVE-2018-16098
In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.
Source: CVE-2018-16098
CVE-2018-12237
CVE-2018-12237
The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges.
Source: CVE-2018-12237
CVE-2018-18981
CVE-2018-18981
In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could lead to a partial or complete denial-of-service condition to the affected services.
Source: CVE-2018-18981
CVE-2019-6780
CVE-2019-6780
The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer.
Source: CVE-2019-6780
CVE-2018-5497
CVE-2018-5497
Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.
Source: CVE-2018-5497
CVE-2018-18363
CVE-2018-18363
Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access.
Source: CVE-2018-18363