CVE-2018-9593
In llcp_dlc_proc_i_pdu of llcp_dlc.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116722267.
Source: CVE-2018-9593
CVE-2019-6489
Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allows remote attackers to erase stored shortcuts.
Source: CVE-2019-6489
CVE-2018-18569
The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests (with certain restrictions) that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as an image" feature. This could be leveraged to provide a proxy to attack other servers (internal or external) or to perform network scans of external or internal networks.
Source: CVE-2018-18569
CVE-2019-7748
_includesonline.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists.
Source: CVE-2019-7748
CVE-2018-20242
A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking.
Source: CVE-2018-20242
CVE-2019-7747
DbNinja 3.2.7 allows session fixation via the data.php sessid parameter.
Source: CVE-2019-7747
CVE-2019-7737
A CSRF vulnerability was found in Verydows v2.0 that can add an admin acount via index.php?m=backend&c=admin&a=add&step=submit.
Source: CVE-2019-7737
CVE-2019-7738
C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI.
Source: CVE-2019-7738
CVE-2018-17542
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.
Source: CVE-2018-17542
CVE-2019-5736
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
Source: CVE-2019-5736