CVE-2017-7772
Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.
Source: CVE-2017-7772
[월:] 2019년 04월
CVE-2018-13137
CVE-2018-13137
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI.
Source: CVE-2018-13137
CVE-2018-16256 (wp_all_import)
CVE-2018-16256 (wp_all_import)
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule).
Source: CVE-2018-16256 (wp_all_import)
CVE-2018-16255
CVE-2018-16255
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate.
Source: CVE-2018-16255
CVE-2019-1574 (expedition_migration_tool)
CVE-2019-1574 (expedition_migration_tool)
Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View.
CVE-2018-6239
CVE-2018-6239
NVIDIA Jetson TX2 contains a vulnerability by means of speculative execution where local and unprivileged code may access the contents of cached information in an unauthorized manner, which may lead to information disclosure. The updates apply to all versions prior to and including R28.3.
Source: CVE-2018-6239
CVE-2017-14199
CVE-2017-14199
A buffer overflow has been found in the Zephyr Project’s getaddrinfo() implementation in 1.9.0 and 1.10.0.
Source: CVE-2017-14199
CVE-2018-6269
CVE-2018-6269
NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) handling for user mode requests could create a non-trusted pointer dereference, which may lead to information disclosure, denial of service, escalation of privileges, or code execution. The updates apply to all versions prior to and including R28.3.
Source: CVE-2018-6269
CVE-2019-11213
CVE-2019-11213
In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2013-6024. (The endpoint would need to be already compromised for exploitation to succeed.) This affects Pulse Desktop Client 5.x before Secure Desktop 5.3R7 and Pulse Desktop Client 9.x before Secure Desktop 9.0R3. It also affects (for Network Connect customers) Pulse Connect Secure 8.1 before 8.1R14, 8.3 before 8.3R7, and 9.0 before 9.0R3.
Source: CVE-2019-11213
CVE-2019-11196
CVE-2019-11196
An authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management System (IUMS) allows unauthenticated, remote attackers to gain administrator privileges via the Teachers Web Panel (TWP) User ID or Password field. If exploited, the attackers could perform any actions with administrator privileges (e.g., enumerate/delete all the students’ personal information or modify various settings).
Source: CVE-2019-11196