CVE-2019-12461
Web Port 1.19.1 allows XSS via the /log type parameter.
Source: CVE-2019-12461
[월:] 2019년 05월
CVE-2019-12458
CVE-2019-12456
CVE-2019-12456
An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability.
Source: CVE-2019-12456
CVE-2019-12457
CVE-2019-12455
CVE-2019-12455
An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).
Source: CVE-2019-12455
CVE-2019-12454
CVE-2019-12454
An issue was discovered in wcd9335_codec_enable_dec in sound/soc/codecs/wcd9335.c in the Linux kernel through 5.1.5. It uses kstrndup instead of kmemdup_nul, which allows attackers to have an unspecified impact via unknown vectors.
Source: CVE-2019-12454
CVE-2019-6981
CVE-2019-6981
Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component.
Source: CVE-2019-6981
CVE-2019-6980
CVE-2019-6980
Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component.
Source: CVE-2019-6980
CVE-2018-20160
CVE-2018-20160
ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd.
Source: CVE-2018-20160
CVE-2018-18631
CVE-2018-18631
mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS.
Source: CVE-2018-18631