CVE-2019-5460

Double Free in VLC versions <= 3.0.6 leads to a crash.

Source: CVE-2019-5460

CVE-2019-5456

SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later.

Source: CVE-2019-5456

CVE-2019-5457

Cross-site scripting (XSS) vulnerability in min-http-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim’s browser.

Source: CVE-2019-5457

CVE-2019-5458

Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim’s browser.

Source: CVE-2019-5458

CVE-2019-5459

An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.

Source: CVE-2019-5459

CVE-2019-5453

Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider.

Source: CVE-2019-5453

CVE-2019-5455

Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process.

Source: CVE-2019-5455

CVE-2019-5449

A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events.

Source: CVE-2019-5449

CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network.

Source: CVE-2019-5448

CVE-2019-5452

Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved.

Source: CVE-2019-5452