CVE-2019-5450
Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML.
Source: CVE-2019-5450
[월:] 2019년 07월
CVE-2019-5454
CVE-2019-5454
SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account.
Source: CVE-2019-5454
CVE-2019-5451
CVE-2019-5451
Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time.
Source: CVE-2019-5451
CVE-2019-13026
CVE-2019-13026
OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary.
Source: CVE-2019-13026
CVE-2018-20861
CVE-2018-20861
libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files.
Source: CVE-2018-20861
CVE-2019-14380
CVE-2019-14380
libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files.
Source: CVE-2019-14380
CVE-2019-14382
CVE-2019-14382
DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.
Source: CVE-2019-14382
CVE-2018-20860
CVE-2018-20860
libopenmpt before 0.3.13 allows a crash with malformed MED files.
Source: CVE-2018-20860
CVE-2019-14383
CVE-2019-14383
J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.
Source: CVE-2019-14383
CVE-2018-20871
CVE-2018-20871
In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on root_squash, weak file permissions ("other" write access) occur in certain cases (GE-6890).
Source: CVE-2018-20871