CVE-2018-20996

An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because of destructor mishandling.

Source: CVE-2018-20996

CVE-2018-20997

An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing.

Source: CVE-2018-20997

CVE-2018-20989

An issue was discovered in the untrusted crate before 0.6.2 for Rust. Error handling can trigger an integer underflow and panic.

Source: CVE-2018-20989

CVE-2019-15549

An issue was discovered in the asn1_der crate before 0.6.2 for Rust. Attackers can trigger memory exhaustion by supplying a large value in a length field.

Source: CVE-2019-15549

CVE-2019-15557

XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key.

Source: CVE-2019-15557

CVE-2019-15555

FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php.

Source: CVE-2019-15555

CVE-2019-15637

Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.

Source: CVE-2019-15637

CVE-2019-15640

Limesurvey before 3.17.10 does not validate both the MIME type and file extension of an image.

Source: CVE-2019-15640

CVE-2019-15558

XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java.

Source: CVE-2019-15558

CVE-2019-15560

The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js.

Source: CVE-2019-15560