CVE-2019-13190
In Knowage through 6.1.1, the sign up page does not invalidate a valid CAPTCHA token. This allows for CAPTCHA bypass in the signup page.
Source: CVE-2019-13190
[월:] 2019년 09월
CVE-2019-13361
CVE-2019-13361
Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an attacker on the same Wi-Fi network.
Source: CVE-2019-13361
CVE-2019-15942
CVE-2019-15942
FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.
Source: CVE-2019-15942
CVE-2018-11569
CVE-2018-11569
Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. Fixed in version 3.5.2.
Source: CVE-2018-11569
CVE-2019-15939
CVE-2019-15939
An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp.
Source: CVE-2019-15939
CVE-2019-4321
CVE-2019-4321
IBM Intelligent Operations Center V5.1.0 – V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 – V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 – V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201.
Source: CVE-2019-4321
CVE-2019-4186
CVE-2019-4186
IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a specially crafted HTTP GET request, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-force ID: 158976.
Source: CVE-2019-4186
CVE-2019-15937
CVE-2019-15937
Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy.
Source: CVE-2019-15937
CVE-2019-4149
CVE-2019-4149
IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158415.
Source: CVE-2019-4149
CVE-2019-15938
CVE-2019-15938
Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a length field is directly used for a memcpy.
Source: CVE-2019-15938