CVE-2012-5476

Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.

Source: CVE-2012-5476

CVE-2012-5645

A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption.

Source: CVE-2012-5645

CVE-2019-20149

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by ‘constructor’: {‘name’:’Symbol’}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.

Source: CVE-2019-20149

CVE-2019-19806

_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message indicating whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses.

Source: CVE-2019-19806

CVE-2019-19470

An attacker who has already compromised the local system could use TinyWall Controller to gain additional privileges by attaching a debugger to the running process and modifying the code in memory. Vulnerability fixed in version 2.1.13.

Source: CVE-2019-19470

CVE-2019-19805

_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 takes a different amount of time to return depending on whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses.

Source: CVE-2019-19805

CVE-2019-20141

An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.

Source: CVE-2019-20141

CVE-2019-13445

An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. parseOptions() in tools/rosbag/src/record.cpp has an integer overflow when a crafted split option can be entered on the command line.

Source: CVE-2019-13445

CVE-2019-13465

An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. ROS_ASSERT_MSG only works when ROS_ASSERT_ENABLED is defined. This leads to a problem in the remove() function in clients/roscpp/src/libros/spinner.cpp. When ROS_ASSERT_ENABLED is not defined, the iterator loop will run out of the scope of the array, and cause denial of service for other components (that depend on the communication-related functions of this package).

Source: CVE-2019-13465

CVE-2019-5003

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.

Source: CVE-2019-5003