| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow. |
| An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution. |
| An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact. |
| An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault). |
| CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names. |
| wancms 1.0 through 5.0 allows remote attackers to cause a denial of service (resource consumption) via a checkcode (aka verification code) URI in which the values of font_size, width, and height are large numbers. |
| An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL. |
| The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php. |
| An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp. |
| An issue has been discovered in Bento4 1.5.1-624. AP4_Mp4AudioDsiParser::ReadBits in Codecs/Ap4Mp4AudioInfo.cpp has a heap-based buffer over-read. |
| An issue has been discovered in Bento4 1.5.1-624. A NULL pointer dereference can occur in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp. |
| An issue has been discovered in Bento4 1.5.1-624. AP4_MemoryByteStream::WritePartial in Core/Ap4ByteStream.cpp has a buffer over-read. |
| An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Mpeg2TsAudioSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp, a different vulnerability than CVE-2018-14532. |
| An issue has been discovered in Bento4 1.5.1-624. AP4_BytesToUInt16BE in Core/Ap4Utils.h has a heap-based buffer over-read after a call from the AP4_Stz2Atom class. |
| An issue has been discovered in Bento4 1.5.1-624. AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp has a heap-based buffer over-read. |
| xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account. |
| index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account. |
| Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific embedded resource file. |
| GolemCMS through 2008-12-24, if the install/ directory remains active after an installation, allows remote attackers to execute arbitrary PHP code by inserting this code into the "Database Information" "Table prefix" form field, or obtain sensitive information via a direct request for install/install.sql. |
| The mintTokens function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable. |
