| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. |
| A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. |
| Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields. |
| Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number. |
| An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf. |
| Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column. |
| Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article. |
| Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search. |
| In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly. |
| In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly. |
| In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters. |
| In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users. |
| In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user. |
| JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages. |
| In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration. |
| In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed. |
| In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution. |
| In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments. |
| In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly. |
| In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution. |
