Search
Search Results (346568 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1020019 | 1 Inveniosoftware | 1 Invenio-previewer | 2024-11-21 | N/A |
| invenio-previewer before 1.0.0a12 allows XSS. | ||||
| CVE-2019-1020018 | 1 Discourse | 1 Discourse | 2024-11-21 | 7.3 High |
| Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link. | ||||
| CVE-2019-1020017 | 1 Discourse | 1 Discourse | 2024-11-21 | 5.3 Medium |
| Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP. | ||||
| CVE-2019-1020016 | 1 Ash-aio Project | 1 Ash-aio | 2024-11-21 | N/A |
| ASH-AIO before 2.0.0.3 allows an open redirect. | ||||
| CVE-2019-1020015 | 1 Hasura | 1 Graphql Engine | 2024-11-21 | N/A |
| graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT. | ||||
| CVE-2019-1020014 | 3 Canonical, Docker, Fedoraproject | 3 Ubuntu Linux, Credential Helpers, Fedora | 2024-11-21 | 5.5 Medium |
| docker-credential-helpers before 0.6.3 has a double free in the List functions. | ||||
| CVE-2019-1020013 | 1 Parseplatform | 1 Parse-server | 2024-11-21 | N/A |
| parse-server before 3.6.0 allows account enumeration. | ||||
| CVE-2019-1020012 | 1 Parseplatform | 1 Parse-server | 2024-11-21 | N/A |
| parse-server before 3.4.1 allows DoS after any POST to a volatile class. | ||||
| CVE-2019-1020011 | 1 Charcoal-se | 1 Smokedetector | 2024-11-21 | 7.2 High |
| SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority. | ||||
| CVE-2019-1020010 | 1 Misskey | 1 Misskey | 2024-11-21 | N/A |
| Misskey before 10.102.4 allows hijacking a user's token. | ||||
| CVE-2019-1020009 | 1 Kolide | 1 Fleet | 2024-11-21 | N/A |
| Fleet before 2.1.2 allows exposure of SMTP credentials. | ||||
| CVE-2019-1020008 | 1 Stacktable.js Project | 1 Stacktable.js | 2024-11-21 | N/A |
| stacktable.js before 1.0.4 allows XSS. | ||||
| CVE-2019-1020007 | 1 Owasp | 1 Dependency-track | 2024-11-21 | N/A |
| Dependency-Track before 3.5.1 allows XSS. | ||||
| CVE-2019-1020006 | 1 Inveniosoftware | 1 Invenio-app | 2024-11-21 | N/A |
| invenio-app before 1.1.1 allows host header injection. | ||||
| CVE-2019-1020005 | 1 Inveniosoftware | 1 Invenio-communities | 2024-11-21 | N/A |
| invenio-communities before 1.0.0a20 allows XSS. | ||||
| CVE-2019-1020004 | 1 Tridactyl Project | 1 Tridactyl | 2024-11-21 | N/A |
| Tridactyl before 1.16.0 allows fake key events. | ||||
| CVE-2019-1020003 | 1 Inveniosoftware | 1 Invenio-records | 2024-11-21 | N/A |
| invenio-records before 1.2.2 allows XSS. | ||||
| CVE-2019-1020002 | 1 Pterodactyl | 1 Panel | 2024-11-21 | N/A |
| Pterodactyl before 0.7.14 with 2FA allows credential sniffing. | ||||
| CVE-2019-1020001 | 1 Yardoc | 1 Yard | 2024-11-21 | 8.8 High |
| yard before 0.9.20 allows path traversal. | ||||
| CVE-2019-1010319 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.5 Medium |
| WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe. | ||||