CWE:
 

Topic
Date
Author
Low
WordPress 5.1.1 Slider Revolution 4.6.5 UpdateCaptionsCSS Remote Content Injection
21.03.2019
KingSkrupellos


CVEMAP Search Results

CVE
Details
Description
2019-07-18
Medium
CVE-2019-1010262

Vendor: Scapy
Software: Scapy
 

 
scapy 2.4.0 and earlier is affected by: Denial of Services. The impact is: busy loop forever. The component is: _RADIUSAttrPacketListField class. The attack vector is: a packet sent over the network or in a pcap. The fixed version is: after commit 0d7ae2b039f650a40e511d09eb961c782da025d9.

 
2019-07-11
Medium
CVE-2019-5528

Vendor: Vmware
Software: ESXI
 

 
VMware ESXi 6.5 suffers from partial denial of service vulnerability in hostd process. Patch ESXi650-201907201-UG for this issue is available.

 
2019-07-10
Medium
CVE-2019-0319

Vendor: SAP
Software: Gateway
 

 
The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not.

 
2019-07-08
Medium
CVE-2018-11563

Vendor: OTRS
Software: OTRS
 

 
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application.

 
2019-07-05
Medium
CVE-2018-16386

Vendor: Swift
Software: Alliance web...
 

 
An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary log filename) can be achieved via the PATH_INFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error messages.

 
2019-07-03
Medium
CVE-2019-10100

Vendor: Jetbrains
Software: Youtrack int...
 

 
In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the link-text-template field to execute code remotely.

 
Low
CVE-2019-12843

Vendor: Jetbrains
Software: Teamcity
 

 
A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3.

 
Low
CVE-2019-12844

Vendor: Jetbrains
Software: Teamcity
 

 
A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3.

 
2019-07-01
Low
CVE-2019-4386

Updating...
 

 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714.

 
2019-06-29
Low
CVE-2016-10761

Vendor: Logitech
Software: K360 firmware
 

 
Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top