|
223151
|
5.3 |
MEDIUM
Network
|
torproject
|
tor_browser
|
Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language…
|
CWE-200
Information Exposure
|
CVE-2019-13075
|
2024-11-21 13:24 |
2019-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223152
|
5.4 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.
|
CWE-79
Cross-site Scripting
|
CVE-2019-13072
|
2024-11-21 13:24 |
2019-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223153
|
5.4 |
MEDIUM
Network
|
grafana
|
grafana
|
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).
|
CWE-79
Cross-site Scripting
|
CVE-2019-13068
|
2024-11-21 13:24 |
2019-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223154
|
9.8 |
CRITICAL
Network
|
f5
|
njs
|
njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-13067
|
2024-11-21 13:24 |
2019-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223155
|
6.5 |
MEDIUM
Adjacent
|
logitech
|
unifying_receiver_firmware
k360_firmware
|
Certain Logitech Unifying devices allow attackers to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a…
|
CWE-200
Information Exposure
|
CVE-2019-13055
|
2024-11-21 13:24 |
2019-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223156
|
6.5 |
MEDIUM
Adjacent
|
logitech
|
r500_firmware
|
The Logitech R500 presentation clicker allows attackers to determine the AES key, leading to keystroke injection. On Windows, any text may be injected by using ALT+NUMPAD input to bypass the restrict…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-13054
|
2024-11-21 13:24 |
2019-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223157
|
6.5 |
MEDIUM
Adjacent
|
logitech
|
unifying_receiver_firmware
|
Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a "magic" key combination while sniffing cryptographic data from a Radio Frequency transmission. NOT…
|
NVD-CWE-noinfo
|
CVE-2019-13053
|
2024-11-21 13:24 |
2019-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223158
|
6.5 |
MEDIUM
Adjacent
|
logitech
|
unifying_receiver_firmware
|
Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2019-13052
|
2024-11-21 13:24 |
2019-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223159
|
7.5 |
HIGH
Network
|
gnupg
sks_keyserver_project
fedoraproject
opensuse
f5
|
gnupg
sks_keyserver
fedora
leap
traffix_signaling_delivery_controller
|
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the…
|
CWE-295
Improper Certificate Validation
|
CVE-2019-13050
|
2024-11-21 13:24 |
2019-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223160
|
7.8 |
HIGH
Local
|
toaruos_project
|
toaruos
|
An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows users to map arbitrary kernel pages into userland process space via TOARU_SYS_FUNC_MMAP, leading to escalation of privileges.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-13049
|
2024-11-21 13:24 |
2019-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
