|
211441
|
7.8 |
HIGH
Local
|
debian
canonical
opensuse
fedoraproject
libreoffice
|
debian_linux
ubuntu_linux
leap
fedora
libreoffice
|
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to …
|
CWE-22
Path Traversal
|
CVE-2019-9852
|
2024-11-21 13:52 |
2019-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211442
|
9.8 |
CRITICAL
Network
|
debian
canonical
opensuse
fedoraproject
libreoffice
|
debian_linux
ubuntu_linux
leap
fedora
libreoffice
|
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection …
|
CWE-20
Improper Input Validation
|
CVE-2019-9851
|
2024-11-21 13:52 |
2019-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211443
|
9.8 |
CRITICAL
Network
|
debian
canonical
opensuse
fedoraproject
libreoffice
|
debian_linux
ubuntu_linux
leap
fedora
libreoffice
|
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice…
|
CWE-20
Improper Input Validation
|
CVE-2019-9850
|
2024-11-21 13:52 |
2019-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211444
|
9.8 |
CRITICAL
Network
|
eclass
|
eclass_ip
|
eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenview_left.php StudentID parameter.
|
CWE-89
SQL Injection
|
CVE-2019-9885
|
2024-11-21 13:52 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211445
|
9.8 |
CRITICAL
Network
|
eclass
|
eclass_ip
|
eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-9884
|
2024-11-21 13:52 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211446
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
|
A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. This vulnerability affects Firefox < 67.
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2019-9821
|
2024-11-21 13:52 |
2019-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211447
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox_esr
firefox
thunderbird
|
A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.…
|
CWE-416
Use After Free
|
CVE-2019-9820
|
2024-11-21 13:52 |
2019-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211448
|
9.8 |
CRITICAL
Network
|
mozilla
|
thunderbird
firefox_esr
firefox
|
A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefo…
|
CWE-843
Type Confusion
|
CVE-2019-9819
|
2024-11-21 13:52 |
2019-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211449
|
8.3 |
HIGH
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploi…
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2019-9818
|
2024-11-21 13:52 |
2019-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211450
|
5.3 |
MEDIUM
Network
|
mozilla
|
thunderbird
firefox_esr
firefox
|
Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerabi…
|
CWE-346
Origin Validation Error
|
CVE-2019-9817
|
2024-11-21 13:52 |
2019-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
