|
215221
|
9.8 |
CRITICAL
Network
|
eclass
|
eclass_ip
|
eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenview_left.php StudentID parameter.
|
CWE-89
SQL Injection
|
CVE-2019-9885
|
2024-11-21 13:52 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215222
|
9.8 |
CRITICAL
Network
|
eclass
|
eclass_ip
|
eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-9884
|
2024-11-21 13:52 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215223
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
|
A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. This vulnerability affects Firefox < 67.
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2019-9821
|
2024-11-21 13:52 |
2019-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215224
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox_esr
firefox
thunderbird
|
A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.…
|
CWE-416
Use After Free
|
CVE-2019-9820
|
2024-11-21 13:52 |
2019-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215225
|
9.8 |
CRITICAL
Network
|
mozilla
|
thunderbird
firefox_esr
firefox
|
A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefo…
|
CWE-843
Type Confusion
|
CVE-2019-9819
|
2024-11-21 13:52 |
2019-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215226
|
8.3 |
HIGH
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploi…
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2019-9818
|
2024-11-21 13:52 |
2019-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215227
|
5.3 |
MEDIUM
Network
|
mozilla
|
thunderbird
firefox_esr
firefox
|
Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerabi…
|
CWE-346
Origin Validation Error
|
CVE-2019-9817
|
2024-11-21 13:52 |
2019-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215228
|
5.9 |
MEDIUM
Network
|
mozilla
|
thunderbird
firefox_esr
firefox
|
A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vu…
|
CWE-843
Type Confusion
|
CVE-2019-9816
|
2024-11-21 13:52 |
2019-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215229
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
|
Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-9814
|
2024-11-21 13:52 |
2019-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215230
|
8.3 |
HIGH
Network
|
mozilla
debian
novell
opensuse
|
firefox
firefox_esr
thunderbird
debian_linux
suse_package_hub_for_suse_linux_enterprise
leap
|
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This v…
|
CWE-74
Injection
|
CVE-2019-9811
|
2024-11-21 13:52 |
2019-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
