|
223371
|
4.2 |
MEDIUM
Physics
|
mi
sony
samsung
google
sharp
fujitsu
|
mi_5s_plus_firmware
xperia_z4_firmware
galaxy_s6_edge_firmware
galaxy_s4_firmware
nexus_7_firmware
nexus_9_firmware
aquos_zeta_sh-04f_firmware
arrows_nx_f05-f_firmware
|
Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface…
|
NVD-CWE-noinfo
|
CVE-2019-12762
|
2024-11-21 13:23 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223372
|
7.5 |
HIGH
Network
|
python
|
pyxdg
|
A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.par…
|
CWE-94
Code Injection
|
CVE-2019-12761
|
2024-11-21 13:23 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223373
|
7.5 |
HIGH
Network
|
parso_project
|
parso
|
A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cach…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-12760
|
2024-11-21 13:23 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223374
|
4.7 |
MEDIUM
Network
|
chartkick_project
|
chartkick
|
The Chartkick gem through 3.1.0 for Ruby allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-12732
|
2024-11-21 13:23 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223375
|
7.5 |
HIGH
Network
|
sweetscape
|
010_editor
|
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the SubStr function (provided by the scripting engine) allows an attacker to cause a denial of servi…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-12555
|
2024-11-21 13:23 |
2019-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223376
|
7.5 |
HIGH
Network
|
sweetscape
|
010_editor
|
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the WSubStr function (provided by the scripting engine) allows an attacker to cause a denial of serv…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-12554
|
2024-11-21 13:23 |
2019-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223377
|
9.8 |
CRITICAL
Network
|
sweetscape
|
010_editor
|
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the StrCat function (provided by the scripting engine) allows an attacker to overwrite arbitrary mem…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-12553
|
2024-11-21 13:23 |
2019-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223378
|
8.8 |
HIGH
Network
|
bludit
|
bludit
|
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-12742
|
2024-11-21 13:23 |
2019-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223379
|
6.1 |
MEDIUM
Network
|
fhir
|
hapi_fhir
|
XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cook…
|
CWE-79
Cross-site Scripting
|
CVE-2019-12741
|
2024-11-21 13:23 |
2019-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223380
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_servicedesk_plus
|
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-12543
|
2024-11-21 13:23 |
2019-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
