|
223451
|
7.8 |
HIGH
Local
|
xnview
|
xnview
|
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000384e2a.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-13083
|
2024-11-21 13:24 |
2019-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223452
|
9.8 |
CRITICAL
Network
|
chamilo
|
chamilo_lms
|
Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extra…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-13082
|
2024-11-21 13:24 |
2019-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223453
|
5.3 |
MEDIUM
Network
|
torproject
|
tor_browser
|
Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language…
|
CWE-200
Information Exposure
|
CVE-2019-13075
|
2024-11-21 13:24 |
2019-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223454
|
5.4 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.
|
CWE-79
Cross-site Scripting
|
CVE-2019-13072
|
2024-11-21 13:24 |
2019-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223455
|
5.4 |
MEDIUM
Network
|
grafana
|
grafana
|
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).
|
CWE-79
Cross-site Scripting
|
CVE-2019-13068
|
2024-11-21 13:24 |
2019-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223456
|
9.8 |
CRITICAL
Network
|
f5
|
njs
|
njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-13067
|
2024-11-21 13:24 |
2019-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223457
|
6.5 |
MEDIUM
Adjacent
|
logitech
|
unifying_receiver_firmware
k360_firmware
|
Certain Logitech Unifying devices allow attackers to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a…
|
CWE-200
Information Exposure
|
CVE-2019-13055
|
2024-11-21 13:24 |
2019-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223458
|
6.5 |
MEDIUM
Adjacent
|
logitech
|
r500_firmware
|
The Logitech R500 presentation clicker allows attackers to determine the AES key, leading to keystroke injection. On Windows, any text may be injected by using ALT+NUMPAD input to bypass the restrict…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-13054
|
2024-11-21 13:24 |
2019-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223459
|
6.5 |
MEDIUM
Adjacent
|
logitech
|
unifying_receiver_firmware
|
Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a "magic" key combination while sniffing cryptographic data from a Radio Frequency transmission. NOT…
|
NVD-CWE-noinfo
|
CVE-2019-13053
|
2024-11-21 13:24 |
2019-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223460
|
6.5 |
MEDIUM
Adjacent
|
logitech
|
unifying_receiver_firmware
|
Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2019-13052
|
2024-11-21 13:24 |
2019-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
