|
222711
|
7.8 |
HIGH
Local
|
valvesoftware
|
steam_client
|
Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users can replace the current versions of SteamService.exe and SteamService.dll wi…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-15315
|
2024-11-21 13:28 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222712
|
5.4 |
MEDIUM
Network
|
vanderbilt
|
redcap
|
REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15127
|
2024-11-21 13:28 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222713
|
9.6 |
CRITICAL
Network
|
mantisbt
|
mantisbt
|
The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploa…
|
CWE-79
Cross-site Scripting
|
CVE-2019-15074
|
2024-11-21 13:28 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222714
|
7.8 |
HIGH
Local
|
bitdefender
|
antivirus_2020
|
An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to…
|
CWE-426
Untrusted Search Path
|
CVE-2019-15295
|
2024-11-21 13:28 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222715
|
6.1 |
MEDIUM
Network
|
wp-slimstat
|
slimstat_analytics
|
The wp-slimstat plugin before 4.8.1 for WordPress has XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15112
|
2024-11-21 13:28 |
2019-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222716
|
9.8 |
CRITICAL
Network
|
wp_front_end_profile_project
|
wp_front_end_profile
|
The wp-front-end-profile plugin before 0.2.2 for WordPress has a privilege escalation issue.
|
NVD-CWE-noinfo
|
CVE-2019-15111
|
2024-11-21 13:28 |
2019-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222717
|
6.1 |
MEDIUM
Network
|
wp_front_end_profile_project
|
wp_front_end_profile
|
The wp-front-end-profile plugin before 0.2.2 for WordPress has XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15110
|
2024-11-21 13:28 |
2019-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222718
|
6.1 |
MEDIUM
Network
|
stellarwp
|
the_events_calendar
|
The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15109
|
2024-11-21 13:28 |
2019-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222719
|
7.8 |
HIGH
Local
|
audiocoding
debian
|
freeware_advanced_audio_decoder_2
debian_linux
|
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-15296
|
2024-11-21 13:28 |
2019-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222720
|
7.8 |
HIGH
Local
|
acdsee
|
photo_studio
|
An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 1159. There is a User Mode Write AV starting at IDE_ACDStd!IEP_ShowPlugInDialog+0x000000000023d060.
|
NVD-CWE-noinfo
|
CVE-2019-15293
|
2024-11-21 13:28 |
2019-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
