|
224181
|
8.8 |
HIGH
Network
|
mozilla
opensuse
canonical
|
firefox
firefox_esr
thunderbird
leap
ubuntu_linux
|
The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a poten…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-17005
|
2024-11-21 13:31 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224182
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox < …
|
NVD-CWE-noinfo
|
CVE-2019-17002
|
2024-11-21 13:31 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224183
|
6.1 |
MEDIUM
Network
|
mozilla
|
firefox
|
A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-…
|
CWE-79
Cross-site Scripting
|
CVE-2019-17001
|
2024-11-21 13:31 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224184
|
6.1 |
MEDIUM
Network
|
mozilla
|
firefox
|
An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URI…
|
CWE-79
Cross-site Scripting
|
CVE-2019-17000
|
2024-11-21 13:31 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224185
|
9.8 |
CRITICAL
Network
|
jamf
|
jamf
|
An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1. Deserialization of untrusted data when parsing JSON in several APIs may cause Denial of Service (DoS), remote code execution (RCE), an…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-17076
|
2024-11-21 13:31 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224186
|
5.4 |
MEDIUM
Network
|
tencent
|
wechat
|
This vulnerability allows remote attackers redirect users to an external resource on affected installations of Tencent WeChat Prior to 7.0.9. User interaction is required to exploit this vulnerabilit…
|
CWE-601
Open Redirect
|
CVE-2019-17151
|
2024-11-21 13:31 |
2020-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224187
|
7.8 |
HIGH
Local
|
parallels
|
parallels_desktop
|
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop version 14.1.3 (45485). An attacker must first obtain the ability to …
|
CWE-78
OS Command
|
CVE-2019-17148
|
2024-11-21 13:31 |
2020-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224188
|
8.8 |
HIGH
Network
|
tp-link
|
tl-wr841n_firmware
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific…
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-17147
|
2024-11-21 13:31 |
2020-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224189
|
9.8 |
CRITICAL
Network
|
dlink
|
dcs-935l_firmware
dcs-960l_firmware
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L v1.07.102. Authentication is not required to exploit this vulnerability. The specific…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-17146
|
2024-11-21 13:31 |
2020-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224190
|
6.1 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
OX App Suite through 7.10.2 has XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16717
|
2024-11-21 13:31 |
2020-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
