Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed. Date published :...
Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser’s UI locale by measuring a button width, even if the user has a "Don’t send my language"...
** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of...
** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of...
**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being...
** DISPUTED ** An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This...
** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of...
Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via the User ID parameter to the login form. Date published : 2019-05-27 http://packetstormsecurity.com/files/153084/Petraware-pTransformer-ADC-SQL-Injection.html https://faudhzanrahman.blogspot.com/2019/05/sql-injection-on-login-form.html
EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php. Date published : 2019-05-27 https://github.com/coolboy0816/audit/issues/4
EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page....
A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow...
XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress. Date published : 2019-05-27 Hostel https://wpvulndb.com/vulnerabilities/9289
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags. Date published : 2019-05-24 http://www.openwall.com/lists/oss-security/2016/09/30/5 https://github.com/exponentcms/exponent-cms/commit/fdafb5ec97838e4edbd685f587f28d3174ebb3db
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php. Date published : 2019-05-24 http://www.openwall.com/lists/oss-security/2016/09/30/5 https://github.com/exponentcms/exponent-cms/commit/99636b2118cd9af4eb9920f6b6c228bd824593d2