Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-24 | CVE-2019-12940 | Allocation of Resources Without Limits or Throttling vulnerability in Livezilla LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer value of the depth parameter. | 7.1 |
| 2019-06-24 | CVE-2019-12939 | SQL Injection vulnerability in Livezilla LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter. | 7.5 |
| 2019-06-24 | CVE-2019-11648 | Information Exposure vulnerability in Netiq Self Service Password Reset An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. | 7.5 |
| 2019-06-23 | CVE-2019-12937 | Out-of-bounds Write vulnerability in Toaruos Project Toaruos apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow allowing local privilege escalation to the root user via the DISPLAY environment variable. | 7.8 |
| 2019-06-21 | CVE-2019-12572 | Uncontrolled Search Path Element vulnerability in Londontrustmedia Private Internet Access 1.0.2 A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. | 7.2 |
| 2019-06-21 | CVE-2019-11011 | Deserialization of Untrusted Data vulnerability in Akamai Cloudtest Akamai CloudTest before 58.30 allows remote code execution. | 7.5 |
| 2019-06-21 | CVE-2019-10072 | Improper Locking vulnerability in Apache Tomcat The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . | 7.5 |
| 2019-06-21 | CVE-2018-15868 | SQL Injection vulnerability in Chronoscan 1.5.4.3 SQL injection vulnerability in ChronoScan version 1.5.4.3 and earlier allows an unauthenticated attacker to execute arbitrary SQL commands via the wcr_machineid cookie. | 7.5 |
| 2019-06-21 | CVE-2018-15747 | Improper Input Validation vulnerability in Glot Glot-Www 20180519 The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a "python" "files" "content" JSON file. | 7.5 |
| 2019-06-21 | CVE-2016-7404 | Information Exposure vulnerability in Openstack Magnum OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. | 7.5 |