Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-07 | CVE-2019-18810 | Memory Leak vulnerability in multiple products A memory leak in the komeda_wb_connector_add() function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering drm_writeback_connector_init() failures, aka CID-a0ecd6fdbf5d. | 7.5 |
| 2019-11-07 | CVE-2019-18807 | Memory Leak vulnerability in Linux Kernel Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory consumption) by triggering static_config_buf_prepare_for_upload() or sja1105_inhibit_tx() failures, aka CID-68501df92d11. | 7.5 |
| 2019-11-07 | CVE-2019-17605 | Authorization Bypass Through User-Controlled Key vulnerability in Eyecomms Eyecms 20191015 A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. | 8.8 |
| 2019-11-07 | CVE-2019-16877 | Unspecified vulnerability in Portainer Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). | 8.8 |
| 2019-11-07 | CVE-2019-16876 | Path Traversal vulnerability in Portainer Portainer before 1.22.1 allows Directory Traversal. | 7.5 |
| 2019-11-07 | CVE-2019-12331 | XXE vulnerability in PHPoffice PHPspreadsheet PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. | 8.8 |
| 2019-11-07 | CVE-2019-18804 | NULL Pointer Dereference vulnerability in multiple products DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. | 7.5 |
| 2019-11-07 | CVE-2019-15004 | Path Traversal vulnerability in Atlassian Jira Service Desk The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. | 7.5 |
| 2019-11-06 | CVE-2019-18411 | Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. | 8.8 |
| 2019-11-06 | CVE-2014-9013 | Improper Input Validation vulnerability in Wpmarketplace Project Wpmarketplace 2.4.0 The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_insert_user. | 8.8 |