Total
31 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-6737 | 1 Bitdefender | 1 Safepay | 2024-11-21 | 8.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIScript. The issue lies in the handling of the openFile method, which allows for an arbitrary file write with attacker controlled data. An attacker can leverage this vulnerability execute code in the context of the current process. Was ZDI-CAN-7247. | ||||
| CVE-2019-6736 | 1 Bitdefender | 1 Safepay | 2024-11-21 | 8.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of tiscript. When processing the System.Exec method the application does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7234. | ||||
| CVE-2019-17151 | 1 Tencent | 1 Wechat | 2024-11-21 | 5.4 Medium |
| This vulnerability allows remote attackers redirect users to an external resource on affected installations of Tencent WeChat Prior to 7.0.9. User interaction is required to exploit this vulnerability in that the target must be within a chat session together with the attacker. The specific flaw exists within the parsing of a users profile. The issue lies in the failure to properly validate a users name. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9302. | ||||
| CVE-2019-13322 | 1 Mi | 1 Mi Browser | 2024-11-21 | 8.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the miui.share application. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary application download. An attacker can leverage this vulnerability to execute code in the context of the user. Was ZDI-CAN-7483. | ||||
| CVE-2019-11739 | 2 Mozilla, Redhat | 2 Thunderbird, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 68.1 and Thunderbird < 60.9. | ||||
| CVE-2018-16858 | 2 Libreoffice, Redhat | 2 Libreoffice, Enterprise Linux | 2024-11-21 | N/A |
| It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location. | ||||
| CVE-2018-12403 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | N/A |
| If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63. | ||||
| CVE-2018-12374 | 4 Canonical, Debian, Mozilla and 1 more | 7 Ubuntu Linux, Debian Linux, Thunderbird and 4 more | 2024-11-21 | N/A |
| Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9. | ||||
| CVE-2018-10595 | 1 Bd | 6 Database Manager, Inoqula\+, Kiestra Tla and 3 more | 2024-11-21 | N/A |
| A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data. | ||||
| CVE-2018-10593 | 1 Bd | 6 Database Manager, Inoqula\+, Kiestra Tla and 3 more | 2024-11-21 | N/A |
| A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption. | ||||
| CVE-2024-4187 | 1 Opentext | 1 Filr | 2024-08-15 | 5.4 Medium |
| Stored XSS vulnerability has been discovered in OpenTextâ„¢ Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites. | ||||