Security News

Security news from: cvedetails.com

  • CVE-2019-1020018 – 29. juli 2019
    Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link. (CVSS:7.5) (Last Update:2019-10-09)
  • CVE-2019-1020006 – 29. juli 2019
    invenio-app before 1.1.1 allows host header injection. (CVSS:5.8) (Last Update:2019-08-01)
  • CVE-2019-1020005 – 29. juli 2019
    invenio-communities before 1.0.0a20 allows XSS. (CVSS:3.5) (Last Update:2019-08-01)
  • CVE-2019-1020008 – 29. juli 2019
    stacktable.js before 1.0.4 allows XSS. (CVSS:4.3) (Last Update:2019-07-31)
  • CVE-2019-1020007 – 29. juli 2019
    Dependency-Track before 3.5.1 allows XSS. (CVSS:3.5) (Last Update:2019-07-30)
  • CVE-2019-1020001 – 29. juli 2019
    yard before 0.9.20 allows path traversal. (CVSS:5.0) (Last Update:2019-08-01)
  • CVE-2019-1020009 – 29. juli 2019
    Fleet before 2.1.2 allows exposure of SMTP credentials. (CVSS:5.0) (Last Update:2019-07-31)
  • CVE-2019-1020012 – 29. juli 2019
    parse-server before 3.4.1 allows DoS after any POST to a volatile class. (CVSS:5.0) (Last Update:2019-08-02)
  • CVE-2019-1020011 – 29. juli 2019
    SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority. (CVSS:6.5) (Last Update:2019-10-09)
  • CVE-2019-1020014 – 29. juli 2019
    docker-credential-helpers before 0.6.3 has a double free in the List functions. (CVSS:2.1) (Last Update:2019-08-19)