Max CVSS | 9.3 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2019-12765 | 7.5 |
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.
|
30-01-2023 - 16:03 | 11-06-2019 - 19:29 | |
CVE-2019-12766 | 4.3 |
An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors.
|
30-01-2023 - 16:03 | 11-06-2019 - 19:29 | |
CVE-2004-2570 | 5.0 |
Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a false URL to the user.
|
28-02-2022 - 18:29 | 31-12-2004 - 05:00 | |
CVE-2019-3888 | 5.0 |
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUE
|
20-02-2022 - 06:11 | 12-06-2019 - 14:29 | |
CVE-2019-0174 | 2.1 |
Logic condition in specific microprocessors may allow an authenticated user to potentially enable partial physical address information disclosure via local access.
|
24-08-2020 - 17:37 | 13-06-2019 - 16:29 | |
CVE-2019-11687 | 9.3 |
An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b. The preamble of a DICOM file that complies with this specification can contain the header for an executable file, such as Portable Executable (PE)
|
20-11-2019 - 15:15 | 02-05-2019 - 22:29 | |
CVE-2019-3872 | 3.5 |
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unau
|
09-10-2019 - 23:49 | 12-06-2019 - 14:29 | |
CVE-2019-10157 | 2.1 |
It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NB
|
09-10-2019 - 23:44 | 12-06-2019 - 14:29 | |
CVE-2019-3873 | 6.0 |
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further a
|
06-07-2019 - 19:15 | 12-06-2019 - 14:29 |