| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user. |
| The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using "nmap -b" and allow performing scans via the FTP server. |
| IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156. |
| XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs. |
| Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases. |
| Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter. |
| The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service (application crash) via a crafted file. |
| OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value. |
| An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites. |
| The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053. |
