| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687. |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, after a subsystem reset, iwpriv is not giving correct information. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user. |
| The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using "nmap -b" and allow performing scans via the FTP server. |
| IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156. |
| XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs. |
| There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. |
