Search
Search Results (84 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-3787 | 1 Pivotal Software | 1 Cloud Foundry Uaa-release | 2024-11-21 | N/A |
| Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to a potentially fraudulent address. This would allow the attacker to gain complete control of the user's account. | ||||
| CVE-2019-15608 | 1 Yarnpkg | 1 Yarn | 2024-11-21 | 5.9 Medium |
| The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack. | ||||
| CVE-2024-51523 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 7.1 High |
| Information management vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-42034 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-11 | 6.6 Medium |
| LaunchAnywhere vulnerability in the account module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||