mozilla vulnerabilities and exploits

7.2
CVSSv2
CVE-2019-0797

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808....

7.2
CVSSv2
CVE-2018-8589

An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2....

MicrosoftWindows 7Windows Server 2008
NA
CVE-2019-18511

[ASA-201905-8] thunderbird: multiple issues...

7.5
CVSSv2
CVE-2019-12279

Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form)....

NagiosNagios Xi
NA
CVE-2019-9881

WPGraphQL plugin for WordPress could allow a remote attacker to obtain sensitive information, caused by improper validation of user privileges. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain information from protected...

NA
CVE-2019-9879

WPGraphQL plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by improper validation of user privileges. By sending a specially-crafted request, an attacker could exploit this vulnerability to create administrative users....

NA
CVE-2019-9880

WPGraphQL plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by improper validation of user privileges. By sending a specially-crafted request, an attacker could exploit this vulnerability to post comments on restricted...

9
CVSSv2
CVE-2019-12185

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be...

Elabftw
9.3
CVSSv2
CVE-2019-7837

Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution....

4.3
CVSSv2
CVE-2019-11846

/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection....