CVSS: 2.4EPSS: 0%CPEs: 2EXPL: 1CVE-2019-14359
https://notcve.org/view.php?id=CVE-2019-14359
On BC Vault devices, a side channel for the row-based SSD1309 OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover a data value. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. • https://bc-vault.com/2019/08/our-response-to-cve-2019-14359 • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16457
https://notcve.org/view.php?id=CVE-2018-16457
PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content/themes/template_dp_dec2015/img directory. PHP Scripts Mall Open Source Real-estate Script 3.6.2 permite que los atacantes remotos listen el directorio wp-content/themes/template_dp_dec2015/img. • https://googlequeens.com/2018/09/04/cve-2018-16457-open-source-real-estate-script-3-6-2-directory-traversal • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15189
https://notcve.org/view.php?id=CVE-2018-15189
PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile. PHP Scripts Mall advanced-real-estate-script tiene Cross-Site Scripting (XSS) mediante el campo "Name" de un perfil. • https://gkaim.com/cve-2018-15189-vikas-chaudhary • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15188
https://notcve.org/view.php?id=CVE-2018-15188
PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile. PHP Scripts Mall advanced-real-estate-script 4.0.9 permite que atacantes remotos provoquen una denegación de servicio (pérdida de la estructura de la página) mediante código JavaScript manipulado en el campo "Name" de un perfil. • https://gkaim.com/cve-2018-15188-vikas-chaudhary • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15187
https://notcve.org/view.php?id=CVE-2018-15187
PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php. PHP Scripts Mall advanced-real-estate-script 4.0.9 tiene Cross-Site Request Forgery (CSRF) mediante edit-profile.php. • https://gkaim.com/cve-2018-15187-vikas-chaudhary • CWE-352: Cross-Site Request Forgery (CSRF) •