|
224321
|
9.8 |
CRITICAL
Network
|
opera
|
mini
|
Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of m…
|
NVD-CWE-noinfo
|
CVE-2019-18624
|
2024-11-21 13:33 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224322
|
5.3 |
MEDIUM
Network
|
mediawiki
|
abusefilter
|
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Previously hidden (restricted) AbuseFilter filters were viewable (or their differences were viewable) to unprivileged …
|
CWE-200
Information Exposure
|
CVE-2019-18612
|
2024-11-21 13:33 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224323
|
6.5 |
MEDIUM
Network
|
mediawiki
|
checkuser
|
An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially vis…
|
CWE-200
Information Exposure
|
CVE-2019-18611
|
2024-11-21 13:33 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224324
|
7.5 |
HIGH
Network
|
cezerin
|
cezerin
|
Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious cus…
|
NVD-CWE-noinfo
|
CVE-2019-18608
|
2024-11-21 13:33 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224325
|
9.8 |
CRITICAL
Network
|
axohelp.c_project
axodraw2_project
|
axohelp.c
axodraw2
|
In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.
|
NVD-CWE-noinfo
|
CVE-2019-18604
|
2024-11-21 13:33 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224326
|
5.9 |
MEDIUM
Network
|
openafs
debian
|
openafs
debian_linux
|
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer.
|
CWE-908
Use of Uninitialized Resource
|
CVE-2019-18603
|
2024-11-21 13:33 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224327
|
7.5 |
HIGH
Network
|
openafs
debian
|
openafs
debian_linux
|
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer.
|
CWE-908
Use of Uninitialized Resource
|
CVE-2019-18602
|
2024-11-21 13:33 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224328
|
7.5 |
HIGH
Network
|
openafs
|
openafs
|
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-18601
|
2024-11-21 13:33 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224329
|
5.5 |
MEDIUM
Local
|
libpod_project
|
libpod
|
An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs.…
|
CWE-59
Link Following
|
CVE-2019-18466
|
2024-11-21 13:33 |
2019-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224330
|
9.8 |
CRITICAL
Network
|
clonos
|
clonos
|
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management.
|
CWE-384
Session Fixation
|
CVE-2019-18418
|
2024-11-21 13:33 |
2019-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
