|
211481
|
5.9 |
MEDIUM
Network
|
etsi
|
enterprise_transport_security
|
The ETSI Enterprise Transport Security (ETS, formerly known as eTLS) protocol does not provide per-session forward secrecy.
|
CWE-310
Cryptographic Issues
|
CVE-2019-9191
|
2024-11-21 13:51 |
2019-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211482
|
9.8 |
CRITICAL
Network
|
j2store
|
j2store
|
SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter.
|
CWE-89
SQL Injection
|
CVE-2019-9184
|
2024-11-21 13:51 |
2019-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211483
|
8.8 |
HIGH
Network
|
zzzcms
|
zzzphp
|
There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the fi…
|
CWE-352
Origin Validation Error
|
CVE-2019-9182
|
2024-11-21 13:51 |
2019-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211484
|
7.2 |
HIGH
Network
|
schoolcms
|
schoolcms
|
SchoolCMS version 2.3.1 allows file upload via the logo upload feature at admin.php?m=admin&c=site&a=save by using the .jpg extension, changing the Content-Type to image/php, and placing PHP code aft…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9181
|
2024-11-21 13:51 |
2019-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211485
|
9.8 |
CRITICAL
Network
|
gnu
netapp
mcafee
canonical
|
glibc
steelstore_cloud_integrated_storage
ontap_select_deploy_administration_utility
cloud_backup
web_gateway
ubuntu_linux
|
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-9169
|
2024-11-21 13:51 |
2019-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211486
|
6.1 |
MEDIUM
Network
|
woocommerce
|
woocommerce
|
WooCommerce before 3.5.5 allows XSS via a Photoswipe caption.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9168
|
2024-11-21 13:51 |
2019-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211487
|
7.8 |
HIGH
Local
|
linux
netapp
canonical
|
linux_kernel
solidfire
hci_management_node
snapprotect
ubuntu_linux
cn1610_firmware
|
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and w…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-9162
|
2024-11-21 13:51 |
2019-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211488
|
8.8 |
HIGH
Network
|
hdfgroup
|
hdf5
|
An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5MM_xstrdup in H5MM.c when called from H5O_dtype_decode_helper in H5Odtype.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-9152
|
2024-11-21 13:51 |
2019-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211489
|
8.8 |
HIGH
Network
|
hdfgroup
|
hdf5
|
An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VM_memcpyvv in H5VM.c when called from H5D__compact_readvv in H5Dcompact.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-9151
|
2024-11-21 13:51 |
2019-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211490
|
7.5 |
HIGH
Adjacent
|
jamf
|
self_service
|
Jamf Self Service 10.9.0 allows man-in-the-middle attackers to obtain a root shell by leveraging the "publish Bash shell scripts" feature to insert "/Applications/Utilities/Terminal app/Contents/MacO…
|
NVD-CWE-noinfo
|
CVE-2019-9146
|
2024-11-21 13:51 |
2019-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
