|
210991
|
4.8 |
MEDIUM
Network
|
otrs
|
otrs
|
An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of …
|
CWE-79
Cross-site Scripting
|
CVE-2019-9751
|
2024-11-21 13:52 |
2019-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210992
|
9.1 |
CRITICAL
Network
|
iotivity
|
iotivity
|
In IoTivity through 1.3.1, the CoAP server interface can be used for Distributed Denial of Service attacks using source IP address spoofing and UDP-based traffic amplification. The reflected traffic …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-9750
|
2024-11-21 13:52 |
2019-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210993
|
7.5 |
HIGH
Network
|
treasuredata
|
fluent_bit
|
An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker (server), it mishandles incoming network messages. After processing a crafted pac…
|
CWE-681
Incorrect Conversion between Numeric Types
|
CVE-2019-9749
|
2024-11-21 13:52 |
2019-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210994
|
9.1 |
CRITICAL
Network
|
tinysvcmdns_project
|
tinysvcmdns
|
In tinysvcmdns through 2018-01-16, an mDNS server processing a crafted packet can perform arbitrary data read operations up to 16383 bytes from the start of the buffer. This can lead to a segmentatio…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-9748
|
2024-11-21 13:52 |
2019-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210995
|
7.5 |
HIGH
Network
|
tinysvcmdns_project
|
tinysvcmdns
|
In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS (Multicast DNS) packet triggers an infinite loop while parsing an mDNS query. When mDNS compressed labels point to each other, the functi…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-9747
|
2024-11-21 13:52 |
2019-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210996
|
7.5 |
HIGH
Network
|
webmproject
|
libwebm
|
In libwebm before 2019-03-08, a NULL pointer dereference caused by the functions OutputCluster and OutputTracks in webm_info.cc will trigger an abort, which allows a DoS attack, a similar issue to CV…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-9746
|
2024-11-21 13:52 |
2019-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210997
|
7.5 |
HIGH
Network
|
gdata-software
|
total_security
|
gdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories "…
|
CWE-862
Missing Authorization
|
CVE-2019-9742
|
2024-11-21 13:52 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210998
|
6.1 |
MEDIUM
Network
|
golang
debian
fedoraproject
redhat
|
go
debian_linux
fedora
enterprise_linux
developer_tools
|
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by …
|
CWE-93
CRLF Injection
|
CVE-2019-9741
|
2024-11-21 13:52 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210999
|
6.1 |
MEDIUM
Network
|
python
|
python
|
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the fir…
|
CWE-93
CRLF Injection
|
CVE-2019-9740
|
2024-11-21 13:52 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211000
|
6.1 |
MEDIUM
Network
|
golangtc
|
gopher
|
jimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9738
|
2024-11-21 13:52 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
