|
223011
|
7.0 |
HIGH
Local
|
linux
debian
opensuse
|
linux_kernel
debian_linux
leap
|
An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.
|
CWE-416
Use After Free
|
CVE-2019-15917
|
2024-11-21 13:29 |
2019-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223012
|
7.5 |
HIGH
Network
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2019-15916
|
2024-11-21 13:29 |
2019-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223013
|
5.4 |
MEDIUM
Network
|
sentrifugo
|
sentrifugo
|
Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15814
|
2024-11-21 13:29 |
2019-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223014
|
8.8 |
HIGH
Network
|
sentrifugo
|
sentrifugo
|
Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-15813
|
2024-11-21 13:29 |
2019-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223015
|
4.4 |
MEDIUM
Local
|
systemd_project
fedoraproject
redhat
|
systemd
fedora
enterprise_linux
openshift_container_platform
enterprise_linux_eus
enterprise_linux_server_tus
enterprise_linux_server_aus
enterprise_linux_server_update_services_…
|
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access…
|
NVD-CWE-noinfo
|
CVE-2019-15718
|
2024-11-21 13:29 |
2019-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223016
|
7.5 |
HIGH
Network
|
libexpat_project
python
|
libexpat
python
|
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumn…
|
CWE-125
CWE-776
Out-of-bounds Read
XML Entity Expansion
|
CVE-2019-15903
|
2024-11-21 13:29 |
2019-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223017
|
5.6 |
MEDIUM
Local
|
linux
debian
opensuse
netapp
|
linux_kernel
debian_linux
leap
active_iq_performance_analytics_services
service_processor
baseboard_management_controller_firmware
|
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse …
|
CWE-200
Information Exposure
|
CVE-2019-15902
|
2024-11-21 13:29 |
2019-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223018
|
6.1 |
MEDIUM
Network
|
nagios
|
log_server
|
Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15898
|
2024-11-21 13:29 |
2019-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223019
|
7.5 |
HIGH
Network
|
varnish_cache_project
varnish-software
debian
|
varnish_cache
debian_linux
|
An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests…
|
CWE-617
Reachable Assertion
|
CVE-2019-15892
|
2024-11-21 13:29 |
2019-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223020
|
6.1 |
MEDIUM
Network
|
wpdownloadmanager
|
wordpress_download_manager
|
The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15889
|
2024-11-21 13:29 |
2019-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
