|
222701
|
7.7 |
HIGH
Network
|
video_converter_project
|
video_converter
|
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The worklo…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2019-18214
|
2024-11-21 13:32 |
2019-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222702
|
6.1 |
MEDIUM
Network
|
etherpad
|
etherpad
|
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18209
|
2024-11-21 13:32 |
2019-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222703
|
5.3 |
MEDIUM
Network
|
wago
|
pfc_firmware
|
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via craft…
|
NVD-CWE-noinfo
|
CVE-2019-18202
|
2024-11-21 13:32 |
2019-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222704
|
7.8 |
HIGH
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag,…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2019-18198
|
2024-11-21 13:32 |
2019-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222705
|
7.5 |
HIGH
Network
|
xmlsoft
debian
canonical
|
libxslt
debian_linux
ubuntu_linux
|
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds ch…
|
CWE-416
CWE-908
Use After Free
Use of Uninitialized Resource
|
CVE-2019-18197
|
2024-11-21 13:32 |
2019-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222706
|
9.8 |
CRITICAL
Network
|
sagemath
|
sagemathcell
|
An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary c…
|
CWE-94
CWE-78
Code Injection
OS Command
|
CVE-2019-17526
|
2024-11-21 13:32 |
2019-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222707
|
9.8 |
CRITICAL
Network
|
tomedo
|
server
|
The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authent…
|
CWE-319
CWE-522
Cleartext Transmission of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2019-17393
|
2024-11-21 13:32 |
2019-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222708
|
8.8 |
HIGH
Network
|
openwrt
|
openwrt
|
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, …
|
CWE-352
Origin Validation Error
|
CVE-2019-17367
|
2024-11-21 13:32 |
2019-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222709
|
7.5 |
HIGH
Network
|
ratpack_project
|
ratpack
|
An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted da…
|
CWE-74
Injection
|
CVE-2019-17513
|
2024-11-21 13:32 |
2019-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222710
|
7.8 |
HIGH
Local
|
gnu
|
guix
|
GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-18192
|
2024-11-21 13:32 |
2019-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
