|
223231
|
8.8 |
HIGH
Network
|
phpbb
debian
|
phpbb
debian_linux
|
In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attac…
|
CWE-352
Origin Validation Error
|
CVE-2019-16993
|
2024-11-21 13:31 |
2019-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223232
|
7.5 |
HIGH
Network
|
keybase
|
keybase
|
The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be us…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2019-16992
|
2024-11-21 13:31 |
2019-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223233
|
7.5 |
HIGH
Network
|
linux
opensuse
netapp
|
linux_kernel
leap
aff_a700s_firmware
h300s_firmware
h500s_firmware
h700s_firmware
h300e_firmware
h500e_firmware
h700e_firmware
h410s_firmware
h410c_firmware
h610s_fir…
|
In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2019-16995
|
2024-11-21 13:31 |
2019-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223234
|
5.3 |
MEDIUM
Network
|
z.cash
|
zcash
|
Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a full node that owns a shielded address, related to mishandling of exceptions during deserialization of note plaintexts. This aff…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2019-16930
|
2024-11-21 13:31 |
2019-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223235
|
6.1 |
MEDIUM
Network
|
python
debian
canonical
|
python
debian_linux
ubuntu_linux
|
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in L…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16935
|
2024-11-21 13:31 |
2019-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223236
|
6.1 |
MEDIUM
Network
|
flower_project
|
flower
|
Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16926
|
2024-11-21 13:31 |
2019-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223237
|
6.1 |
MEDIUM
Network
|
flower_project
|
flower
|
Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing con…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16925
|
2024-11-21 13:31 |
2019-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223238
|
9.8 |
CRITICAL
Network
|
nsa
|
ghidra
|
NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs i…
|
CWE-91
Blind XPath Injection
|
CVE-2019-16941
|
2024-11-21 13:31 |
2019-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223239
|
5.5 |
MEDIUM
Local
|
glyphandcog
|
xpdf
|
Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-16927
|
2024-11-21 13:31 |
2019-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223240
|
8.8 |
HIGH
Adjacent
|
nuvending
|
nulock
|
The Nulock application 1.5.0 for mobile devices sends a cleartext password over Bluetooth, which allows remote attackers (after sniffing the network) to take control of the lock.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-16924
|
2024-11-21 13:31 |
2019-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
