|
212571
|
6.1 |
MEDIUM
Network
|
mitel
|
connect_onsite
|
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9592
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212572
|
6.1 |
MEDIUM
Network
|
mitel
|
connect_onsite
|
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9591
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212573
|
7.5 |
HIGH
Network
|
tengcon
|
t-920_plc_firmware
|
An issue was discovered on TENGCONTROL T-920 PLC v5.5 devices. It allows remote attackers to cause a denial of service (persistent failure mode) by sending a series of \x19\xb2\x00\x00\x00\x06\x43\x0…
|
NVD-CWE-noinfo
|
CVE-2019-9590
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212574
|
7.8 |
HIGH
Local
|
glyphandcog
|
xpdfreader
|
There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfto…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-9589
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212575
|
7.8 |
HIGH
Local
|
glyphandcog
|
xpdfreader
|
There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-9588
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212576
|
7.8 |
HIGH
Local
|
glyphandcog
|
xpdfreader
|
There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-9587
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212577
|
8.8 |
HIGH
Network
|
twinkletoessoftware
|
booked
|
phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresent…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9581
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212578
|
7.5 |
HIGH
Network
|
yubico
|
libu2f-host
|
In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device.
|
CWE-908
Use of Uninitialized Resource
|
CVE-2019-9578
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212579
|
5.3 |
MEDIUM
Network
|
sagemcom
|
f\@st_5260_firmware
|
Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. The numbe…
|
CWE-331
Insufficient Entropy
|
CVE-2019-9555
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212580
|
5.5 |
MEDIUM
Local
|
linux
debian
redhat
opensuse
canonical
|
linux_kernel
debian_linux
enterprise_linux
leap
ubuntu_linux
|
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SM…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-9213
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
