|
211801
|
7.8 |
HIGH
Local
|
glyphandcog
|
xpdfreader
|
There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-9588
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211802
|
7.8 |
HIGH
Local
|
glyphandcog
|
xpdfreader
|
There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-9587
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211803
|
8.8 |
HIGH
Network
|
twinkletoessoftware
|
booked
|
phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresent…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9581
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211804
|
7.5 |
HIGH
Network
|
yubico
|
libu2f-host
|
In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device.
|
CWE-908
Use of Uninitialized Resource
|
CVE-2019-9578
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211805
|
5.3 |
MEDIUM
Network
|
sagemcom
|
f\@st_5260_firmware
|
Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. The numbe…
|
CWE-331
Insufficient Entropy
|
CVE-2019-9555
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211806
|
5.5 |
MEDIUM
Local
|
linux
debian
redhat
opensuse
canonical
|
linux_kernel
debian_linux
enterprise_linux
leap
ubuntu_linux
|
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SM…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-9213
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211807
|
6.1 |
MEDIUM
Network
|
adenion
|
blog2social
|
The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9576
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211808
|
6.1 |
MEDIUM
Network
|
quizandsurveymaster
|
quiz_and_survey_master
|
The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/admin.php?page=mlw_quiz_results quiz_id XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9575
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211809
|
7.5 |
HIGH
Network
|
mishubd
|
wp_human_resource_management
|
The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role.
|
CWE-862
Missing Authorization
|
CVE-2019-9574
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211810
|
7.5 |
HIGH
Network
|
mishubd
|
wp_human_resource_management
|
The WP Human Resource Management plugin before 2.2.6 for WordPress mishandles leave applications.
|
CWE-19
Data Processing Errors
|
CVE-2019-9573
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
