|
223931
|
9.8 |
CRITICAL
Network
|
nlnetlabs
debian
|
unbound
debian_linux
|
Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-25034
|
2024-11-21 13:39 |
2021-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223932
|
9.8 |
CRITICAL
Network
|
nlnetlabs
debian
|
unbound
debian_linux
|
Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a runnin…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-25033
|
2024-11-21 13:39 |
2021-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223933
|
9.8 |
CRITICAL
Network
|
nlnetlabs
debian
|
unbound
debian_linux
|
Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Un…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-25032
|
2024-11-21 13:39 |
2021-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223934
|
5.9 |
MEDIUM
Network
|
nlnetlabs
debian
|
unbound
debian_linux
|
Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider thi…
|
CWE-74
Injection
|
CVE-2019-25031
|
2024-11-21 13:39 |
2021-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223935
|
6.1 |
MEDIUM
Network
|
vaadin
|
vaadin
|
Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows at…
|
CWE-79
Cross-site Scripting
|
CVE-2019-25028
|
2024-11-21 13:39 |
2021-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223936
|
6.1 |
MEDIUM
Network
|
vaadin
|
flow
vaadin
|
Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through …
|
CWE-79
Cross-site Scripting
|
CVE-2019-25027
|
2024-11-21 13:39 |
2021-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223937
|
5.3 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.
|
NVD-CWE-noinfo
|
CVE-2019-25026
|
2024-11-21 13:39 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223938
|
5.3 |
MEDIUM
Network
|
rubyonrails
|
active_record_session_store
|
The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed se…
|
NVD-CWE-Other
|
CVE-2019-25025
|
2024-11-21 13:39 |
2021-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223939
|
6.5 |
MEDIUM
Network
|
scytl
|
secure_vote
|
An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inj…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2019-25023
|
2024-11-21 13:39 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223940
|
9.8 |
CRITICAL
Network
|
scytl
|
secure_vote
|
An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Run…
|
CWE-78
OS Command
|
CVE-2019-25022
|
2024-11-21 13:39 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
