|
223901
|
6.5 |
MEDIUM
Network
|
istio
redhat
|
istio
openshift_service_mesh
|
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is p…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-25014
|
2024-11-21 13:39 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223902
|
8.8 |
HIGH
Network
|
opendoas_project
|
opendoas
|
In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed t…
|
CWE-459
CWE-909
Incomplete Cleanup
Missing Initialization of Resource
|
CVE-2019-25016
|
2024-11-21 13:39 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223903
|
5.4 |
MEDIUM
Network
|
openwrt
|
openwrt
|
LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID.
|
CWE-79
Cross-site Scripting
|
CVE-2019-25015
|
2024-11-21 13:39 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223904
|
5.9 |
MEDIUM
Network
|
gnu
fedoraproject
netapp
broadcom
debian
|
glibc
fedora
ontap_select_deploy_administration_utility
service_processor
fabric_operating_system
a250_firmware
500f_firmware
debian_linux
|
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-25013
|
2024-11-21 13:39 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223905
|
7.5 |
HIGH
Network
|
webform_report_project
|
webform_report
|
The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-25012
|
2024-11-21 13:39 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223906
|
5.4 |
MEDIUM
Network
|
netbox
|
netbox
|
NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments.
|
CWE-79
Cross-site Scripting
|
CVE-2019-25011
|
2024-11-21 13:39 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223907
|
9.8 |
CRITICAL
Network
|
failure_project
|
failure
|
An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when __private_get_type_id__ is overridden.
|
CWE-843
Type Confusion
|
CVE-2019-25010
|
2024-11-21 13:39 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223908
|
9.8 |
CRITICAL
Network
|
hyper
|
http
|
An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness.
|
CWE-415
Double Free
|
CVE-2019-25009
|
2024-11-21 13:39 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223909
|
7.5 |
HIGH
Network
|
streebog_project
|
streebog
|
An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic.
|
NVD-CWE-noinfo
|
CVE-2019-25007
|
2024-11-21 13:39 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223910
|
7.5 |
HIGH
Network
|
streebog_project
|
streebog
|
An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2019-25006
|
2024-11-21 13:39 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
