|
223771
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
|
CWE-674
Uncontrolled Recursion
|
CVE-2019-18853
|
2024-11-21 13:33 |
2019-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223772
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-600_b1_firmware
dir-615_j1_firmware
dir-645_a1_firmware
dir-815_a1_firmware
dir-823_a1_firmware
dir-842_c1_firmware
dir-890l_a1_firmware
|
Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-18852
|
2024-11-21 13:33 |
2019-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223773
|
5.5 |
MEDIUM
Local
|
tnef_project
fedoraproject
canonical
debian
|
tnef
fedora
ubuntu_linux
debian_linux
|
In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-ba…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-18849
|
2024-11-21 13:33 |
2019-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223774
|
7.3 |
HIGH
Network
|
chartkick
|
chartkick.js
|
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.
|
NVD-CWE-noinfo
|
CVE-2019-18841
|
2024-11-21 13:33 |
2019-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223775
|
7.5 |
HIGH
Network
|
envoyproxy
istio
|
envoy
istio
|
Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-18836
|
2024-11-21 13:33 |
2019-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223776
|
7.1 |
HIGH
Local
|
patriotmemory
|
viper_rgb_firmware
|
The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT A…
|
CWE-269
Improper Privilege Management
|
CVE-2019-18845
|
2024-11-21 13:33 |
2019-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223777
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow i…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-18840
|
2024-11-21 13:33 |
2019-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223778
|
9.8 |
CRITICAL
Network
|
energycap
|
energycap
|
Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with acce…
|
CWE-269
Improper Privilege Management
|
CVE-2019-18623
|
2024-11-21 13:33 |
2019-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223779
|
9.8 |
CRITICAL
Network
|
matrix
|
synapse
|
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2019-18835
|
2024-11-21 13:33 |
2019-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223780
|
9.8 |
CRITICAL
Network
|
strapi
|
strapi
|
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2019-18818
|
2024-11-21 13:33 |
2019-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
