|
211191
|
7.5 |
HIGH
Network
|
tinysvcmdns_project
|
tinysvcmdns
|
In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS (Multicast DNS) packet triggers an infinite loop while parsing an mDNS query. When mDNS compressed labels point to each other, the functi…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-9747
|
2024-11-21 13:52 |
2019-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211192
|
7.5 |
HIGH
Network
|
webmproject
|
libwebm
|
In libwebm before 2019-03-08, a NULL pointer dereference caused by the functions OutputCluster and OutputTracks in webm_info.cc will trigger an abort, which allows a DoS attack, a similar issue to CV…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-9746
|
2024-11-21 13:52 |
2019-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211193
|
7.5 |
HIGH
Network
|
gdata-software
|
total_security
|
gdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories "…
|
CWE-862
Missing Authorization
|
CVE-2019-9742
|
2024-11-21 13:52 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211194
|
6.1 |
MEDIUM
Network
|
golang
debian
fedoraproject
redhat
|
go
debian_linux
fedora
enterprise_linux
developer_tools
|
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by …
|
CWE-93
CRLF Injection
|
CVE-2019-9741
|
2024-11-21 13:52 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211195
|
6.1 |
MEDIUM
Network
|
python
|
python
|
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the fir…
|
CWE-93
CRLF Injection
|
CVE-2019-9740
|
2024-11-21 13:52 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211196
|
6.1 |
MEDIUM
Network
|
golangtc
|
gopher
|
jimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9738
|
2024-11-21 13:52 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211197
|
6.1 |
MEDIUM
Network
|
ipandao
|
editor.md
|
Editor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9737
|
2024-11-21 13:52 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211198
|
6.1 |
MEDIUM
Network
|
1024tools
|
1024tools
|
DOM-based XSS exists in 1024Tools Markdown 1.0 via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9736
|
2024-11-21 13:52 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211199
|
6.5 |
MEDIUM
Network
|
openstack
redhat
debian
|
neutron
openstack
debian_linux
|
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2019-9735
|
2024-11-21 13:52 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211200
|
7.8 |
HIGH
Local
|
shanda
|
maplestory_online
|
In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signe…
|
CWE-787
CWE-129
Out-of-bounds Write
Improper Validation of Array Index
|
CVE-2019-9729
|
2024-11-21 13:52 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
