|
223261
|
7.8 |
HIGH
Local
|
irfanview
|
irfanview
|
In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc.
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-16887
|
2024-11-21 13:31 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223262
|
7.5 |
HIGH
Network
|
string-interner_project
|
string-interner
|
An issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to read from memory locations associated with dangling pointers, because of a cloning flaw.
|
CWE-416
Use After Free
|
CVE-2019-16882
|
2024-11-21 13:31 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223263
|
7.5 |
HIGH
Network
|
linuxfoundation
docker
fedoraproject
opensuse
redhat
canonical
|
runc
docker
fedora
leap
enterprise_linux
openshift_container_platform
enterprise_linux_eus
enterprise_linux_server_tus
enterprise_linux_server_aus
ubuntu_linux
|
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a m…
|
CWE-863
Incorrect Authorization
|
CVE-2019-16884
|
2024-11-21 13:31 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223264
|
9.8 |
CRITICAL
Network
|
portaudio-rs_project
|
portaudio-rs
|
An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and s…
|
CWE-416
Use After Free
|
CVE-2019-16881
|
2024-11-21 13:31 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223265
|
9.8 |
CRITICAL
Network
|
linea_project
|
linea
|
An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zip_elements method.
|
CWE-415
Double Free
|
CVE-2019-16880
|
2024-11-21 13:31 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223266
|
8.8 |
HIGH
Network
|
netgate
|
pfsense
|
pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.
|
CWE-78
OS Command
|
CVE-2019-16701
|
2024-11-21 13:31 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223267
|
9.8 |
CRITICAL
Network
|
emlog
|
emlog
|
emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter.
|
CWE-22
Path Traversal
|
CVE-2019-16868
|
2024-11-21 13:31 |
2019-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223268
|
6.5 |
MEDIUM
Network
|
hongcms_project
|
hongcms
|
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and…
|
CWE-22
Path Traversal
|
CVE-2019-16867
|
2024-11-21 13:31 |
2019-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223269
|
9.8 |
CRITICAL
Network
|
vbulletin
|
vbulletin
|
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
|
CWE-94
Code Injection
|
CVE-2019-16759
|
2024-11-21 13:31 |
2019-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223270
|
6.1 |
MEDIUM
Network
|
joomla
|
joomla\!
|
In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16725
|
2024-11-21 13:31 |
2019-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
