|
224741
|
6.5 |
MEDIUM
Network
|
otcms
|
otcms
|
OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin.
|
CWE-352
Origin Validation Error
|
CVE-2019-17369
|
2024-11-21 13:32 |
2019-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224742
|
6.1 |
MEDIUM
Network
|
s-cms
|
s-cms
|
S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17368
|
2024-11-21 13:32 |
2019-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224743
|
9.1 |
CRITICAL
Network
|
libtom
debian
|
libtomcrypt
debian_linux
|
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to c…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-17362
|
2024-11-21 13:32 |
2019-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224744
|
7.5 |
HIGH
Network
|
bouncycastle
apache
netapp
oracle
|
legion-of-the-bouncy-castle-java-crytography-api
tomee
oncommand_workflow_automation
service_level_manager
oncommand_api_services
active_iq_unified_manager
flexcube_private_banking<…
|
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-17359
|
2024-11-21 13:32 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224745
|
7.5 |
HIGH
Network
|
jfinal
|
jfinal
|
In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-17352
|
2024-11-21 13:32 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224746
|
4.9 |
MEDIUM
Network
|
vbulletin
|
vbulletin
|
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.
|
CWE-89
SQL Injection
|
CVE-2019-17271
|
2024-11-21 13:32 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224747
|
5.5 |
MEDIUM
Local
|
xen
debian
|
xen
debian_linux
|
An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-17349
|
2024-11-21 13:32 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224748
|
6.5 |
MEDIUM
Local
|
xen
debian
|
xen
debian_linux
|
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable…
|
CWE-20
Improper Input Validation
|
CVE-2019-17348
|
2024-11-21 13:32 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224749
|
7.8 |
HIGH
Local
|
xen
debian
|
xen
debian_linux
|
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incom…
|
CWE-20
Improper Input Validation
|
CVE-2019-17347
|
2024-11-21 13:32 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224750
|
8.8 |
HIGH
Local
|
xen
debian
|
xen
debian_linux
|
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) a…
|
CWE-20
Improper Input Validation
|
CVE-2019-17346
|
2024-11-21 13:32 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
