|
223091
|
5.5 |
MEDIUM
Local
|
nps_project
|
nps
|
lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-15119
|
2024-11-21 13:28 |
2019-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223092
|
5.5 |
MEDIUM
Local
|
linux
canonical
debian
opensuse
netapp
|
linux_kernel
ubuntu_linux
debian_linux
leap
data_availability_services
solidfire
hci_management_node
active_iq_unified_manager
solidfire_baseboard_management_controller_firmwa…
|
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.
|
CWE-674
Uncontrolled Recursion
|
CVE-2019-15118
|
2024-11-21 13:28 |
2019-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223093
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-15117
|
2024-11-21 13:28 |
2019-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223094
|
9.8 |
CRITICAL
Network
|
artica
|
integria_ims
|
filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-15091
|
2024-11-21 13:28 |
2019-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223095
|
4.8 |
MEDIUM
Network
|
wso2
|
api_manager
|
An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15108
|
2024-11-21 13:28 |
2019-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223096
|
9.8 |
CRITICAL
Network
|
webmin
|
webmin
|
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
|
CWE-78
OS Command
|
CVE-2019-15107
|
2024-11-21 13:28 |
2019-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223097
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_opmanager
|
An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-15106
|
2024-11-21 13:28 |
2019-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223098
|
8.8 |
HIGH
Network
|
zohocorp
|
manageengine_applications_manager
|
An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a l…
|
CWE-89
SQL Injection
|
CVE-2019-15105
|
2024-11-21 13:28 |
2019-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223099
|
8.8 |
HIGH
Network
|
zohocorp
|
manageengine_applications_manager
|
An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-author…
|
CWE-89
SQL Injection
|
CVE-2019-15104
|
2024-11-21 13:28 |
2019-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223100
|
7.5 |
HIGH
Network
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-15099
|
2024-11-21 13:28 |
2019-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
