|
222311
|
6.5 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query.
|
CWE-89
SQL Injection
|
CVE-2019-18890
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222312
|
5.3 |
MEDIUM
Network
|
sensiolabs
|
symfony
|
An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthor…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-18886
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222313
|
9.8 |
CRITICAL
Network
|
hotkeyp_project
|
hotkeyp
|
HotkeyP through 4.9 r96 allows privilege escalation in the privilege function in Commands.cpp.
|
NVD-CWE-noinfo
|
CVE-2019-18349
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222314
|
7.8 |
HIGH
Local
|
gonitro
|
nitro_pro
|
Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this c…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-18958
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222315
|
9.8 |
CRITICAL
Network
|
codesys
|
control_for_empc-a\/imx6
control_for_iot2000
control_for_linux
control_for_plcnext
control_for_pfc100
control_for_pfc200
remote_target_visu_toolkit
hmi
embedded_target_visu_to…
|
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-18858
|
2024-11-21 13:33 |
2019-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222316
|
7.3 |
HIGH
Network
|
nlnetlabs
fedoraproject
opensuse
|
unbound
fedora
leap
|
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was…
|
CWE-78
OS Command
|
CVE-2019-18934
|
2024-11-21 13:33 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222317
|
5.6 |
MEDIUM
Physics
|
symantec
|
norton_app_lock
|
Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking other apps o…
|
NVD-CWE-noinfo
|
CVE-2019-18373
|
2024-11-21 13:33 |
2019-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222318
|
9.8 |
CRITICAL
Network
|
oniguruma_project
debian
fedoraproject
redhat
|
oniguruma
debian_linux
fedora
enterprise_linux
|
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker…
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2019-19012
|
2024-11-21 13:33 |
2019-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222319
|
7.5 |
HIGH
Network
|
miniupnp_project
|
ngiflib
|
MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueColor in ngiflib.c via a file that lacks a palette.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19011
|
2024-11-21 13:33 |
2019-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222320
|
9.8 |
CRITICAL
Network
|
limnoria_project
fedoraproject
|
limnoria
fedora
|
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impa…
|
CWE-94
Code Injection
|
CVE-2019-19010
|
2024-11-21 13:33 |
2019-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
