|
222551
|
9.8 |
CRITICAL
Network
|
exim
debian
|
exim
debian_linux
|
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
|
NVD-CWE-noinfo
|
CVE-2019-15846
|
2024-11-21 13:29 |
2019-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222552
|
5.3 |
MEDIUM
Network
|
valvesoftware
|
counter-strike\
|
In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection message.
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2019-15944
|
2024-11-21 13:29 |
2019-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222553
|
6.1 |
MEDIUM
Network
|
jetbrains
|
teamcity
|
JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-…
|
CWE-79
Cross-site Scripting
|
CVE-2019-15848
|
2024-11-21 13:29 |
2019-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222554
|
6.5 |
MEDIUM
Network
|
totaljs
|
total.js_cms
|
An issue was discovered in Total.js CMS 12.0.0. A low privilege user can perform a simple transformation of a cookie to obtain the random values inside it. If an attacker can discover a session cooki…
|
CWE-327
CWE-330
Use of a Broken or Risky Cryptographic Algorithm
Use of Insufficiently Random Values
|
CVE-2019-15955
|
2024-11-21 13:29 |
2019-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222555
|
8.8 |
HIGH
Network
|
totaljs
|
total.js_cms
|
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API. The product correctly ma…
|
CWE-862
Missing Authorization
|
CVE-2019-15953
|
2024-11-21 13:29 |
2019-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222556
|
9.9 |
CRITICAL
Network
|
totaljs
|
total.js_cms
|
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget wi…
|
CWE-862
Missing Authorization
|
CVE-2019-15954
|
2024-11-21 13:29 |
2019-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222557
|
8.8 |
HIGH
Network
|
totaljs
|
total.js_cms
|
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to include .html files that are outside the permitted director…
|
CWE-22
Path Traversal
|
CVE-2019-15952
|
2024-11-21 13:29 |
2019-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222558
|
7.5 |
HIGH
Network
|
bitcoin
|
bitcoin_core
|
In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2019-15947
|
2024-11-21 13:29 |
2019-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222559
|
6.4 |
MEDIUM
Physics
|
opensc_project
debian
fedoraproject
|
opensc
debian_linux
fedora
|
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-15946
|
2024-11-21 13:29 |
2019-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222560
|
6.4 |
MEDIUM
Physics
|
opensc_project
debian
fedoraproject
|
opensc
debian_linux
fedora
|
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-15945
|
2024-11-21 13:29 |
2019-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
