|
211631
|
7.5 |
HIGH
Network
|
tengcon
|
t-920_plc_firmware
|
An issue was discovered on TENGCONTROL T-920 PLC v5.5 devices. It allows remote attackers to cause a denial of service (persistent failure mode) by sending a series of \x19\xb2\x00\x00\x00\x06\x43\x0…
|
NVD-CWE-noinfo
|
CVE-2019-9590
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211632
|
7.8 |
HIGH
Local
|
glyphandcog
|
xpdfreader
|
There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfto…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-9589
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211633
|
7.8 |
HIGH
Local
|
glyphandcog
|
xpdfreader
|
There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-9588
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211634
|
7.8 |
HIGH
Local
|
glyphandcog
|
xpdfreader
|
There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-9587
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211635
|
8.8 |
HIGH
Network
|
twinkletoessoftware
|
booked
|
phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresent…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9581
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211636
|
7.5 |
HIGH
Network
|
yubico
|
libu2f-host
|
In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device.
|
CWE-908
Use of Uninitialized Resource
|
CVE-2019-9578
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211637
|
5.3 |
MEDIUM
Network
|
sagemcom
|
f\@st_5260_firmware
|
Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. The numbe…
|
CWE-331
Insufficient Entropy
|
CVE-2019-9555
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211638
|
5.5 |
MEDIUM
Local
|
linux
debian
redhat
opensuse
canonical
|
linux_kernel
debian_linux
enterprise_linux
leap
ubuntu_linux
|
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SM…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-9213
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211639
|
6.1 |
MEDIUM
Network
|
adenion
|
blog2social
|
The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9576
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211640
|
6.1 |
MEDIUM
Network
|
quizandsurveymaster
|
quiz_and_survey_master
|
The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/admin.php?page=mlw_quiz_results quiz_id XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9575
|
2024-11-21 13:51 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
