|
221941
|
7.5 |
HIGH
Network
|
xmlsoft
debian
canonical
|
libxslt
debian_linux
ubuntu_linux
|
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds ch…
|
CWE-416
CWE-908
Use After Free
Use of Uninitialized Resource
|
CVE-2019-18197
|
2024-11-21 13:32 |
2019-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221942
|
9.8 |
CRITICAL
Network
|
sagemath
|
sagemathcell
|
An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary c…
|
CWE-94
CWE-78
Code Injection
OS Command
|
CVE-2019-17526
|
2024-11-21 13:32 |
2019-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221943
|
9.8 |
CRITICAL
Network
|
tomedo
|
server
|
The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authent…
|
CWE-319
CWE-522
Cleartext Transmission of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2019-17393
|
2024-11-21 13:32 |
2019-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221944
|
8.8 |
HIGH
Network
|
openwrt
|
openwrt
|
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, …
|
CWE-352
Origin Validation Error
|
CVE-2019-17367
|
2024-11-21 13:32 |
2019-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221945
|
7.5 |
HIGH
Network
|
ratpack_project
|
ratpack
|
An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted da…
|
CWE-74
Injection
|
CVE-2019-17513
|
2024-11-21 13:32 |
2019-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221946
|
7.8 |
HIGH
Local
|
gnu
|
guix
|
GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-18192
|
2024-11-21 13:32 |
2019-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221947
|
9.1 |
CRITICAL
Network
|
eclipse
redhat
|
openj9
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_eus
enterprise_linux
satellite
|
From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.
|
CWE-269
Improper Privilege Management
|
CVE-2019-17631
|
2024-11-21 13:32 |
2019-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221948
|
8.8 |
HIGH
Network
|
metinfo
|
metinfo
|
app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSa…
|
CWE-352
Origin Validation Error
|
CVE-2019-17676
|
2024-11-21 13:32 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221949
|
8.8 |
HIGH
Network
|
wordpress
debian
|
wordpress
debian_linux
|
WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.
|
CWE-352
CWE-843
Origin Validation Error
Type Confusion
|
CVE-2019-17675
|
2024-11-21 13:32 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221950
|
5.4 |
MEDIUM
Network
|
wordpress
debian
|
wordpress
debian_linux
|
WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17674
|
2024-11-21 13:32 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
