|
223171
|
7.5 |
HIGH
Network
|
squid-cache
debian
fedoraproject
canonical
opensuse
|
squid
debian_linux
fedora
ubuntu_linux
leap
|
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpecte…
|
NVD-CWE-noinfo
|
CVE-2019-12854
|
2024-11-21 13:23 |
2019-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223172
|
7.8 |
HIGH
Local
|
estsoft
|
altools
|
ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-12808
|
2024-11-21 13:23 |
2019-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223173
|
7.8 |
HIGH
Local
|
estsoft
|
alzip
|
Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim …
|
CWE-787
Out-of-bounds Write
|
CVE-2019-12807
|
2024-11-21 13:23 |
2019-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223174
|
8.8 |
HIGH
Network
|
crosscert
|
unisign
|
UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote at…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-12806
|
2024-11-21 13:23 |
2019-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223175
|
9.8 |
CRITICAL
Network
|
hashicorp
|
nomad
|
HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.
|
CWE-269
Improper Privilege Management
|
CVE-2019-12618
|
2024-11-21 13:23 |
2019-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223176
|
8.8 |
HIGH
Network
|
ncsoft
|
nc_launcher2
|
NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction i…
|
CWE-77
Command Injection
|
CVE-2019-12805
|
2024-11-21 13:23 |
2019-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223177
|
9.1 |
CRITICAL
Network
|
zohocorp
|
manageengine_assetexplorer
|
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-12994
|
2024-11-21 13:23 |
2019-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223178
|
8.8 |
HIGH
Network
|
zohocorp
|
manageengine_assetexplorer
|
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-12959
|
2024-11-21 13:23 |
2019-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223179
|
5.4 |
MEDIUM
Network
|
teampass
|
teampass
|
An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to load a crafted CSV file with an XSS payload.
|
CWE-79
Cross-site Scripting
|
CVE-2019-12950
|
2024-11-21 13:23 |
2019-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223180
|
9.8 |
CRITICAL
Network
|
elmelectronics
|
elm27_firmware
|
A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-12797
|
2024-11-21 13:23 |
2019-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
