|
223291
|
8.8 |
HIGH
Network
|
phoenixcontact
|
automationworx_software_suite
|
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized P…
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2019-12870
|
2024-11-21 13:23 |
2019-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223292
|
8.8 |
HIGH
Network
|
phoenixcontact
|
automationworx_software_suite
|
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds R…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-12869
|
2024-11-21 13:23 |
2019-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223293
|
4.3 |
MEDIUM
Network
|
analogic
|
poste.io
|
The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs vi…
|
CWE-693
Protection Mechanism Failure
|
CVE-2019-12938
|
2024-11-21 13:23 |
2019-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223294
|
9.8 |
CRITICAL
Network
|
qemu
|
qemu
|
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a c…
|
CWE-78
CWE-668
OS Command
Exposure of Resource to Wrong Sphere
|
CVE-2019-12929
|
2024-11-21 13:23 |
2019-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223295
|
8.8 |
HIGH
Network
|
phoenixcontact
|
automationworx_software_suite
|
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free a…
|
CWE-416
Use After Free
|
CVE-2019-12871
|
2024-11-21 13:23 |
2019-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223296
|
9.8 |
CRITICAL
Network
|
qemu
|
qemu
|
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosu…
|
CWE-78
CWE-668
OS Command
Exposure of Resource to Wrong Sphere
|
CVE-2019-12928
|
2024-11-21 13:23 |
2019-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223297
|
7.8 |
HIGH
Local
|
toaruos_project
|
toaruos
|
apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow allowing local privilege escalation to the root user via the DISPLAY environment variable.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-12937
|
2024-11-21 13:23 |
2019-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223298
|
8.0 |
HIGH
Network
|
bluestacks
|
bluestacks_app_player
|
BlueStacks App Player 2, 3, and 4 before 4.90 allows DNS Rebinding for attacks on exposed IPC functions.
|
CWE-20
Improper Input Validation
|
CVE-2019-12936
|
2024-11-21 13:23 |
2019-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223299
|
6.1 |
MEDIUM
Network
|
shopware
|
shopware
|
Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI.
|
CWE-79
Cross-site Scripting
|
CVE-2019-12935
|
2024-11-21 13:23 |
2019-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223300
|
8.8 |
HIGH
Network
|
bobronix
|
jeditor
|
The Bobronix JEditor editor before 3.0.6 for Jira allows an attacker to add a URL/Link (to an existing issue) that can cause forgery of a request to an out-of-origin domain. This in turn may allow fo…
|
CWE-352
Origin Validation Error
|
CVE-2019-12836
|
2024-11-21 13:23 |
2019-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
