|
223341
|
8.8 |
HIGH
Network
|
ea
|
origin
|
An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Orig…
|
CWE-19
Data Processing Errors
|
CVE-2019-12828
|
2024-11-21 13:23 |
2019-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223342
|
7.5 |
HIGH
Network
|
embedthis
|
goahead
|
In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a col…
|
CWE-119
CWE-917
Incorrect Access of Indexable Resource ('Range Error')
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2019-12822
|
2024-11-21 13:23 |
2019-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223343
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel before 5.0. The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. Th…
|
CWE-416
Use After Free
|
CVE-2019-12819
|
2024-11-21 13:23 |
2019-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223344
|
7.5 |
HIGH
Network
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel before 4.20.15. The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL p…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-12818
|
2024-11-21 13:23 |
2019-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223345
|
5.9 |
MEDIUM
Network
|
crossmatch
|
digital_persona_u.are.u_4500_firmware
|
An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt used for obfuscating the fingerprint image exhibit cleartext when the fingerprint scanner device trans…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-12813
|
2024-11-21 13:23 |
2019-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223346
|
7.8 |
HIGH
Local
|
radare
fedoraproject
|
radare2
fedora
|
In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote attackers to cause a denial of service (application crash) or possibly have u…
|
CWE-416
Use After Free
|
CVE-2019-12802
|
2024-11-21 13:23 |
2019-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223347
|
8.8 |
HIGH
Network
|
shopware
|
shopware
|
In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the righ…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-12799
|
2024-11-21 13:23 |
2019-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223348
|
9.8 |
CRITICAL
Network
|
artifex
|
mujs
|
An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c does not restrict regular expression program size, leading to an overflow of the parsed syntax list size.
|
CWE-185
Incorrect Regular Expression
|
CVE-2019-12798
|
2024-11-21 13:23 |
2019-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223349
|
7.8 |
HIGH
Local
|
gnome
|
gvfs
|
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local atta…
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-12795
|
2024-11-21 13:23 |
2019-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223350
|
6.1 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2019-12766
|
2024-11-21 13:23 |
2019-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
