|
222001
|
6.1 |
MEDIUM
Network
|
fusionpbx
|
fusionpbx
|
A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19367
|
2024-11-21 13:34 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222002
|
6.1 |
MEDIUM
Network
|
fusionpbx
|
fusionpbx
|
A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19366
|
2024-11-21 13:34 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222003
|
5.9 |
MEDIUM
Network
|
sqlite
canonical
redhat
oracle
siemens
|
sqlite
ubuntu_linux
enterprise_linux
mysql_workbench
sinec_infrastructure_network_services
|
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19242
|
2024-11-21 13:34 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222004
|
9.8 |
CRITICAL
Network
|
haproxy
canonical
debian
|
haproxy
ubuntu_linux
debian_linux
|
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Inte…
|
CWE-74
Injection
|
CVE-2019-19330
|
2024-11-21 13:34 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222005
|
6.1 |
MEDIUM
Network
|
wikimedia
|
wikidata_query_gui
|
In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was a…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19329
|
2024-11-21 13:34 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222006
|
6.1 |
MEDIUM
Network
|
wikimedia
|
wikidata_query_gui
|
ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wiki…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19328
|
2024-11-21 13:34 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222007
|
6.1 |
MEDIUM
Network
|
wikimedia
|
wikidata_query_gui
|
ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. NOTE: this GUI code is …
|
CWE-79
Cross-site Scripting
|
CVE-2019-19327
|
2024-11-21 13:34 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222008
|
5.5 |
MEDIUM
Local
|
gnome
|
gnome-font-viewer
|
In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that retur…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19308
|
2024-11-21 13:34 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222009
|
9.8 |
CRITICAL
Network
|
cesanta
|
mongoose
|
An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT …
|
CWE-125
CWE-787
CWE-190
CWE-835
Out-of-bounds Read
Out-of-bounds Write
Integer Overflow or Wraparound
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-19307
|
2024-11-21 13:34 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222010
|
6.1 |
MEDIUM
Network
|
afterlogic
|
aurora
webmail_pro
|
Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19129
|
2024-11-21 13:34 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
