|
222771
|
5.5 |
MEDIUM
Local
|
glyphandcog
|
xpdfreader
|
An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-14289
|
2024-11-21 13:26 |
2019-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222772
|
7.8 |
HIGH
Local
|
glyphandcog
|
xpdfreader
|
An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one byte per line" case.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-14288
|
2024-11-21 13:26 |
2019-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222773
|
6.1 |
MEDIUM
Network
|
misp
|
misp
|
In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order t…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14286
|
2024-11-21 13:26 |
2019-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222774
|
6.2 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the d…
|
CWE-369
Divide By Zero
|
CVE-2019-14284
|
2024-11-21 13:26 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222775
|
6.8 |
MEDIUM
Physics
|
linux
|
linux_kernel
|
In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered…
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2019-14283
|
2024-11-21 13:26 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222776
|
6.1 |
MEDIUM
Network
|
angry-frog
|
xavier
|
Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based XSS via the username parameter when registering a new user at admin/includes/adminprocess.php. If there is an error when register…
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2019-14228
|
2024-11-21 13:26 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222777
|
9.8 |
CRITICAL
Network
|
simple_captcha2_project
|
simple_captcha2
|
The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.
|
CWE-94
Code Injection
|
CVE-2019-14282
|
2024-11-21 13:26 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222778
|
9.8 |
CRITICAL
Network
|
datagrid_project
|
datagrid
|
The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.
|
CWE-94
Code Injection
|
CVE-2019-14281
|
2024-11-21 13:26 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222779
|
5.3 |
MEDIUM
Network
|
craftcms
|
craft_cms
|
In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to…
|
CWE-200
Information Exposure
|
CVE-2019-14280
|
2024-11-21 13:26 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222780
|
9.8 |
CRITICAL
Network
|
axway
|
securetransport
|
Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the RES…
|
CWE-91
Blind XPath Injection
|
CVE-2019-14277
|
2024-11-21 13:26 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
