|
222171
|
9.8 |
CRITICAL
Network
|
rsyslog
fedoraproject
debian
opensuse
|
rsyslog
fedora
debian_linux
leap
|
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this…
|
CWE-20
Improper Input Validation
|
CVE-2019-17042
|
2024-11-21 13:31 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222172
|
9.8 |
CRITICAL
Network
|
rsyslog
debian
fedoraproject
opensuse
|
rsyslog
debian_linux
fedora
leap
|
An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimite…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-17041
|
2024-11-21 13:31 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222173
|
9.8 |
CRITICAL
Network
|
intelliantech
|
remote_access
|
Intellian Remote Access 3.18 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the Ping Test field.
|
CWE-78
OS Command
|
CVE-2019-17269
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222174
|
9.8 |
CRITICAL
Network
|
gnome
canonical
|
libsoup
ubuntu_linux
|
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-17266
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222175
|
9.8 |
CRITICAL
Network
|
fasterxml
netapp
debian
redhat
oracle
|
jackson-databind
steelstore_cloud_integrated_storage
oncommand_workflow_automation
service_level_manager
oncommand_api_services
active_iq_unified_manager
debian_linux
jboss_enter…
|
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-17267
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222176
|
3.3 |
LOW
Local
|
liblnk_project
|
liblnk
|
In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain off…
|
CWE-125
CWE-682
Out-of-bounds Read
Incorrect Calculation
|
CVE-2019-17264
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222177
|
3.3 |
LOW
Local
|
libfwsi_project
|
libfwsi
|
In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-17263
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222178
|
9.8 |
CRITICAL
Network
|
bludit
|
bludit
|
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2019-17240
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222179
|
4.8 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17226
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222180
|
5.4 |
MEDIUM
Network
|
intelliants
|
subrion
|
Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17225
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
