|
222331
|
6.1 |
MEDIUM
Network
|
jooby
|
jooby
|
Jooby before 1.6.4 has XSS via the default error handler.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15477
|
2024-11-21 13:28 |
2019-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222332
|
6.1 |
MEDIUM
Network
|
former_project
|
former
|
Former before 4.2.1 has XSS via a checkbox value.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15476
|
2024-11-21 13:28 |
2019-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222333
|
7.5 |
HIGH
Network
|
openwrt
motorola
|
libuci
cx2l_mwr04l_firmware
c1_mwr03_firmware
|
An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network lockin…
|
CWE-667
Improper Locking
|
CVE-2019-15513
|
2024-11-21 13:28 |
2019-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222334
|
6.5 |
MEDIUM
Network
|
octopus
|
server
tentacle
|
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that wri…
|
CWE-532
CWE-312
Inclusion of Sensitive Information in Log Files
Cleartext Storage of Sensitive Information
|
CVE-2019-15508
|
2024-11-21 13:28 |
2019-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222335
|
6.5 |
MEDIUM
Network
|
octopus
|
server
|
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that wr…
|
CWE-532
CWE-312
Inclusion of Sensitive Information in Log Files
Cleartext Storage of Sensitive Information
|
CVE-2019-15507
|
2024-11-21 13:28 |
2019-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222336
|
9.8 |
CRITICAL
Network
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).
|
CWE-125
Out-of-bounds Read
|
CVE-2019-15505
|
2024-11-21 13:28 |
2019-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222337
|
9.8 |
CRITICAL
Network
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).
|
CWE-415
Double Free
|
CVE-2019-15504
|
2024-11-21 13:28 |
2019-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222338
|
6.1 |
MEDIUM
Network
|
hackmd
|
codimd
|
CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15499
|
2024-11-21 13:28 |
2019-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222339
|
8.8 |
HIGH
Network
|
getvera
|
vera_edge_firmware
|
cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/…
|
CWE-88
Argument Injection
|
CVE-2019-15498
|
2024-11-21 13:28 |
2019-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222340
|
8.8 |
HIGH
Network
|
codection
|
import_users_from_csv_with_meta
|
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2019-15329
|
2024-11-21 13:28 |
2019-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
