|
224261
|
9.8 |
CRITICAL
Network
|
redwoodhq
|
redwoodhq
|
RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-12890
|
2024-11-21 13:23 |
2019-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224262
|
5.9 |
MEDIUM
Network
|
fasterxml
debian
|
jackson-databind
debian_linux
|
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON e…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-12814
|
2024-11-21 13:23 |
2019-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224263
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) o…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-12881
|
2024-11-21 13:23 |
2019-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224264
|
6.1 |
MEDIUM
Network
|
evernote
|
web_clipper
|
A universal Cross-site scripting (UXSS) vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any …
|
CWE-79
Cross-site Scripting
|
CVE-2019-12592
|
2024-11-21 13:23 |
2019-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224265
|
6.5 |
MEDIUM
Network
|
alpinelinux
|
abuild
|
Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key.
|
CWE-668
CWE-862
Exposure of Resource to Wrong Sphere
Missing Authorization
|
CVE-2019-12875
|
2024-11-21 13:23 |
2019-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224266
|
9.8 |
CRITICAL
Network
|
videolan
|
vlc_media_player
|
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a dou…
|
CWE-415
Double Free
|
CVE-2019-12874
|
2024-11-21 13:23 |
2019-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224267
|
7.2 |
HIGH
Network
|
dotcms
|
dotcms
|
dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp.
|
CWE-89
SQL Injection
|
CVE-2019-12872
|
2024-11-21 13:23 |
2019-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224268
|
6.1 |
MEDIUM
Network
|
craftcms
|
craft_cms
|
Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-12823
|
2024-11-21 13:23 |
2019-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224269
|
7.2 |
HIGH
Network
|
misp
|
misp
|
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deser…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-12868
|
2024-11-21 13:23 |
2019-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224270
|
5.5 |
MEDIUM
Local
|
radare
|
radare2
|
In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.
|
CWE-415
Double Free
|
CVE-2019-12865
|
2024-11-21 13:23 |
2019-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
