|
225701
|
5.3 |
MEDIUM
Network
|
ros
|
sros2
|
SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky…
|
CWE-200
Information Exposure
|
CVE-2019-19625
|
2024-11-21 13:35 |
2019-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225702
|
3.3 |
LOW
Local
|
dell
|
red_cloak_windows_agent
|
In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to …
|
CWE-281
Improper Preservation of Permissions
|
CVE-2019-19620
|
2024-11-21 13:35 |
2019-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225703
|
6.5 |
MEDIUM
Network
|
opencv
redhat
|
opencv
enterprise_linux
|
An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-19624
|
2024-11-21 13:35 |
2019-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225704
|
6.1 |
MEDIUM
Network
|
documize
|
documize
|
domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19619
|
2024-11-21 13:35 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225705
|
9.8 |
CRITICAL
Network
|
phpmyadmin
debian
|
phpmyadmin
debian_linux
|
phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.
|
NVD-CWE-noinfo
|
CVE-2019-19617
|
2024-11-21 13:35 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225706
|
4.3 |
MEDIUM
Network
|
xtivia
|
web_time_and_expense
|
An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary file…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-19616
|
2024-11-21 13:35 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225707
|
7.2 |
HIGH
Network
|
strapi
|
strapi
|
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and…
|
CWE-78
OS Command
|
CVE-2019-19609
|
2024-11-21 13:35 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225708
|
9.8 |
CRITICAL
Network
|
adobe
prestashop
|
stock_api_integration
prestashop
|
reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php fil…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-19595
|
2024-11-21 13:35 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225709
|
9.8 |
CRITICAL
Network
|
adobe
prestashop
|
stock_api_integration
prestashop
|
reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-19594
|
2024-11-21 13:35 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225710
|
6.1 |
MEDIUM
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-19602
|
2024-11-21 13:35 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
