|
224401
|
7.8 |
HIGH
Local
|
denx
|
u-boot
|
Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.
|
CWE-415
Double Free
|
CVE-2019-13105
|
2024-11-21 13:24 |
2019-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224402
|
7.8 |
HIGH
Local
|
denx
opensuse
|
u-boot
leap
|
In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.
|
CWE-787
CWE-191
Out-of-bounds Write
Integer Underflow (Wrap or Wraparound)
|
CVE-2019-13104
|
2024-11-21 13:24 |
2019-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224403
|
9.8 |
CRITICAL
Network
|
shenzhen_dragon_brothers
|
fb50_firmware
|
An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind t…
|
CWE-20
Improper Input Validation
|
CVE-2019-13143
|
2024-11-21 13:24 |
2019-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224404
|
9.8 |
CRITICAL
Network
|
oxid-esales
|
eshop
|
OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the dat…
|
CWE-89
SQL Injection
|
CVE-2019-13026
|
2024-11-21 13:24 |
2019-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224405
|
7.5 |
HIGH
Network
|
nats
|
nats_server
|
An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authe…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-13126
|
2024-11-21 13:24 |
2019-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224406
|
7.1 |
HIGH
Local
|
denx
|
u-boot
|
A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwr…
|
CWE-674
Uncontrolled Recursion
|
CVE-2019-13103
|
2024-11-21 13:24 |
2019-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224407
|
6.1 |
MEDIUM
Network
|
control-webpanel
|
webpanel
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows attackers to steal a cookie or session, or redirect to a phishing webs…
|
CWE-79
Cross-site Scripting
|
CVE-2019-13387
|
2024-11-21 13:24 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224408
|
8.8 |
HIGH
Network
|
centos-webpanel
|
centos_web_panel
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privileg…
|
CWE-863
Incorrect Authorization
|
CVE-2019-13386
|
2024-11-21 13:24 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224409
|
4.3 |
MEDIUM
Network
|
control-webpanel
|
webpanel
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application b…
|
CWE-22
Path Traversal
|
CVE-2019-13385
|
2024-11-21 13:24 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224410
|
7.8 |
HIGH
Local
|
techsmith
|
snagit
|
UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic…
|
CWE-59
Link Following
|
CVE-2019-13382
|
2024-11-21 13:24 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
