|
221881
|
9.8 |
CRITICAL
Network
|
europa
|
eidas-node_integration_package
|
European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed…
|
CWE-295
Improper Certificate Validation
|
CVE-2019-18633
|
2024-11-21 13:33 |
2019-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221882
|
9.8 |
CRITICAL
Network
|
europa
|
eidas-node_integration_package
|
European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate.
|
CWE-295
Improper Certificate Validation
|
CVE-2019-18632
|
2024-11-21 13:33 |
2019-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221883
|
9.8 |
CRITICAL
Network
|
opera
|
mini
|
Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of m…
|
NVD-CWE-noinfo
|
CVE-2019-18624
|
2024-11-21 13:33 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221884
|
5.3 |
MEDIUM
Network
|
mediawiki
|
abusefilter
|
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Previously hidden (restricted) AbuseFilter filters were viewable (or their differences were viewable) to unprivileged …
|
CWE-200
Information Exposure
|
CVE-2019-18612
|
2024-11-21 13:33 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221885
|
6.5 |
MEDIUM
Network
|
mediawiki
|
checkuser
|
An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially vis…
|
CWE-200
Information Exposure
|
CVE-2019-18611
|
2024-11-21 13:33 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221886
|
7.5 |
HIGH
Network
|
cezerin
|
cezerin
|
Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious cus…
|
NVD-CWE-noinfo
|
CVE-2019-18608
|
2024-11-21 13:33 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221887
|
9.8 |
CRITICAL
Network
|
axohelp.c_project
axodraw2_project
|
axohelp.c
axodraw2
|
In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.
|
NVD-CWE-noinfo
|
CVE-2019-18604
|
2024-11-21 13:33 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221888
|
5.9 |
MEDIUM
Network
|
openafs
debian
|
openafs
debian_linux
|
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer.
|
CWE-908
Use of Uninitialized Resource
|
CVE-2019-18603
|
2024-11-21 13:33 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221889
|
7.5 |
HIGH
Network
|
openafs
debian
|
openafs
debian_linux
|
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer.
|
CWE-908
Use of Uninitialized Resource
|
CVE-2019-18602
|
2024-11-21 13:33 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221890
|
7.5 |
HIGH
Network
|
openafs
|
openafs
|
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-18601
|
2024-11-21 13:33 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
