|
212501
|
6.1 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9711
|
2024-11-21 13:52 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212502
|
6.5 |
MEDIUM
Network
|
ffmpeg
canonical
|
ffmpeg
ubuntu_linux
|
A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c …
|
CWE-125
Out-of-bounds Read
|
CVE-2019-9721
|
2024-11-21 13:52 |
2019-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212503
|
6.5 |
MEDIUM
Network
|
ffmpeg
debian
canonical
|
ffmpeg
debian_linux
ubuntu_linux
|
In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitle…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-9718
|
2024-11-21 13:52 |
2019-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212504
|
5.4 |
MEDIUM
Network
|
jupyter
|
notebook
|
An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Acces…
|
CWE-79
Cross-site Scripting
|
CVE-2019-9644
|
2024-11-21 13:52 |
2019-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212505
|
8.1 |
HIGH
Network
|
webargs_project
|
webargs
|
An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meani…
|
CWE-362
Race Condition
|
CVE-2019-9710
|
2024-11-21 13:52 |
2019-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212506
|
5.5 |
MEDIUM
Local
|
debian
|
cron
debian_linux
|
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.
|
CWE-416
Use After Free
|
CVE-2019-9706
|
2024-11-21 13:52 |
2019-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212507
|
5.5 |
MEDIUM
Local
|
cron_project
debian
fedoraproject
|
cron
debian_linux
fedora
|
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-9705
|
2024-11-21 13:52 |
2019-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212508
|
5.5 |
MEDIUM
Local
|
cron_project
fedoraproject
debian
|
cron
fedora
debian_linux
|
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked.
|
CWE-476
CWE-252
NULL Pointer Dereference
Unchecked Return Value
|
CVE-2019-9704
|
2024-11-21 13:52 |
2019-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212509
|
8.8 |
HIGH
Network
|
cmsmadesimple
|
cms_made_simple
|
In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id)…
|
CWE-89
SQL Injection
|
CVE-2019-9693
|
2024-11-21 13:52 |
2019-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212510
|
6.5 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9692
|
2024-11-21 13:52 |
2019-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
