|
213441
|
7.5 |
HIGH
Network
|
torproject
|
tor
|
In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-8955
|
2024-11-21 13:50 |
2019-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213442
|
9.8 |
CRITICAL
Network
|
signiant
|
manager\+agents
|
In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-8996
|
2024-11-21 13:50 |
2019-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213443
|
9.8 |
CRITICAL
Network
|
netis-systems
|
wf2411_firmware
wf2880_firmware
|
On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause de…
|
CWE-787
CWE-306
Out-of-bounds Write
Missing Authentication for Critical Function
|
CVE-2019-8985
|
2024-11-21 13:50 |
2019-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213444
|
6.1 |
MEDIUM
Network
|
altn
|
mdaemon
|
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2).
|
CWE-79
Cross-site Scripting
|
CVE-2019-8984
|
2024-11-21 13:50 |
2019-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213445
|
6.1 |
MEDIUM
Network
|
altn
|
mdaemon
|
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2).
|
CWE-79
Cross-site Scripting
|
CVE-2019-8983
|
2024-11-21 13:50 |
2019-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213446
|
9.6 |
CRITICAL
Network
|
wavemaker
|
wavemarker_studio
|
com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-8982
|
2024-11-21 13:50 |
2019-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213447
|
7.5 |
HIGH
Network
|
linux
canonical
opensuse
debian
|
linux_kernel
ubuntu_linux
leap
debian_linux
|
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2019-8980
|
2024-11-21 13:50 |
2019-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213448
|
9.8 |
CRITICAL
Network
|
kohanaframework
|
kohana
|
Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled.
|
CWE-89
SQL Injection
|
CVE-2019-8979
|
2024-11-21 13:50 |
2019-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213449
|
8.8 |
HIGH
Network
|
indexhibit
|
indexhibit
|
In Indexhibit 2.1.5, remote attackers can execute arbitrary code via the v parameter (in conjunction with the id parameter) in a upd_jxcode=true action to the ndxzstudio/?a=system URI.
|
CWE-20
Improper Input Validation
|
CVE-2019-8954
|
2024-11-21 13:50 |
2019-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213450
|
6.1 |
MEDIUM
Network
|
netgate
|
haproxy
|
The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.
|
CWE-79
Cross-site Scripting
|
CVE-2019-8953
|
2024-11-21 13:50 |
2019-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
