|
222361
|
7.3 |
HIGH
Network
|
connect-pg-simple_project
|
connect-pg-simple
|
connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data.
|
CWE-89
SQL Injection
|
CVE-2019-15658
|
2024-11-21 13:29 |
2019-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222362
|
9.8 |
CRITICAL
Network
|
eslint-utils_project
|
eslint-utils
|
In eslint-utils before 1.4.1, the getStaticValue function can execute arbitrary code.
|
NVD-CWE-noinfo
|
CVE-2019-15657
|
2024-11-21 13:29 |
2019-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222363
|
9.8 |
CRITICAL
Network
|
wolfssl
|
wolfssl
|
wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_e…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-15651
|
2024-11-21 13:29 |
2019-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222364
|
8.8 |
HIGH
Network
|
webmin
|
webmin
|
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation stat…
|
CWE-94
Code Injection
|
CVE-2019-15642
|
2024-11-21 13:29 |
2019-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222365
|
6.5 |
MEDIUM
Network
|
webmin
|
webmin
|
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi.
|
CWE-611
XXE
|
CVE-2019-15641
|
2024-11-21 13:29 |
2019-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222366
|
7.5 |
HIGH
Network
|
limesurvey
|
limesurvey
|
Limesurvey before 3.17.10 does not validate both the MIME type and file extension of an image.
|
CWE-20
Improper Input Validation
|
CVE-2019-15640
|
2024-11-21 13:29 |
2019-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222367
|
8.1 |
HIGH
Network
|
tableau
|
tableau_server
tableau_desktop
tableau_reader
tableau_public_desktop
|
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau …
|
CWE-611
XXE
|
CVE-2019-15637
|
2024-11-21 13:29 |
2019-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222368
|
9.8 |
CRITICAL
Network
|
xm-online
|
xm\^online_2_-_common_utils_and_endpoints
|
XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java.
|
CWE-89
SQL Injection
|
CVE-2019-15558
|
2024-11-21 13:29 |
2019-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222369
|
9.8 |
CRITICAL
Network
|
xm-online
|
xm\^online_2_user_account_and_authentication_server
|
XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key.
|
CWE-89
SQL Injection
|
CVE-2019-15557
|
2024-11-21 13:29 |
2019-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222370
|
9.8 |
CRITICAL
Network
|
wellness_project
|
wellness
|
FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php.
|
CWE-89
SQL Injection
|
CVE-2019-15555
|
2024-11-21 13:29 |
2019-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
