|
222721
|
4.7 |
MEDIUM
Local
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.…
|
CWE-416
Use After Free
|
CVE-2019-15292
|
2024-11-21 13:28 |
2019-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222722
|
8.8 |
HIGH
Network
|
cformsii_project
|
cformsii
|
The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field.
|
CWE-352
Origin Validation Error
|
CVE-2019-15238
|
2024-11-21 13:28 |
2019-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222723
|
4.6 |
MEDIUM
Physics
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-15291
|
2024-11-21 13:28 |
2019-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222724
|
6.1 |
MEDIUM
Network
|
oldstreetsolutions
|
live_input_macros
|
The Live:Text Box macro in the Old Street Live Input Macros app before 2.11 for Confluence has XSS, leading to theft of the Administrator Session Cookie.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15233
|
2024-11-21 13:28 |
2019-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222725
|
6.1 |
MEDIUM
Network
|
yofla
|
360_product_rotation
|
The 360-product-rotation plugin before 1.4.8 for WordPress has reflected XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15082
|
2024-11-21 13:28 |
2019-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222726
|
7.8 |
HIGH
Local
|
linux
debian
|
linux_kernel
debian_linux
|
In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability …
|
CWE-416
Use After Free
|
CVE-2019-15239
|
2024-11-21 13:28 |
2019-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222727
|
6.1 |
MEDIUM
Network
|
getflightpath
|
flightpath
|
FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. This could lead to cookie stealing and other malicious actions.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15227
|
2024-11-21 13:28 |
2019-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222728
|
7.4 |
HIGH
Network
|
roundcube
fedoraproject
|
webmail
fedora
|
Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.
|
NVD-CWE-noinfo
|
CVE-2019-15237
|
2024-11-21 13:28 |
2019-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222729
|
9.8 |
CRITICAL
Network
|
live555
|
streaming_media
|
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and …
|
CWE-416
Use After Free
|
CVE-2019-15232
|
2024-11-21 13:28 |
2019-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222730
|
8.8 |
HIGH
Network
|
thedaylightstudio
|
fuel_cms
|
FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially craft…
|
CWE-352
Origin Validation Error
|
CVE-2019-15229
|
2024-11-21 13:28 |
2019-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
