|
222761
|
9.8 |
CRITICAL
Network
|
humanica
|
humatrix_7
|
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitment_onli…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2019-15130
|
2024-11-21 13:28 |
2019-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222762
|
5.3 |
MEDIUM
Network
|
humanica
|
humatrix_7
|
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to access all candidates' files in the photo folder on the website by specifying a "user id" p…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-15129
|
2024-11-21 13:28 |
2019-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222763
|
7.5 |
HIGH
Network
|
eprosima
|
fast-rtps
|
The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings (instead of the permission expressions themselves), which can lead to unintended c…
|
NVD-CWE-noinfo
|
CVE-2019-15137
|
2024-11-21 13:28 |
2019-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222764
|
7.5 |
HIGH
Network
|
eprosima
|
fast-rtps
|
The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not check partition permissions from remote participant connections, which can lead to policy bypass for a secure Data Distribution …
|
CWE-862
Missing Authorization
|
CVE-2019-15136
|
2024-11-21 13:28 |
2019-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222765
|
7.5 |
HIGH
Network
|
omg
|
dds_security
|
The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext information about all of the capabilities of a participant (including capabilities inapplicable to the current…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-15135
|
2024-11-21 13:28 |
2019-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222766
|
7.5 |
HIGH
Network
|
riot-os
|
riot
|
RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network th…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2019-15134
|
2024-11-21 13:28 |
2019-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222767
|
6.5 |
MEDIUM
Network
|
giflib_project
canonical
debian
|
giflib
ubuntu_linux
debian_linux
|
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to z…
|
CWE-369
Divide By Zero
|
CVE-2019-15133
|
2024-11-21 13:28 |
2019-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222768
|
5.3 |
MEDIUM
Network
|
zabbix
debian
|
zabbix
debian_linux
|
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or passw…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-15132
|
2024-11-21 13:28 |
2019-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222769
|
6.1 |
MEDIUM
Network
|
sandhillsdev
|
easy_digital_downloads
|
The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15116
|
2024-11-21 13:28 |
2019-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222770
|
8.8 |
HIGH
Network
|
profilepress
|
loginwp
|
The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2019-15115
|
2024-11-21 13:28 |
2019-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
