|
223511
|
6.8 |
MEDIUM
Physics
|
linux
|
linux_kernel
|
In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered…
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2019-14283
|
2024-11-21 13:26 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223512
|
6.1 |
MEDIUM
Network
|
angry-frog
|
xavier
|
Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based XSS via the username parameter when registering a new user at admin/includes/adminprocess.php. If there is an error when register…
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2019-14228
|
2024-11-21 13:26 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223513
|
9.8 |
CRITICAL
Network
|
simple_captcha2_project
|
simple_captcha2
|
The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.
|
CWE-94
Code Injection
|
CVE-2019-14282
|
2024-11-21 13:26 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223514
|
9.8 |
CRITICAL
Network
|
datagrid_project
|
datagrid
|
The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.
|
CWE-94
Code Injection
|
CVE-2019-14281
|
2024-11-21 13:26 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223515
|
5.3 |
MEDIUM
Network
|
craftcms
|
craft_cms
|
In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to…
|
CWE-200
Information Exposure
|
CVE-2019-14280
|
2024-11-21 13:26 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223516
|
9.8 |
CRITICAL
Network
|
axway
|
securetransport
|
Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the RES…
|
CWE-91
Blind XPath Injection
|
CVE-2019-14277
|
2024-11-21 13:26 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223517
|
5.5 |
MEDIUM
Local
|
xfig_project
debian
opensuse
|
fig2dev
debian_linux
leap
|
Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-14275
|
2024-11-21 13:26 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223518
|
5.5 |
MEDIUM
Local
|
mcpp_project
opensuse
|
mcpp
leap
backports_sle
|
MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-14274
|
2024-11-21 13:26 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223519
|
7.1 |
HIGH
Local
|
comodo
|
firewall
internet_security
antivirus
|
Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6870, and Comodo Internet Security Premium through 12.0.0.6870, with the Comodo Container feature, are vulnerable to Sandbox Escap…
|
NVD-CWE-noinfo
|
CVE-2019-14270
|
2024-11-21 13:26 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223520
|
6.5 |
MEDIUM
Network
|
octopus
|
octopus_deploy
|
In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user (in certain limited circumstances) could trigger a deployment that writes the web request …
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-14268
|
2024-11-21 13:26 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
