|
223521
|
8.8 |
HIGH
Network
|
opensns
|
opensns
|
OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of the getNeedQueryData function in Application/Common/Model/UserModel.class.php.
|
CWE-89
SQL Injection
|
CVE-2019-14266
|
2024-11-21 13:26 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223522
|
7.5 |
HIGH
Network
|
metadataextractor_project
|
metadataextractor
|
MetadataExtractor 2.1.0 allows stack consumption.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-14262
|
2024-11-21 13:26 |
2019-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223523
|
5.5 |
MEDIUM
Local
|
gnu
canonical
opensuse
|
binutils
ubuntu_linux
leap
|
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow …
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2019-14250
|
2024-11-21 13:26 |
2019-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223524
|
6.5 |
MEDIUM
Network
|
libdwarf_project
|
libdwarf
|
dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by …
|
CWE-369
Divide By Zero
|
CVE-2019-14249
|
2024-11-21 13:26 |
2019-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223525
|
5.5 |
MEDIUM
Local
|
nasm
|
netwide_assembler
|
In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-14248
|
2024-11-21 13:26 |
2019-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223526
|
5.5 |
MEDIUM
Local
|
mpg321_project
|
mpg321
|
The scan() function in mad.c in mpg321 0.3.2 allows remote attackers to trigger an out-of-bounds write via a zero bitrate in an MP3 file.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-14247
|
2024-11-21 13:26 |
2019-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223527
|
7.5 |
HIGH
Network
|
haproxy
|
proxyprotocol
|
headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service (webse…
|
CWE-20
Improper Input Validation
|
CVE-2019-14243
|
2024-11-21 13:26 |
2019-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223528
|
7.5 |
HIGH
Network
|
haproxy
|
haproxy
|
HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-14241
|
2024-11-21 13:26 |
2019-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223529
|
8.1 |
HIGH
Network
|
wcms
|
wcms
|
WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI.
|
CWE-352
CWE-22
Origin Validation Error
Path Traversal
|
CVE-2019-14240
|
2024-11-21 13:26 |
2019-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223530
|
9.8 |
CRITICAL
Network
|
onionbuzz
|
onionbuzz
|
An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.2 for WordPress. One could exploit the points parameter in the ob_get_results ajax nopriv handler due to there being no s…
|
CWE-89
SQL Injection
|
CVE-2019-14231
|
2024-11-21 13:26 |
2019-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
