|
221871
|
5.3 |
MEDIUM
Network
|
jetbrains
|
hub
|
In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery.
|
NVD-CWE-noinfo
|
CVE-2019-18360
|
2024-11-21 13:33 |
2019-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221872
|
9.8 |
CRITICAL
Network
|
xen
debian
fedoraproject
opensuse
|
xen
debian_linux
fedora
leap
|
An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x8…
|
CWE-269
Improper Privilege Management
|
CVE-2019-18425
|
2024-11-21 13:33 |
2019-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221873
|
6.8 |
MEDIUM
Physics
|
xen
debian
fedoraproject
opensuse
|
xen
debian_linux
fedora
leap
|
An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passe…
|
CWE-78
OS Command
|
CVE-2019-18424
|
2024-11-21 13:33 |
2019-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221874
|
8.8 |
HIGH
Network
|
xen
debian
fedoraproject
|
xen
debian_linux
fedora
|
An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. p2m->max_mapped_gfn is used by the functions p2m_resolve_…
|
CWE-193
Off-by-one Error
|
CVE-2019-18423
|
2024-11-21 13:33 |
2019-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221875
|
5.5 |
MEDIUM
Local
|
totaldefense
|
anti-virus
|
The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to symbolic link attacks, allowing files to be written to privileged directories.
|
CWE-59
Link Following
|
CVE-2019-18645
|
2024-11-21 13:33 |
2019-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221876
|
8.8 |
HIGH
Network
|
xen
debian
fedoraproject
|
xen
debian_linux
fedora
|
An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditio…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-18422
|
2024-11-21 13:33 |
2019-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221877
|
7.5 |
HIGH
Network
|
xen
debian
fedoraproject
opensuse
|
xen
debian_linux
fedora
leap
|
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues …
|
CWE-362
Race Condition
|
CVE-2019-18421
|
2024-11-21 13:33 |
2019-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221878
|
6.5 |
MEDIUM
Network
|
xen
debian
fedoraproject
|
xen
debian_linux
fedora
|
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function whi…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2019-18420
|
2024-11-21 13:33 |
2019-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221879
|
5.9 |
MEDIUM
Network
|
totaldefense
|
anti-virus
|
The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted.
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2019-18644
|
2024-11-21 13:33 |
2019-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221880
|
7.5 |
HIGH
Network
|
themooltipass
|
moolticute
|
An issue was discovered in Mooltipass Moolticute through v0.42.1 and v0.42.x-testing through v0.42.5-testing. There is a NULL pointer dereference in MPDevice_win.cpp.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-18635
|
2024-11-21 13:33 |
2019-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
