|
225581
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19206
|
2024-11-21 13:34 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225582
|
7.5 |
HIGH
Network
|
proftpd
|
proftpd
|
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client c…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19272
|
2024-11-21 13:34 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225583
|
7.5 |
HIGH
Network
|
proftpd
|
proftpd
|
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can c…
|
CWE-295
Improper Certificate Validation
|
CVE-2019-19271
|
2024-11-21 13:34 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225584
|
7.5 |
HIGH
Network
|
proftpd
fedoraproject
|
proftpd
fedora
|
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for i…
|
CWE-295
Improper Certificate Validation
|
CVE-2019-19270
|
2024-11-21 13:34 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225585
|
7.5 |
HIGH
Network
|
sqlite
canonical
oracle
siemens
|
sqlite
ubuntu_linux
mysql_workbench
sinec_infrastructure_network_services
|
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
|
NVD-CWE-noinfo
|
CVE-2019-19244
|
2024-11-21 13:34 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225586
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-19252
|
2024-11-21 13:34 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225587
|
9.8 |
CRITICAL
Network
|
opentrade_project
|
opentrade
|
OpenTrade before 2019-11-23 allows SQL injection, related to server/modules/api/v1.js and server/utils.js.
|
CWE-89
SQL Injection
|
CVE-2019-19250
|
2024-11-21 13:34 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225588
|
9.8 |
CRITICAL
Network
|
querytreeapp
|
querytree
|
Controllers/InvitationsController.cs in QueryTree before 3.0.99-beta mishandles invitations.
|
CWE-20
Improper Input Validation
|
CVE-2019-19249
|
2024-11-21 13:34 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225589
|
7.5 |
HIGH
Network
|
oniguruma_project
php
fedoraproject
canonical
debian
|
oniguruma
php
fedora
ubuntu_linux
debian_linux
|
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-19246
|
2024-11-21 13:34 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225590
|
5.3 |
MEDIUM
Network
|
embedthis
|
goahead
|
Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can ca…
|
CWE-787
CWE-908
Out-of-bounds Write
Use of Uninitialized Resource
|
CVE-2019-19240
|
2024-11-21 13:34 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
