|
222681
|
7.8 |
HIGH
Local
|
lout_project
opensuse
fedoraproject
|
lout
leap
backports_sle
fedora
|
Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c.
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-19917
|
2024-11-21 13:35 |
2019-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222682
|
9.8 |
CRITICAL
Network
|
neuvector
|
neuvector
|
NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any va…
|
CWE-521
Weak Password Requirements
|
CVE-2019-19747
|
2024-11-21 13:35 |
2019-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222683
|
6.1 |
MEDIUM
Network
|
midori-browser
|
midori
|
In Midori Browser 0.5.11 (on Windows 10), Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. This could result…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19916
|
2024-11-21 13:35 |
2019-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222684
|
7.1 |
HIGH
Local
|
trendmicro
|
antivirus\+_security_2020
internet_security_2020
maximum_security_2020
premium_security_2020
|
The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on af…
|
CWE-59
Link Following
|
CVE-2019-19693
|
2024-11-21 13:35 |
2019-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222685
|
6.1 |
MEDIUM
Network
|
trendmicro
|
apex_one
|
Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19692
|
2024-11-21 13:35 |
2019-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222686
|
4.9 |
MEDIUM
Network
|
trendmicro
|
apex_one
officescan
|
A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must …
|
NVD-CWE-noinfo
|
CVE-2019-19691
|
2024-11-21 13:35 |
2019-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222687
|
6.1 |
MEDIUM
Network
|
ciprianmp
|
phpmychat-plus
|
phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19908
|
2024-11-21 13:35 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222688
|
6.5 |
MEDIUM
Network
|
codesys
|
sp_realtime_nt
plcwinnt
runtime_toolkit
|
3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19789
|
2024-11-21 13:35 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222689
|
9.0 |
CRITICAL
Network
|
webfactoryltd
|
301_redirects
|
The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /a…
|
CWE-352
CWE-732
Origin Validation Error
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-19915
|
2024-11-21 13:35 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222690
|
6.1 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is …
|
CWE-79
Cross-site Scripting
|
CVE-2019-19910
|
2024-11-21 13:35 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
