|
223141
|
7.8 |
HIGH
Local
|
sony
|
catalyst_browse
catalyst_production_suite
|
A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run. The vulnerability…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-19364
|
2024-11-21 13:34 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223142
|
6.1 |
MEDIUM
Network
|
csshero
|
csshero
|
The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a csshero_action=edit_page request because it fails to sufficiently sanitize user-supplied input. An attacker …
|
CWE-79
Cross-site Scripting
|
CVE-2019-19133
|
2024-11-21 13:34 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223143
|
6.8 |
MEDIUM
Physics
|
xen
fedoraproject
|
xen
fedora
|
An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not…
|
CWE-20
Improper Input Validation
|
CVE-2019-19579
|
2024-11-21 13:34 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223144
|
6.5 |
MEDIUM
Network
|
fronius
|
datamanager_box_2.0_firmware
eco_25.0-3-s_firmware
eco_27.0-3-s_firmware
galvo_1.5-1_firmware
galvo_1.5-1_208-240_firmware
galvo_2.0-1_firmware
galvo_2.0-1_208-240_firmware
galvo…
|
admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=download&filename= Directory Traversal.
|
CWE-22
Path Traversal
|
CVE-2019-19229
|
2024-11-21 13:34 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223145
|
9.8 |
CRITICAL
Network
|
verot_project
getk2
|
verot
k2
|
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-19576
|
2024-11-21 13:34 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223146
|
9.8 |
CRITICAL
Network
|
fronius
|
datamanager_box_2.0_firmware
eco_25.0-3-s_firmware
eco_27.0-3-s_firmware
galvo_1.5-1_firmware
galvo_1.5-1_208-240_firmware
galvo_2.0-1_firmware
galvo_2.0-1_208-240_firmware
galvo…
|
Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2019-19228
|
2024-11-21 13:34 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223147
|
5.5 |
MEDIUM
Local
|
xfig_project
|
xfig
|
read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-19555
|
2024-11-21 13:34 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223148
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.
|
CWE-416
Use After Free
|
CVE-2019-19543
|
2024-11-21 13:34 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223149
|
9.8 |
CRITICAL
Network
|
saltosystem
|
proaccess_space
|
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that wi…
|
CWE-22
Path Traversal
|
CVE-2019-19459
|
2024-11-21 13:34 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223150
|
8.6 |
HIGH
Network
|
saltosystem
|
proaccess_space
|
SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature.
|
CWE-22
Path Traversal
|
CVE-2019-19458
|
2024-11-21 13:34 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
