|
223221
|
5.5 |
MEDIUM
Local
|
gnome
|
gnome-font-viewer
|
In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that retur…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19308
|
2024-11-21 13:34 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223222
|
9.8 |
CRITICAL
Network
|
cesanta
|
mongoose
|
An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT …
|
CWE-125
CWE-787
CWE-190
CWE-835
Out-of-bounds Read
Out-of-bounds Write
Integer Overflow or Wraparound
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-19307
|
2024-11-21 13:34 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223223
|
6.1 |
MEDIUM
Network
|
afterlogic
|
aurora
webmail_pro
|
Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19129
|
2024-11-21 13:34 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223224
|
5.4 |
MEDIUM
Network
|
zoho
|
lead_magnet
|
The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19306
|
2024-11-21 13:34 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223225
|
7.5 |
HIGH
Network
|
python
|
typed_ast
|
typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able t…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-19275
|
2024-11-21 13:34 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223226
|
7.5 |
HIGH
Network
|
python
|
typed_ast
|
typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be a…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-19274
|
2024-11-21 13:34 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223227
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19206
|
2024-11-21 13:34 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223228
|
7.5 |
HIGH
Network
|
proftpd
|
proftpd
|
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client c…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19272
|
2024-11-21 13:34 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223229
|
7.5 |
HIGH
Network
|
proftpd
|
proftpd
|
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can c…
|
CWE-295
Improper Certificate Validation
|
CVE-2019-19271
|
2024-11-21 13:34 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223230
|
7.5 |
HIGH
Network
|
proftpd
fedoraproject
|
proftpd
fedora
|
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for i…
|
CWE-295
Improper Certificate Validation
|
CVE-2019-19270
|
2024-11-21 13:34 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
