|
223131
|
9.8 |
CRITICAL
Network
|
cesnet
redhat
|
libyang
enterprise_linux
|
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untru…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-19333
|
2024-11-21 13:34 |
2019-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223132
|
6.5 |
MEDIUM
Network
|
norton
|
password_manager
|
Norton Password Manager, prior to 6.6.2.5, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an ac…
|
NVD-CWE-noinfo
|
CVE-2019-19546
|
2024-11-21 13:34 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223133
|
6.3 |
MEDIUM
Network
|
norton
|
password_manager
|
Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be re…
|
CWE-346
Origin Validation Error
|
CVE-2019-19545
|
2024-11-21 13:34 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223134
|
6.1 |
MEDIUM
Network
|
sceditor
|
sceditor
|
SCEditor 2.1.3 allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19466
|
2024-11-21 13:34 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223135
|
9.8 |
CRITICAL
Network
|
sqlite
netapp
oracle
siemens
|
sqlite
cloud_backup
ontap_select_deploy_administration_utility
mysql_workbench
sinec_infrastructure_network_services
|
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other …
|
CWE-681
Incorrect Conversion between Numeric Types
|
CVE-2019-19317
|
2024-11-21 13:34 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223136
|
7.5 |
HIGH
Network
|
wireshark
opensuse
oracle
debian
|
wireshark
leap
solaris
zfs_storage_appliance
debian_linux
|
In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NU…
|
CWE-909
Missing Initialization of Resource
|
CVE-2019-19553
|
2024-11-21 13:34 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223137
|
7.8 |
HIGH
Local
|
openbsd
|
openbsd
|
OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-19522
|
2024-11-21 13:34 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223138
|
9.8 |
CRITICAL
Network
|
openbsd
|
openbsd
|
libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and logi…
|
CWE-287
Improper Authentication
|
CVE-2019-19521
|
2024-11-21 13:34 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223139
|
7.8 |
HIGH
Local
|
openbsd
|
openbsd
|
xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlope…
|
CWE-863
Incorrect Authorization
|
CVE-2019-19520
|
2024-11-21 13:34 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223140
|
7.8 |
HIGH
Local
|
openbsd
|
openbsd
|
In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c.
|
CWE-287
Improper Authentication
|
CVE-2019-19519
|
2024-11-21 13:34 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
