|
223151
|
5.5 |
MEDIUM
Local
|
libarchive
debian
fedoraproject
canonical
|
libarchive
debian_linux
fedora
ubuntu_linux
|
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-19221
|
2024-11-21 13:34 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223152
|
8.8 |
HIGH
Network
|
rconfig
|
rconfig
|
rConfig 3.9.2 allows devices.php?searchColumn= SQL injection.
|
CWE-89
SQL Injection
|
CVE-2019-19207
|
2024-11-21 13:34 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223153
|
7.5 |
HIGH
Network
|
oniguruma_project
debian
fedoraproject
|
oniguruma
debian_linux
fedora
|
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. …
|
CWE-125
Out-of-bounds Read
|
CVE-2019-19204
|
2024-11-21 13:34 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223154
|
7.5 |
HIGH
Network
|
oniguruma_project
fedoraproject
|
oniguruma
fedora
|
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched …
|
CWE-125
Out-of-bounds Read
|
CVE-2019-19203
|
2024-11-21 13:34 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223155
|
8.8 |
HIGH
Network
|
vtiger
|
vtiger_crm
|
In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request.
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-19202
|
2024-11-21 13:34 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223156
|
7.8 |
HIGH
Local
|
kyrolsecuritylabs
|
kyrol_internet_security
|
IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402401 usi…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-19197
|
2024-11-21 13:34 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223157
|
7.8 |
HIGH
Local
|
shibboleth
|
service_provider
|
Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the u…
|
CWE-59
Link Following
|
CVE-2019-19191
|
2024-11-21 13:34 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223158
|
9.8 |
CRITICAL
Network
|
jalios
|
jcms
|
Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-19033
|
2024-11-21 13:34 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223159
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19037
|
2024-11-21 13:34 |
2019-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223160
|
5.5 |
MEDIUM
Local
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information …
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-19039
|
2024-11-21 13:34 |
2019-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
