|
223211
|
7.5 |
HIGH
Network
|
rconfig
|
rconfig
|
A downloadFile.php download_file path traversal vulnerability in rConfig through 3.9.3 allows attackers to list files in arbitrary folders and potentially download files. NOTE: the discoverer later r…
|
CWE-22
Path Traversal
|
CVE-2019-19372
|
2024-11-21 13:34 |
2019-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223212
|
6.5 |
MEDIUM
Local
|
linux
redhat
opensuse
|
linux_kernel
enterprise_linux
leap
|
In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/x…
|
CWE-787
CWE-416
Out-of-bounds Write
Use After Free
|
CVE-2019-19319
|
2024-11-21 13:34 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223213
|
4.4 |
MEDIUM
Local
|
linux
opensuse
canonical
debian
netapp
|
linux_kernel
leap
ubuntu_linux
debian_linux
steelstore_cloud_integrated_storage
active_iq_unified_manager
data_availability_services
solidfire
hci_management_node
aff_a700s…
|
In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags…
|
CWE-416
Use After Free
|
CVE-2019-19318
|
2024-11-21 13:34 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223214
|
6.1 |
MEDIUM
Network
|
fusionpbx
|
fusionpbx
|
A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19367
|
2024-11-21 13:34 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223215
|
6.1 |
MEDIUM
Network
|
fusionpbx
|
fusionpbx
|
A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19366
|
2024-11-21 13:34 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223216
|
5.9 |
MEDIUM
Network
|
sqlite
canonical
redhat
oracle
siemens
|
sqlite
ubuntu_linux
enterprise_linux
mysql_workbench
sinec_infrastructure_network_services
|
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19242
|
2024-11-21 13:34 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223217
|
9.8 |
CRITICAL
Network
|
haproxy
canonical
debian
|
haproxy
ubuntu_linux
debian_linux
|
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Inte…
|
CWE-74
Injection
|
CVE-2019-19330
|
2024-11-21 13:34 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223218
|
6.1 |
MEDIUM
Network
|
wikimedia
|
wikidata_query_gui
|
In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was a…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19329
|
2024-11-21 13:34 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223219
|
6.1 |
MEDIUM
Network
|
wikimedia
|
wikidata_query_gui
|
ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wiki…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19328
|
2024-11-21 13:34 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223220
|
6.1 |
MEDIUM
Network
|
wikimedia
|
wikidata_query_gui
|
ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. NOTE: this GUI code is …
|
CWE-79
Cross-site Scripting
|
CVE-2019-19327
|
2024-11-21 13:34 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
