|
223531
|
5.3 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure.
|
CWE-862
Missing Authorization
|
CVE-2019-18674
|
2024-11-21 13:33 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223532
|
8.8 |
HIGH
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability.
|
CWE-352
Origin Validation Error
|
CVE-2019-18650
|
2024-11-21 13:33 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223533
|
9.8 |
CRITICAL
Network
|
veritas
|
infoscale
flex_appliance
access
access_appliance
cluster_server
storage_foundation_ha
|
An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. The…
|
CWE-77
Command Injection
|
CVE-2019-18780
|
2024-11-21 13:33 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223534
|
7.8 |
HIGH
Local
|
centrify
|
authentication_service
privilege_elevation_service
|
The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 (18.8), 3.5.2 (18.11), and 3.6.0 (19.6) does not properly handle an unspecif…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-18631
|
2024-11-21 13:33 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223535
|
9.8 |
CRITICAL
Network
|
isl
|
arp-guard
|
A SQL injection vulnerability in a /login/forgot1 POST request in ARP-GUARD 4.0.0-5 allows unauthenticated remote attackers to execute arbitrary SQL commands via the user_id parameter.
|
CWE-89
SQL Injection
|
CVE-2019-18663
|
2024-11-21 13:33 |
2019-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223536
|
7.0 |
HIGH
Local
|
sudo_project
|
sudo
|
Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and t…
|
CWE-362
Race Condition
|
CVE-2019-18684
|
2024-11-21 13:33 |
2019-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223537
|
7.0 |
HIGH
Local
|
linux
canonical
opensuse
netapp
broadcom
debian
|
linux_kernel
ubuntu_linux
leap
cloud_backup
element_software
steelstore_cloud_integrated_storage
data_availability_services
solidfire
hci_management_node
active_iq_unified_…
|
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 ac…
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2019-18683
|
2024-11-21 13:33 |
2019-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223538
|
7.5 |
HIGH
Network
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-18680
|
2024-11-21 13:33 |
2019-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223539
|
4.6 |
MEDIUM
Physics
|
shiftcrypto
|
bitbox02
|
On SHIFT BitBox02 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a parti…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-18673
|
2024-11-21 13:33 |
2019-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223540
|
6.1 |
MEDIUM
Network
|
pfsense
|
pfsense-pkg-freeradius3
|
/usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript c…
|
CWE-79
Cross-site Scripting
|
CVE-2019-18667
|
2024-11-21 13:33 |
2019-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
