|
224951
|
5.3 |
MEDIUM
Network
|
spip
debian
canonical
|
spip
debian_linux
ubuntu_linux
|
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscr…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-16394
|
2024-11-21 13:30 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224952
|
6.1 |
MEDIUM
Network
|
spip
debian
canonical
|
spip
debian_linux
ubuntu_linux
|
SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.
|
CWE-601
Open Redirect
|
CVE-2019-16393
|
2024-11-21 13:30 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224953
|
6.1 |
MEDIUM
Network
|
spip
debian
canonical
|
spip
debian_linux
ubuntu_linux
|
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16392
|
2024-11-21 13:30 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224954
|
6.5 |
MEDIUM
Network
|
spip
debian
canonical
|
spip
debian_linux
ubuntu_linux
|
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrir…
|
NVD-CWE-noinfo
|
CVE-2019-16391
|
2024-11-21 13:30 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224955
|
9.8 |
CRITICAL
Network
|
eq-3
|
homematic_ccu2_firmware
homematic_ccu3_firmware
|
eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related t…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-16199
|
2024-11-21 13:30 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224956
|
9.8 |
CRITICAL
Network
|
trusteddomain
debian
fedoraproject
canonical
|
opendmarc
debian_linux
fedora
ubuntu_linux
|
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be rel…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2019-16378
|
2024-11-21 13:30 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224957
|
9.8 |
CRITICAL
Network
|
infradead
fedoraproject
debian
canonical
opensuse
|
openconnect
fedora
debian_linux
ubuntu_linux
leap
|
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-16239
|
2024-11-21 13:30 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224958
|
8.2 |
HIGH
Network
|
logmein
|
lastpass
|
LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because do_popupregister can be …
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2019-16371
|
2024-11-21 13:30 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224959
|
5.9 |
MEDIUM
Network
|
gradle
|
gradle
|
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related …
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2019-16370
|
2024-11-21 13:30 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224960
|
9.8 |
CRITICAL
Network
|
moddable
|
xs
moddable
|
In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-16366
|
2024-11-21 13:30 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
