|
223611
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/apple…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19227
|
2024-11-21 13:34 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223612
|
5.5 |
MEDIUM
Local
|
libarchive
debian
fedoraproject
canonical
|
libarchive
debian_linux
fedora
ubuntu_linux
|
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-19221
|
2024-11-21 13:34 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223613
|
8.8 |
HIGH
Network
|
rconfig
|
rconfig
|
rConfig 3.9.2 allows devices.php?searchColumn= SQL injection.
|
CWE-89
SQL Injection
|
CVE-2019-19207
|
2024-11-21 13:34 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223614
|
7.5 |
HIGH
Network
|
oniguruma_project
debian
fedoraproject
|
oniguruma
debian_linux
fedora
|
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. …
|
CWE-125
Out-of-bounds Read
|
CVE-2019-19204
|
2024-11-21 13:34 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223615
|
7.5 |
HIGH
Network
|
oniguruma_project
fedoraproject
|
oniguruma
fedora
|
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched …
|
CWE-125
Out-of-bounds Read
|
CVE-2019-19203
|
2024-11-21 13:34 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223616
|
8.8 |
HIGH
Network
|
vtiger
|
vtiger_crm
|
In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request.
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-19202
|
2024-11-21 13:34 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223617
|
7.8 |
HIGH
Local
|
kyrolsecuritylabs
|
kyrol_internet_security
|
IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402401 usi…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-19197
|
2024-11-21 13:34 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223618
|
7.8 |
HIGH
Local
|
shibboleth
|
service_provider
|
Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the u…
|
CWE-59
Link Following
|
CVE-2019-19191
|
2024-11-21 13:34 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223619
|
9.8 |
CRITICAL
Network
|
jalios
|
jcms
|
Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-19033
|
2024-11-21 13:34 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223620
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19037
|
2024-11-21 13:34 |
2019-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
