|
224861
|
9.8 |
CRITICAL
Network
|
wolfssl
|
wolfssl
|
In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in Chec…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-16748
|
2024-11-21 13:31 |
2019-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224862
|
9.8 |
CRITICAL
Network
|
linux
debian
canonical
fedoraproject
opensuse
|
linux_kernel
debian_linux
ubuntu_linux
fedora
leap
|
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-16746
|
2024-11-21 13:31 |
2019-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224863
|
7.8 |
HIGH
Local
|
pam-python_project
debian
canonical
|
pam-python
debian_linux
ubuntu_linux
|
pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups.
|
NVD-CWE-noinfo
|
CVE-2019-16729
|
2024-11-21 13:31 |
2019-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224864
|
6.1 |
MEDIUM
Network
|
cure53
debian
|
dompurify
debian_linux
|
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16728
|
2024-11-21 13:31 |
2019-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224865
|
4.3 |
MEDIUM
Network
|
cacti
|
cacti
|
In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-16723
|
2024-11-21 13:31 |
2019-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224866
|
9.8 |
CRITICAL
Network
|
zzzcms
|
zzzphp
|
ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation.
|
NVD-CWE-noinfo
|
CVE-2019-16722
|
2024-11-21 13:31 |
2019-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224867
|
6.5 |
MEDIUM
Network
|
5none
|
nonecms
|
NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user.
|
CWE-352
Origin Validation Error
|
CVE-2019-16721
|
2024-11-21 13:31 |
2019-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224868
|
7.5 |
HIGH
Network
|
zzzcms
|
zzzphp
|
ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-16720
|
2024-11-21 13:31 |
2019-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224869
|
6.5 |
MEDIUM
Network
|
wtcms_project
|
wtcms
|
WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS.
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2019-16719
|
2024-11-21 13:31 |
2019-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224870
|
7.8 |
HIGH
Local
|
radare
|
radare2
|
In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the …
|
CWE-78
OS Command
|
CVE-2019-16718
|
2024-11-21 13:31 |
2019-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
