|
219881
|
7.8 |
HIGH
Local
|
sqla_yaml_fixtures_project
|
sqla_yaml_fixtures
|
Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load.
|
CWE-94
Code Injection
|
CVE-2019-3575
|
2024-11-21 13:42 |
2019-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219882
|
4.4 |
MEDIUM
Local
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dl…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-3701
|
2024-11-21 13:42 |
2019-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219883
|
7.5 |
HIGH
Network
|
openrefine
|
openrefine
|
OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file.
|
CWE-22
Path Traversal
|
CVE-2019-3580
|
2024-11-21 13:42 |
2019-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219884
|
9.8 |
CRITICAL
Network
|
bijiadao
|
waimai_super_cms
|
An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows blind SQL Injection via the id[0] parameter to the /product URI.
|
CWE-89
SQL Injection
|
CVE-2019-3577
|
2024-11-21 13:42 |
2019-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219885
|
9.8 |
CRITICAL
Network
|
inxedu_project
|
inxedu
|
inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure via the deleteFaveorite/ PATH_INFO. The vulnerable code location is com.inxedu.os.edu.controller.us…
|
CWE-89
SQL Injection
|
CVE-2019-3576
|
2024-11-21 13:42 |
2019-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219886
|
6.5 |
MEDIUM
Network
|
libming
|
libming
|
An issue was discovered in libming 0.4.8. There is a heap-based buffer over-read in the function writePNG in the file util/dbl2png.c of the dbl2png command-line program. Because this is associated wi…
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2019-3572
|
2024-11-21 13:42 |
2019-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219887
|
4.8 |
MEDIUM
Network
|
ougc_awards_project
|
ougc_awards
|
The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted award reason that is mishandled on the awards page or in a user profile.
|
CWE-79
Cross-site Scripting
|
CVE-2019-3501
|
2024-11-21 13:42 |
2019-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219888
|
7.8 |
HIGH
Local
|
aria2_project
debian
fedoraproject
canonical
|
aria2
debian_linux
fedora
ubuntu_linux
|
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-3500
|
2024-11-21 13:42 |
2019-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219889
|
7.5 |
HIGH
Network
|
simply-blog_project
|
simply-blog
|
Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter.
|
CWE-89
SQL Injection
|
CVE-2019-3494
|
2024-11-21 13:42 |
2019-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219890
|
8.8 |
HIGH
Network
|
oracle
|
retail_store_inventory_management
|
Vulnerability in the Oracle Retail Store Inventory Management product of Oracle Retail Applications (component: Security). The supported version that is affected is 16.0. Easily exploitable vulnerabi…
|
NVD-CWE-noinfo
|
CVE-2019-2880
|
2024-11-21 13:41 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
