|
222591
|
8.8 |
HIGH
Network
|
sa-exim_project
debian
canonical
|
sa-exim
debian_linux
ubuntu_linux
|
sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint …
|
CWE-78
OS Command
|
CVE-2019-19920
|
2024-11-21 13:35 |
2019-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222592
|
9.8 |
CRITICAL
Network
|
handlebars.js_project
tenable
|
handlebars.js
tenable.sc
|
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allo…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2019-19919
|
2024-11-21 13:35 |
2019-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222593
|
7.8 |
HIGH
Local
|
lout_project
opensuse
fedoraproject
|
lout
leap
fedora
backports_sle
|
Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-19918
|
2024-11-21 13:35 |
2019-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222594
|
7.8 |
HIGH
Local
|
lout_project
opensuse
fedoraproject
|
lout
leap
backports_sle
fedora
|
Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c.
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-19917
|
2024-11-21 13:35 |
2019-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222595
|
9.8 |
CRITICAL
Network
|
neuvector
|
neuvector
|
NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any va…
|
CWE-521
Weak Password Requirements
|
CVE-2019-19747
|
2024-11-21 13:35 |
2019-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222596
|
6.1 |
MEDIUM
Network
|
midori-browser
|
midori
|
In Midori Browser 0.5.11 (on Windows 10), Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. This could result…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19916
|
2024-11-21 13:35 |
2019-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222597
|
7.1 |
HIGH
Local
|
trendmicro
|
antivirus\+_security_2020
internet_security_2020
maximum_security_2020
premium_security_2020
|
The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on af…
|
CWE-59
Link Following
|
CVE-2019-19693
|
2024-11-21 13:35 |
2019-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222598
|
6.1 |
MEDIUM
Network
|
trendmicro
|
apex_one
|
Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19692
|
2024-11-21 13:35 |
2019-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222599
|
4.9 |
MEDIUM
Network
|
trendmicro
|
apex_one
officescan
|
A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must …
|
NVD-CWE-noinfo
|
CVE-2019-19691
|
2024-11-21 13:35 |
2019-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222600
|
6.1 |
MEDIUM
Network
|
ciprianmp
|
phpmychat-plus
|
phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19908
|
2024-11-21 13:35 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
