|
222621
|
6.5 |
MEDIUM
Network
|
rockcarry
|
ffjpeg
|
bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a NULL pointer dereference related to jfif_encode.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19887
|
2024-11-21 13:35 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222622
|
9.8 |
CRITICAL
Network
|
djangoproject
canonical
|
django
ubuntu_linux
|
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2019-19844
|
2024-11-21 13:35 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222623
|
6.5 |
MEDIUM
Network
|
tautulli
|
tautulli
|
In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications that do not have a user login area).
|
CWE-352
Origin Validation Error
|
CVE-2019-19833
|
2024-11-21 13:35 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222624
|
8.8 |
HIGH
Network
|
xerox
|
altalink_c8035_firmware
|
Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)
|
CWE-352
Origin Validation Error
|
CVE-2019-19832
|
2024-11-21 13:35 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222625
|
5.4 |
MEDIUM
Network
|
solarwinds
|
serv-u_ftp_server
|
A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19829
|
2024-11-21 13:35 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222626
|
7.8 |
HIGH
Local
|
shadow_project
|
shadow
|
shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affe…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-19882
|
2024-11-21 13:35 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222627
|
4.8 |
MEDIUM
Network
|
dlink
|
dir-615_firmware
|
On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19742
|
2024-11-21 13:35 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222628
|
7.5 |
HIGH
Network
|
sqlite
netapp
debian
suse
redhat
opensuse
oracle
siemens
|
sqlite
cloud_backup
debian_linux
package_hub
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
leap
backports_sle
mysql_workbench
sinec_infra…
|
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19880
|
2024-11-21 13:35 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222629
|
9.8 |
CRITICAL
Network
|
joomla
|
joomla\!
|
In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.
|
CWE-89
SQL Injection
|
CVE-2019-19846
|
2024-11-21 13:35 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222630
|
5.3 |
MEDIUM
Network
|
joomla
|
joomla\!
|
In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.
|
CWE-22
Path Traversal
|
CVE-2019-19845
|
2024-11-21 13:35 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
