|
222651
|
7.8 |
HIGH
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. Th…
|
CWE-416
Use After Free
|
CVE-2019-19807
|
2024-11-21 13:35 |
2019-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222652
|
5.5 |
MEDIUM
Local
|
xfig_project
fedoraproject
debian
|
fig2dev
fedora
debian_linux
|
read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-19797
|
2024-11-21 13:35 |
2019-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222653
|
7.8 |
HIGH
Local
|
yabasic
|
yabasic
|
Yabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source file.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-19796
|
2024-11-21 13:35 |
2019-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222654
|
7.8 |
HIGH
Local
|
samurai_project
|
samurai
|
samurai 0.7 has a heap-based buffer overflow in canonpath in util.c via a crafted build file.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-19795
|
2024-11-21 13:35 |
2019-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222655
|
5.9 |
MEDIUM
Network
|
miekg-dns_project
|
miekg-dns
|
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to res…
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2019-19794
|
2024-11-21 13:35 |
2019-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222656
|
8.8 |
HIGH
Network
|
cyxtera
|
appgate_sdp
|
In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Windows, a local or remote user from the same domain can gain privileges.
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2019-19793
|
2024-11-21 13:35 |
2019-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222657
|
9.8 |
CRITICAL
Network
|
telerik
|
radchart
ui_for_asp.net_ajax
|
Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server throu…
|
CWE-22
Path Traversal
|
CVE-2019-19790
|
2024-11-21 13:35 |
2019-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222658
|
8.8 |
HIGH
Network
|
zohocorp
|
manageengine_eventlog_analyzer
|
An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypa…
|
NVD-CWE-noinfo
|
CVE-2019-19774
|
2024-11-21 13:35 |
2019-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222659
|
5.3 |
MEDIUM
Network
|
dovecot
fedoraproject
|
dovecot
fedora
|
In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group ad…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19722
|
2024-11-21 13:35 |
2019-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222660
|
7.8 |
HIGH
Local
|
atasm_project
fedoraproject
|
atasm
fedora
|
ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c via a crafted .m65 file.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-19787
|
2024-11-21 13:35 |
2019-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
