|
222671
|
6.1 |
MEDIUM
Network
|
brizoit
|
work_time_calendar
|
The Work Time Calendar app before 4.7.1 for Jira allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19748
|
2024-11-21 13:35 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222672
|
5.5 |
MEDIUM
Local
|
fig2dev_project
fedoraproject
|
fig2dev
fedora
|
make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2019-19746
|
2024-11-21 13:35 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222673
|
9.8 |
CRITICAL
Network
|
octeth
|
oempro
|
Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.
|
CWE-89
SQL Injection
|
CVE-2019-19740
|
2024-11-21 13:35 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222674
|
7.8 |
HIGH
Local
|
openbsd
|
openbsd
|
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing ch…
|
CWE-269
Improper Privilege Management
|
CVE-2019-19726
|
2024-11-21 13:35 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222675
|
7.5 |
HIGH
Network
|
bson-objectid_project
|
bson-objectid
|
An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the u…
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2019-19729
|
2024-11-21 13:35 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222676
|
9.8 |
CRITICAL
Network
|
sysstat_project
debian
canonical
|
sysstat
debian_linux
ubuntu_linux
|
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.
|
CWE-415
Double Free
|
CVE-2019-19725
|
2024-11-21 13:35 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222677
|
8.8 |
HIGH
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function.
|
CWE-89
SQL Injection
|
CVE-2019-19650
|
2024-11-21 13:35 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222678
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function.
|
CWE-89
SQL Injection
|
CVE-2019-19649
|
2024-11-21 13:35 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222679
|
8.8 |
HIGH
Network
|
yabasic
|
yabasic
|
Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-19720
|
2024-11-21 13:35 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222680
|
6.1 |
MEDIUM
Network
|
tableau
|
tableau_server
|
Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19719
|
2024-11-21 13:35 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
