|
222681
|
6.1 |
MEDIUM
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and u…
|
CWE-601
Open Redirect
|
CVE-2019-19709
|
2024-11-21 13:35 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222682
|
6.1 |
MEDIUM
Network
|
mediawiki
|
visual_editor
|
The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19708
|
2024-11-21 13:35 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222683
|
7.5 |
HIGH
Network
|
moxa
|
eds-g508e_firmware
eds-g512e_firmware
eds-g516e_firmware
|
On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.
|
NVD-CWE-noinfo
|
CVE-2019-19707
|
2024-11-21 13:35 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222684
|
7.8 |
HIGH
Local
|
git-scm
debian
fedoraproject
opensuse
|
git
debian_linux
fedora
leap
|
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can…
|
CWE-78
CWE-862
OS Command
Missing Authorization
|
CVE-2019-19604
|
2024-11-21 13:35 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222685
|
6.1 |
MEDIUM
Network
|
jetbrains
|
ktor
|
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
|
CWE-601
Open Redirect
|
CVE-2019-19703
|
2024-11-21 13:35 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222686
|
7.5 |
HIGH
Network
|
modoboa
|
modoboa-dmarc
|
The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to perform a denial of service…
|
CWE-611
XXE
|
CVE-2019-19702
|
2024-11-21 13:35 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222687
|
6.5 |
MEDIUM
Network
|
libwav_project
|
libwav
|
marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19698
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222688
|
9.8 |
CRITICAL
Network
|
sqlite
siemens
tenable
oracle
netapp
|
sqlite
sinec_infrastructure_network_services
tenable.sc
mysql_workbench
cloud_backup
ontap_select_deploy_administration_utility
|
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2019-19646
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222689
|
7.5 |
HIGH
Network
|
sqlite
oracle
siemens
apache
netapp
|
sqlite
mysql_workbench
sinec_infrastructure_network_services
guacamole
cloud_backup
ontap_select_deploy_administration_utility
|
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
|
NVD-CWE-noinfo
|
CVE-2019-19603
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222690
|
8.8 |
HIGH
Network
|
openstack
|
keystone
|
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enfor…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-19687
|
2024-11-21 13:35 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
