|
222751
|
8.8 |
HIGH
Network
|
lodahs_project
|
lodahs
|
The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurren…
|
NVD-CWE-noinfo
|
CVE-2019-19771
|
2024-11-21 13:35 |
2019-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222752
|
8.2 |
HIGH
Network
|
linux
|
linux_kernel
|
In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created …
|
CWE-416
Use After Free
|
CVE-2019-19770
|
2024-11-21 13:35 |
2019-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222753
|
6.7 |
MEDIUM
Local
|
linux
fedoraproject
|
linux_kernel
fedora
|
In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).
|
CWE-416
Use After Free
|
CVE-2019-19769
|
2024-11-21 13:35 |
2019-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222754
|
7.5 |
HIGH
Network
|
linux
|
linux_kernel
|
In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cp…
|
CWE-416
Use After Free
|
CVE-2019-19768
|
2024-11-21 13:35 |
2019-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222755
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext…
|
CWE-416
Use After Free
|
CVE-2019-19767
|
2024-11-21 13:35 |
2019-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222756
|
7.5 |
HIGH
Network
|
bitwarden
|
server
|
The Bitwarden server through 1.32.0 has a potentially unwanted KDF.
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2019-19766
|
2024-11-21 13:35 |
2019-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222757
|
9.8 |
CRITICAL
Network
|
minerstat
|
msos
|
minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product.
|
NVD-CWE-noinfo
|
CVE-2019-19750
|
2024-11-21 13:35 |
2019-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222758
|
6.1 |
MEDIUM
Network
|
brizoit
|
work_time_calendar
|
The Work Time Calendar app before 4.7.1 for Jira allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19748
|
2024-11-21 13:35 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222759
|
5.5 |
MEDIUM
Local
|
fig2dev_project
fedoraproject
|
fig2dev
fedora
|
make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2019-19746
|
2024-11-21 13:35 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222760
|
9.8 |
CRITICAL
Network
|
octeth
|
oempro
|
Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.
|
CWE-89
SQL Injection
|
CVE-2019-19740
|
2024-11-21 13:35 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
