|
223061
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.
|
CWE-416
Use After Free
|
CVE-2019-19543
|
2024-11-21 13:34 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223062
|
9.8 |
CRITICAL
Network
|
saltosystem
|
proaccess_space
|
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that wi…
|
CWE-22
Path Traversal
|
CVE-2019-19459
|
2024-11-21 13:34 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223063
|
8.6 |
HIGH
Network
|
saltosystem
|
proaccess_space
|
SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature.
|
CWE-22
Path Traversal
|
CVE-2019-19458
|
2024-11-21 13:34 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223064
|
5.4 |
MEDIUM
Network
|
saltosystem
|
proaccess_space
|
SALTO ProAccess SPACE 5.4.3.0 allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19457
|
2024-11-21 13:34 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223065
|
8.8 |
HIGH
Network
|
freeftpd
|
freeftpd
|
freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command (this is exploitable even if logging is disabled).
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-19383
|
2024-11-21 13:34 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223066
|
7.8 |
HIGH
Local
|
maxpcsecure
|
anti_virus_plus
|
Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-19382
|
2024-11-21 13:34 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223067
|
5.5 |
MEDIUM
Local
|
saltosystem
|
proaccess_space
|
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege.…
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-19460
|
2024-11-21 13:34 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223068
|
4.2 |
MEDIUM
Physics
|
linux
|
linux_kernel
|
In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/…
|
CWE-362
Race Condition
|
CVE-2019-19537
|
2024-11-21 13:34 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223069
|
4.6 |
MEDIUM
Physics
|
linux
debian
opensuse
|
linux_kernel
debian_linux
leap
|
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.
|
CWE-909
Missing Initialization of Resource
|
CVE-2019-19536
|
2024-11-21 13:34 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223070
|
4.6 |
MEDIUM
Physics
|
linux
debian
opensuse
oracle
|
linux_kernel
debian_linux
leap
sd-wan_edge
|
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.
|
CWE-908
CWE-909
Use of Uninitialized Resource
Missing Initialization of Resource
|
CVE-2019-19535
|
2024-11-21 13:34 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
