|
223131
|
6.1 |
MEDIUM
Network
|
wikimedia
|
wikidata_query_gui
|
In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was a…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19329
|
2024-11-21 13:34 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223132
|
6.1 |
MEDIUM
Network
|
wikimedia
|
wikidata_query_gui
|
ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wiki…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19328
|
2024-11-21 13:34 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223133
|
6.1 |
MEDIUM
Network
|
wikimedia
|
wikidata_query_gui
|
ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. NOTE: this GUI code is …
|
CWE-79
Cross-site Scripting
|
CVE-2019-19327
|
2024-11-21 13:34 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223134
|
5.5 |
MEDIUM
Local
|
gnome
|
gnome-font-viewer
|
In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that retur…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19308
|
2024-11-21 13:34 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223135
|
9.8 |
CRITICAL
Network
|
cesanta
|
mongoose
|
An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT …
|
CWE-125
CWE-787
CWE-190
CWE-835
Out-of-bounds Read
Out-of-bounds Write
Integer Overflow or Wraparound
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-19307
|
2024-11-21 13:34 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223136
|
6.1 |
MEDIUM
Network
|
afterlogic
|
aurora
webmail_pro
|
Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19129
|
2024-11-21 13:34 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223137
|
5.4 |
MEDIUM
Network
|
zoho
|
lead_magnet
|
The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19306
|
2024-11-21 13:34 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223138
|
7.5 |
HIGH
Network
|
python
|
typed_ast
|
typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able t…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-19275
|
2024-11-21 13:34 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223139
|
7.5 |
HIGH
Network
|
python
|
typed_ast
|
typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be a…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-19274
|
2024-11-21 13:34 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223140
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19206
|
2024-11-21 13:34 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
