|
223161
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19036
|
2024-11-21 13:34 |
2019-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223162
|
3.3 |
LOW
Local
|
gnu
canonical
fedoraproject
debian
|
glibc
ubuntu_linux
fedora
debian_linux
|
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing …
|
CWE-665
Improper Initialization
|
CVE-2019-19126
|
2024-11-21 13:34 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223163
|
8.8 |
HIGH
Network
|
phicomm
|
k2\(psg1218\)_firmware
|
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci aut…
|
CWE-78
OS Command
|
CVE-2019-19117
|
2024-11-21 13:34 |
2019-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223164
|
9.8 |
CRITICAL
Network
|
newbee-mall_project
|
newbee-mall
|
main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection.
|
CWE-89
SQL Injection
|
CVE-2019-19113
|
2024-11-21 13:34 |
2019-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223165
|
5.4 |
MEDIUM
Network
|
octopus
|
server
|
A persistent cross-site scripting (XSS) vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to inject arbitrary web script or HTML.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19085
|
2024-11-21 13:34 |
2019-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223166
|
4.3 |
MEDIUM
Network
|
octopus
|
octopus_deploy
|
In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underl…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-19084
|
2024-11-21 13:34 |
2019-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223167
|
5.9 |
MEDIUM
Network
|
linux
redhat
opensuse
|
linux_kernel
enterprise_linux
leap
|
A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory …
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2019-19081
|
2024-11-21 13:34 |
2019-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223168
|
5.9 |
MEDIUM
Network
|
linux
opensuse
|
linux_kernel
leap
|
Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memor…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2019-19080
|
2024-11-21 13:34 |
2019-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223169
|
7.5 |
HIGH
Network
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2019-19079
|
2024-11-21 13:34 |
2019-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223170
|
4.7 |
MEDIUM
Local
|
linux
canonical
opensuse
|
linux_kernel
ubuntu_linux
leap
|
Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects …
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2019-19083
|
2024-11-21 13:34 |
2019-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
