|
223481
|
7.8 |
HIGH
Local
|
gnu
debian
|
fribidi
debian_linux
|
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrar…
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-18397
|
2024-11-21 13:33 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223482
|
6.1 |
MEDIUM
Network
|
systematicinc
|
iris_standards_management
|
Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting (XSS). A user input (related to dialog information) is reflected directly in the…
|
CWE-79
Cross-site Scripting
|
CVE-2019-18926
|
2024-11-21 13:33 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223483
|
9.8 |
CRITICAL
Network
|
systematic
|
iris_webforms
|
Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-18925
|
2024-11-21 13:33 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223484
|
5.3 |
MEDIUM
Network
|
systematic
|
iris_webforms
|
Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ (and variations), it is possible to list all the directories and check if a …
|
CWE-22
Path Traversal
|
CVE-2019-18924
|
2024-11-21 13:33 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223485
|
9.8 |
CRITICAL
Network
|
upredsun
|
file_sharing_wizard
|
File Sharing Wizard version 1.5.0 build 2008 is affected by a Structured Exception Handler based buffer overflow vulnerability. An unauthenticated attacker is able to perform remote command execution…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-18655
|
2024-11-21 13:33 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223486
|
7.5 |
HIGH
Network
|
json-jwt_project
debian
|
json-jwt
debian_linux
|
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.
|
CWE-287
Improper Authentication
|
CVE-2019-18848
|
2024-11-21 13:33 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223487
|
7.5 |
HIGH
Network
|
istio
|
istio
|
Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-18817
|
2024-11-21 13:33 |
2019-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223488
|
9.8 |
CRITICAL
Network
|
helm
|
helm
|
In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /et…
|
CWE-59
Link Following
|
CVE-2019-18658
|
2024-11-21 13:33 |
2019-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223489
|
6.1 |
MEDIUM
Network
|
wso2
|
identity_server
|
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18882
|
2024-11-21 13:33 |
2019-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223490
|
6.1 |
MEDIUM
Network
|
wso2
|
identity_server
|
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18881
|
2024-11-21 13:33 |
2019-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
