|
223491
|
7.5 |
HIGH
Network
|
psutil_project
|
psutil
|
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
|
CWE-415
Double Free
|
CVE-2019-18874
|
2024-11-21 13:33 |
2019-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223492
|
7.8 |
HIGH
Local
|
gnu
|
mailutils
|
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
|
NVD-CWE-noinfo
|
CVE-2019-18862
|
2024-11-21 13:33 |
2019-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223493
|
7.5 |
HIGH
Network
|
svg-sanitizer_project
|
svg-sanitizer
|
darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18857
|
2024-11-21 13:33 |
2019-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223494
|
7.5 |
HIGH
Network
|
drupal
|
svg_sanitizer
|
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-18856
|
2024-11-21 13:33 |
2019-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223495
|
7.5 |
HIGH
Network
|
10up
|
safe_svg
|
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.
|
NVD-CWE-noinfo
|
CVE-2019-18855
|
2024-11-21 13:33 |
2019-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223496
|
7.5 |
HIGH
Network
|
10up
|
safe_svg
|
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.
|
CWE-674
Uncontrolled Recursion
|
CVE-2019-18854
|
2024-11-21 13:33 |
2019-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223497
|
9.0 |
CRITICAL
Network
|
fudforum
|
fudforum
|
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET reques…
|
CWE-79
CWE-78
Cross-site Scripting
OS Command
|
CVE-2019-18873
|
2024-11-21 13:33 |
2019-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223498
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
|
CWE-674
Uncontrolled Recursion
|
CVE-2019-18853
|
2024-11-21 13:33 |
2019-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223499
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-600_b1_firmware
dir-615_j1_firmware
dir-645_a1_firmware
dir-815_a1_firmware
dir-823_a1_firmware
dir-842_c1_firmware
dir-890l_a1_firmware
|
Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-18852
|
2024-11-21 13:33 |
2019-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223500
|
5.5 |
MEDIUM
Local
|
tnef_project
fedoraproject
canonical
debian
|
tnef
fedora
ubuntu_linux
debian_linux
|
In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-ba…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-18849
|
2024-11-21 13:33 |
2019-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
