|
223501
|
7.3 |
HIGH
Network
|
chartkick
|
chartkick.js
|
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.
|
NVD-CWE-noinfo
|
CVE-2019-18841
|
2024-11-21 13:33 |
2019-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223502
|
7.5 |
HIGH
Network
|
envoyproxy
istio
|
envoy
istio
|
Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-18836
|
2024-11-21 13:33 |
2019-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223503
|
7.1 |
HIGH
Local
|
patriotmemory
|
viper_rgb_firmware
|
The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT A…
|
CWE-269
Improper Privilege Management
|
CVE-2019-18845
|
2024-11-21 13:33 |
2019-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223504
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow i…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-18840
|
2024-11-21 13:33 |
2019-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223505
|
9.8 |
CRITICAL
Network
|
energycap
|
energycap
|
Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with acce…
|
CWE-269
Improper Privilege Management
|
CVE-2019-18623
|
2024-11-21 13:33 |
2019-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223506
|
9.8 |
CRITICAL
Network
|
matrix
|
synapse
|
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2019-18835
|
2024-11-21 13:33 |
2019-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223507
|
9.8 |
CRITICAL
Network
|
strapi
|
strapi
|
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2019-18818
|
2024-11-21 13:33 |
2019-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223508
|
5.5 |
MEDIUM
Local
|
eximioussoft
|
logo_designer
|
Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiCustomPathLib!ExiCustomPathLib::CGradientColorsProfile::BuildGradientColorsTable+0x0000000000000053.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-18821
|
2024-11-21 13:33 |
2019-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223509
|
5.5 |
MEDIUM
Local
|
eximioussoft
|
logo_designer
|
Eximious Logo Designer 3.82 has Heap Corruption starting at ntdll!RtlpNtMakeTemporaryKey+0x0000000000001a78.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-18820
|
2024-11-21 13:33 |
2019-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223510
|
5.5 |
MEDIUM
Local
|
eximioussoft
|
logo_designer
|
Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiVectorRender!StrokeText_Blend+0x00000000000003a7.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-18819
|
2024-11-21 13:33 |
2019-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
