|
223521
|
7.5 |
HIGH
Network
|
sensiolabs
fedoraproject
|
symfony
fedora
|
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIM…
|
CWE-88
Argument Injection
|
CVE-2019-18888
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223522
|
8.1 |
HIGH
Network
|
sensiolabs
fedoraproject
|
symfony
fedora
|
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/h…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-18887
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223523
|
9.8 |
CRITICAL
Network
|
sangoma
|
freepbx
|
Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
|
CWE-287
Improper Authentication
|
CVE-2019-19006
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223524
|
6.5 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query.
|
CWE-89
SQL Injection
|
CVE-2019-18890
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223525
|
5.3 |
MEDIUM
Network
|
sensiolabs
|
symfony
|
An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthor…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-18886
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223526
|
9.8 |
CRITICAL
Network
|
hotkeyp_project
|
hotkeyp
|
HotkeyP through 4.9 r96 allows privilege escalation in the privilege function in Commands.cpp.
|
NVD-CWE-noinfo
|
CVE-2019-18349
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223527
|
7.8 |
HIGH
Local
|
gonitro
|
nitro_pro
|
Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this c…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-18958
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223528
|
9.8 |
CRITICAL
Network
|
codesys
|
control_for_empc-a\/imx6
control_for_iot2000
control_for_linux
control_for_plcnext
control_for_pfc100
control_for_pfc200
remote_target_visu_toolkit
hmi
embedded_target_visu_to…
|
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-18858
|
2024-11-21 13:33 |
2019-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223529
|
7.3 |
HIGH
Network
|
nlnetlabs
fedoraproject
opensuse
|
unbound
fedora
leap
|
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was…
|
CWE-78
OS Command
|
CVE-2019-18934
|
2024-11-21 13:33 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223530
|
5.6 |
MEDIUM
Physics
|
symantec
|
norton_app_lock
|
Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking other apps o…
|
NVD-CWE-noinfo
|
CVE-2019-18373
|
2024-11-21 13:33 |
2019-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
