|
223531
|
9.8 |
CRITICAL
Network
|
oniguruma_project
debian
fedoraproject
redhat
|
oniguruma
debian_linux
fedora
enterprise_linux
|
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker…
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2019-19012
|
2024-11-21 13:33 |
2019-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223532
|
7.5 |
HIGH
Network
|
miniupnp_project
|
ngiflib
|
MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueColor in ngiflib.c via a file that lacks a palette.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19011
|
2024-11-21 13:33 |
2019-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223533
|
9.8 |
CRITICAL
Network
|
limnoria_project
fedoraproject
|
limnoria
fedora
|
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impa…
|
CWE-94
Code Injection
|
CVE-2019-19010
|
2024-11-21 13:33 |
2019-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223534
|
7.8 |
HIGH
Local
|
symantec
|
endpoint_protection
|
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software applic…
|
NVD-CWE-noinfo
|
CVE-2019-18372
|
2024-11-21 13:33 |
2019-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223535
|
5.3 |
MEDIUM
Network
|
mediawiki
|
abusefilter
|
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, t…
|
CWE-200
Information Exposure
|
CVE-2019-18987
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223536
|
7.5 |
HIGH
Network
|
pimcore
|
pimcore
|
Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2019-18986
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223537
|
9.8 |
CRITICAL
Network
|
pimcore
|
pimcore
|
Pimcore before 6.2.2 lacks brute force protection for the 2FA token.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2019-18985
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223538
|
6.1 |
MEDIUM
Network
|
pimcore
|
pimcore
|
bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18982
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223539
|
9.8 |
CRITICAL
Network
|
pimcore
|
pimcore
|
Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.
|
NVD-CWE-noinfo
CWE-838
Inappropriate Encoding for Output Context
|
CVE-2019-18981
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223540
|
9.8 |
CRITICAL
Network
|
cyrus
fedoraproject
debian
|
imap
fedora
debian_linux
|
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived…
|
NVD-CWE-noinfo
|
CVE-2019-18928
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
