|
223561
|
7.5 |
HIGH
Network
|
linux
|
acrn
|
The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information…
|
CWE-617
Reachable Assertion
|
CVE-2019-18844
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223562
|
8.6 |
HIGH
Network
|
crun_project
fedoraproject
|
crun
fedora
|
An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in li…
|
CWE-59
Link Following
|
CVE-2019-18837
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223563
|
6.1 |
MEDIUM
Network
|
parallels
|
parallels_plesk_panel
|
Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the "fileName" parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18793
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223564
|
8.8 |
HIGH
Network
|
western_digital
|
my_cloud_ex2_ultra_firmware
|
Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters.
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-18931
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223565
|
8.8 |
HIGH
Network
|
western_digital
|
my_cloud_ex2_ultra_firmware
|
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification log…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-18930
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223566
|
8.8 |
HIGH
Network
|
western_digital
|
my_cloud_ex2_ultra_firmware
|
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-18929
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223567
|
9.0 |
CRITICAL
Network
|
fudforum
|
fudforum
|
FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. …
|
CWE-79
CWE-78
Cross-site Scripting
OS Command
|
CVE-2019-18839
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223568
|
7.8 |
HIGH
Local
|
gnu
debian
|
fribidi
debian_linux
|
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrar…
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-18397
|
2024-11-21 13:33 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223569
|
6.1 |
MEDIUM
Network
|
systematicinc
|
iris_standards_management
|
Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting (XSS). A user input (related to dialog information) is reflected directly in the…
|
CWE-79
Cross-site Scripting
|
CVE-2019-18926
|
2024-11-21 13:33 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223570
|
9.8 |
CRITICAL
Network
|
systematic
|
iris_webforms
|
Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-18925
|
2024-11-21 13:33 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
