|
225421
|
7.8 |
HIGH
Local
|
gnucobol_project
|
gnucobol
|
GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code.
|
CWE-416
Use After Free
|
CVE-2019-16396
|
2024-11-21 13:30 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225422
|
7.8 |
HIGH
Local
|
gnucobol_project
|
gnucobol
|
GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-16395
|
2024-11-21 13:30 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225423
|
5.3 |
MEDIUM
Network
|
spip
debian
canonical
|
spip
debian_linux
ubuntu_linux
|
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscr…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-16394
|
2024-11-21 13:30 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225424
|
6.1 |
MEDIUM
Network
|
spip
debian
canonical
|
spip
debian_linux
ubuntu_linux
|
SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.
|
CWE-601
Open Redirect
|
CVE-2019-16393
|
2024-11-21 13:30 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225425
|
6.1 |
MEDIUM
Network
|
spip
debian
canonical
|
spip
debian_linux
ubuntu_linux
|
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16392
|
2024-11-21 13:30 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225426
|
6.5 |
MEDIUM
Network
|
spip
debian
canonical
|
spip
debian_linux
ubuntu_linux
|
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrir…
|
NVD-CWE-noinfo
|
CVE-2019-16391
|
2024-11-21 13:30 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225427
|
9.8 |
CRITICAL
Network
|
eq-3
|
homematic_ccu2_firmware
homematic_ccu3_firmware
|
eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related t…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-16199
|
2024-11-21 13:30 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225428
|
9.8 |
CRITICAL
Network
|
trusteddomain
debian
fedoraproject
canonical
|
opendmarc
debian_linux
fedora
ubuntu_linux
|
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be rel…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2019-16378
|
2024-11-21 13:30 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225429
|
9.8 |
CRITICAL
Network
|
infradead
fedoraproject
debian
canonical
opensuse
|
openconnect
fedora
debian_linux
ubuntu_linux
leap
|
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-16239
|
2024-11-21 13:30 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225430
|
8.2 |
HIGH
Network
|
logmein
|
lastpass
|
LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because do_popupregister can be …
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2019-16371
|
2024-11-21 13:30 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
