|
225441
|
8.8 |
HIGH
Network
|
miniupnp_project
|
ngiflib
|
ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.
|
CWE-787
CWE-682
Out-of-bounds Write
Incorrect Calculation
|
CVE-2019-16347
|
2024-11-21 13:30 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225442
|
8.8 |
HIGH
Network
|
miniupnp_project
|
ngiflib
|
ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.
|
CWE-787
CWE-682
Out-of-bounds Write
Incorrect Calculation
|
CVE-2019-16346
|
2024-11-21 13:30 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225443
|
9.8 |
CRITICAL
Network
|
egpp
|
sistema_integrado_de_gestion_academica
|
In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing attack…
|
CWE-89
SQL Injection
|
CVE-2019-16264
|
2024-11-21 13:30 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225444
|
6.1 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16197
|
2024-11-21 13:30 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225445
|
7.1 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control.
|
NVD-CWE-noinfo
|
CVE-2019-16170
|
2024-11-21 13:30 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225446
|
9.8 |
CRITICAL
Network
|
fasterxml
fedoraproject
debian
netapp
redhat
oracle
|
jackson-databind
fedora
debian_linux
steelstore_cloud_integrated_storage
oncommand_workflow_automation
oncommand_api_services
jboss_enterprise_application_platform
retail_xstore_…
|
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-16335
|
2024-11-21 13:30 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225447
|
4.8 |
MEDIUM
Network
|
bludit
|
bludit
|
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16334
|
2024-11-21 13:30 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225448
|
5.4 |
MEDIUM
Network
|
get-simple
|
getsimple_cms
|
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16333
|
2024-11-21 13:30 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225449
|
6.1 |
MEDIUM
Network
|
api_bearer_auth_project
|
api_bearer_auth
|
In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16332
|
2024-11-21 13:30 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225450
|
6.1 |
MEDIUM
Network
|
scadabr
|
scadabr
|
ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16321
|
2024-11-21 13:30 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
