|
218831
|
7.5 |
HIGH
Network
|
axiosys
|
bento4
|
An issue was discovered in Bento4 v1.5.1-627. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp when called from the AP4_EsdsAtom class in C…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2019-6132
|
2024-11-21 13:46 |
2019-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218832
|
5.5 |
MEDIUM
Local
|
artifex
|
mupdf
|
svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.
|
CWE-674
Uncontrolled Recursion
|
CVE-2019-6131
|
2024-11-21 13:46 |
2019-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218833
|
9.8 |
CRITICAL
Network
|
live555
debian
|
live555_media_server
debian_linux
|
A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2019-6256
|
2024-11-21 13:46 |
2019-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218834
|
8.8 |
HIGH
Network
|
zeromq
debian
|
libzmq
debian_linux
|
A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticate…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-6250
|
2024-11-21 13:46 |
2019-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218835
|
6.7 |
MEDIUM
Local
|
polkit_project
debian
redhat
canonical
|
polkit
debian_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_server_tus
enterprise_linux_server_eus
enterprise_linux_server_…
|
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to la…
|
CWE-362
Race Condition
|
CVE-2019-6133
|
2024-11-21 13:46 |
2019-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218836
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
CWE-415
Double Free
|
CVE-2019-5797
|
2024-11-21 13:45 |
2022-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218837
|
5.3 |
MEDIUM
Network
|
rapid7
|
insightvm
|
Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login p…
|
CWE-613
Insufficient Session Expiration
|
CVE-2019-5641
|
2024-11-21 13:45 |
2022-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218838
|
5.3 |
MEDIUM
Network
|
rapid7
|
nexpose
|
Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser featur…
|
CWE-200
Information Exposure
|
CVE-2019-5640
|
2024-11-21 13:45 |
2021-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218839
|
7.5 |
HIGH
Network
|
rapid7
|
metasploit
|
By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can eit…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-5645
|
2024-11-21 13:45 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218840
|
6.5 |
MEDIUM
Adjacent
|
fortinet
|
fortios
|
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-5591
|
2024-11-21 13:45 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
