|
218261
|
9.1 |
CRITICAL
Network
|
amazon
|
ring_video_doorbell_firmware
|
Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio and video data, or insert spoofed video that does not correspond to the actual person at the door.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2019-9483
|
2024-11-21 13:51 |
2019-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218262
|
5.3 |
MEDIUM
Network
|
misp
|
misp
|
In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting. The issue affects instance…
|
CWE-862
Missing Authorization
|
CVE-2019-9482
|
2024-11-21 13:51 |
2019-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218263
|
9.8 |
CRITICAL
Network
|
baigo
|
baigo_cms
|
An issue was discovered in baigo CMS 2.1.1. There is a vulnerability that allows remote attackers to execute arbitrary code. A BG_SITE_NAME parameter with malicious code can be written into the opt_b…
|
CWE-94
Code Injection
|
CVE-2019-9227
|
2024-11-21 13:51 |
2019-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218264
|
6.1 |
MEDIUM
Network
|
baigo
|
baigo_cms
|
An issue was discovered in baigo CMS 2.1.1. There is a persistent XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the opt[base][BG_SITE_NAME] parameter to th…
|
CWE-79
Cross-site Scripting
|
CVE-2019-9226
|
2024-11-21 13:51 |
2019-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218265
|
9.8 |
CRITICAL
Network
|
live555
opensuse
debian
|
streaming_media
leap
backports_sle
debian_linux
|
In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.
|
NVD-CWE-noinfo
|
CVE-2019-9215
|
2024-11-21 13:51 |
2019-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218266
|
7.5 |
HIGH
Network
|
wireshark
debian
|
wireshark
debian_linux
|
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-9214
|
2024-11-21 13:51 |
2019-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218267
|
5.5 |
MEDIUM
Local
|
wireshark
debian
canonical
opensuse
|
wireshark
debian_linux
ubuntu_linux
leap
|
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with e…
|
CWE-787
CWE-193
Out-of-bounds Write
Off-by-one Error
|
CVE-2019-9209
|
2024-11-21 13:51 |
2019-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218268
|
7.5 |
HIGH
Network
|
wireshark
debian
|
wireshark
debian_linux
|
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-9208
|
2024-11-21 13:51 |
2019-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218269
|
6.5 |
MEDIUM
Network
|
gnu
fedoraproject
suse
|
pspp
fedora
backports
|
There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service.
|
CWE-617
Reachable Assertion
|
CVE-2019-9211
|
2024-11-21 13:51 |
2019-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218270
|
9.8 |
CRITICAL
Network
|
antfin
|
sofa-hessian
|
SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.i…
|
CWE-184
CWE-502
Incomplete Blacklist
Deserialization of Untrusted Data
|
CVE-2019-9212
|
2024-11-21 13:51 |
2019-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
