|
225521
|
6.5 |
MEDIUM
Network
|
digium
debian
|
certified_asterisk
asterisk
debian_linux
|
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sen…
|
CWE-862
Missing Authorization
|
CVE-2019-18790
|
2024-11-21 13:33 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225522
|
8.8 |
HIGH
Network
|
pagekit
|
pagekit
|
A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request.
|
CWE-352
Origin Validation Error
|
CVE-2019-19013
|
2024-11-21 13:33 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225523
|
9.8 |
CRITICAL
Network
|
zulip
|
zulip_server
|
In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an …
|
NVD-CWE-noinfo
|
CVE-2019-18933
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225524
|
9.8 |
CRITICAL
Network
|
sensiolabs
fedoraproject
|
symfony
fedora
|
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is rel…
|
CWE-94
Code Injection
|
CVE-2019-18889
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225525
|
7.5 |
HIGH
Network
|
sensiolabs
fedoraproject
|
symfony
fedora
|
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIM…
|
CWE-88
Argument Injection
|
CVE-2019-18888
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225526
|
8.1 |
HIGH
Network
|
sensiolabs
fedoraproject
|
symfony
fedora
|
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/h…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-18887
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225527
|
9.8 |
CRITICAL
Network
|
sangoma
|
freepbx
|
Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
|
CWE-287
Improper Authentication
|
CVE-2019-19006
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225528
|
6.5 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query.
|
CWE-89
SQL Injection
|
CVE-2019-18890
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225529
|
5.3 |
MEDIUM
Network
|
sensiolabs
|
symfony
|
An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthor…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-18886
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225530
|
9.8 |
CRITICAL
Network
|
hotkeyp_project
|
hotkeyp
|
HotkeyP through 4.9 r96 allows privilege escalation in the privilege function in Commands.cpp.
|
NVD-CWE-noinfo
|
CVE-2019-18349
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
