|
225201
|
5.5 |
MEDIUM
Local
|
linux
netapp
canonical
opensuse
debian
|
linux_kernel
active_iq_unified_manager
solidfire
hci_management_node
hci_storage_node
hci_compute_node
ubuntu_linux
leap
debian_linux
|
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19462
|
2024-11-21 13:34 |
2019-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225202
|
5.5 |
MEDIUM
Local
|
gnome
fedoraproject
opensuse
|
dia
fedora
leap
|
When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this …
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-19451
|
2024-11-21 13:34 |
2019-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225203
|
7.5 |
HIGH
Network
|
omniosce
|
omnios
|
illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet…
|
CWE-20
Improper Input Validation
|
CVE-2019-19396
|
2024-11-21 13:34 |
2019-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225204
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-19378
|
2024-11-21 13:34 |
2019-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225205
|
7.8 |
HIGH
Local
|
linux
netapp
|
linux_kernel
cloud_backup
steelstore_cloud_integrated_storage
active_iq_unified_manager
solidfire_baseboard_management_controller
|
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.
|
CWE-416
Use After Free
|
CVE-2019-19377
|
2024-11-21 13:34 |
2019-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225206
|
9.1 |
CRITICAL
Network
|
luajit
moonjit_project
|
luajit
moonjit
|
In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases in…
|
CWE-843
Type Confusion
|
CVE-2019-19391
|
2024-11-21 13:34 |
2019-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225207
|
6.1 |
MEDIUM
Network
|
fusionpbx
|
fusionpbx
|
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19388
|
2024-11-21 13:34 |
2019-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225208
|
6.1 |
MEDIUM
Network
|
fusionpbx
|
fusionpbx
|
A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19387
|
2024-11-21 13:34 |
2019-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225209
|
6.1 |
MEDIUM
Network
|
fusionpbx
|
fusionpbx
|
A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or v…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19386
|
2024-11-21 13:34 |
2019-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225210
|
6.1 |
MEDIUM
Network
|
fusionpbx
|
fusionpbx
|
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19385
|
2024-11-21 13:34 |
2019-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
