|
223771
|
7.5 |
HIGH
Network
|
sudo
|
sudo
|
In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to…
|
NVD-CWE-noinfo
|
CVE-2019-19234
|
2024-11-21 13:34 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223772
|
7.5 |
HIGH
Network
|
sudo
|
sudo
|
In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The so…
|
NVD-CWE-noinfo
|
CVE-2019-19232
|
2024-11-21 13:34 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223773
|
7.0 |
HIGH
Local
|
asus
|
atk_package
|
AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular pa…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-19235
|
2024-11-21 13:34 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223774
|
5.4 |
MEDIUM
Network
|
altn
|
mdaemon_email_server
|
MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19497
|
2024-11-21 13:34 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223775
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and n…
|
NVD-CWE-noinfo
|
CVE-2019-19241
|
2024-11-21 13:34 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223776
|
7.1 |
HIGH
Local
|
nalpeiron
|
licensing_service
|
NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitro PDF and other products, allows Elevation of Privilege via the \\.\mailslot\nlsX86ccMailslot mailslot.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-19315
|
2024-11-21 13:34 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223777
|
7.5 |
HIGH
Network
|
simplifile
|
recordfusion
|
In Simplifile RecordFusion through 2019-11-25, the logs and hist parameters allow remote attackers to access local files via a logger/logs?/../ or logger/hist?/../ URI.
|
CWE-22
Path Traversal
|
CVE-2019-19264
|
2024-11-21 13:34 |
2019-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223778
|
6.1 |
MEDIUM
Network
|
maxum
|
rumpus
|
A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary J…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19368
|
2024-11-21 13:34 |
2019-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223779
|
7.5 |
HIGH
Network
|
nic
debian
|
knot_resolver
debian_linux
|
knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2019-19331
|
2024-11-21 13:34 |
2019-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223780
|
7.5 |
HIGH
Network
|
huawei
|
s12700_firmware
s1700_firmware
s2700_firmware
s5700_firmware
s6700_firmware
s7700_firmware
s9700_firmware
|
There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks.
|
NVD-CWE-noinfo
|
CVE-2019-19397
|
2024-11-21 13:34 |
2019-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
