|
224261
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow i…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-18840
|
2024-11-21 13:33 |
2019-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224262
|
9.8 |
CRITICAL
Network
|
energycap
|
energycap
|
Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with acce…
|
CWE-269
Improper Privilege Management
|
CVE-2019-18623
|
2024-11-21 13:33 |
2019-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224263
|
9.8 |
CRITICAL
Network
|
matrix
|
synapse
|
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2019-18835
|
2024-11-21 13:33 |
2019-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224264
|
9.8 |
CRITICAL
Network
|
strapi
|
strapi
|
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2019-18818
|
2024-11-21 13:33 |
2019-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224265
|
5.5 |
MEDIUM
Local
|
eximioussoft
|
logo_designer
|
Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiCustomPathLib!ExiCustomPathLib::CGradientColorsProfile::BuildGradientColorsTable+0x0000000000000053.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-18821
|
2024-11-21 13:33 |
2019-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224266
|
5.5 |
MEDIUM
Local
|
eximioussoft
|
logo_designer
|
Eximious Logo Designer 3.82 has Heap Corruption starting at ntdll!RtlpNtMakeTemporaryKey+0x0000000000001a78.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-18820
|
2024-11-21 13:33 |
2019-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224267
|
5.5 |
MEDIUM
Local
|
eximioussoft
|
logo_designer
|
Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiVectorRender!StrokeText_Blend+0x00000000000003a7.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-18819
|
2024-11-21 13:33 |
2019-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224268
|
6.1 |
MEDIUM
Network
|
popojicms
|
popojicms
|
po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows post[1][content]= stored XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18816
|
2024-11-21 13:33 |
2019-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224269
|
6.1 |
MEDIUM
Network
|
popojicms
|
popojicms
|
PopojiCMS 2.0.1 allows refer= Open Redirection.
|
CWE-601
Open Redirect
|
CVE-2019-18815
|
2024-11-21 13:33 |
2019-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224270
|
9.8 |
CRITICAL
Network
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.
|
CWE-416
Use After Free
|
CVE-2019-18814
|
2024-11-21 13:33 |
2019-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
