|
226151
|
9.1 |
CRITICAL
Network
|
freedesktop
debian
canonical
opensuse
|
libbsd
debian_linux
ubuntu_linux
leap
|
nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).
|
CWE-125
Out-of-bounds Read
|
CVE-2019-20367
|
2024-11-21 13:38 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226152
|
6.1 |
MEDIUM
Network
|
igniterealtime
|
openfire
|
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20366
|
2024-11-21 13:38 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226153
|
6.1 |
MEDIUM
Network
|
igniterealtime
|
openfire
|
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20365
|
2024-11-21 13:38 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226154
|
6.1 |
MEDIUM
Network
|
igniterealtime
|
openfire
|
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cacheName to SystemCacheDetails.jsp.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20364
|
2024-11-21 13:38 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226155
|
6.1 |
MEDIUM
Network
|
igniterealtime
|
openfire
|
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20363
|
2024-11-21 13:38 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226156
|
7.8 |
HIGH
Local
|
teradici
|
pcoip_standard_agent
pcoip_graphics_agent
pcoip_client
|
In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can cause execution of %PROGRAMFILES(X86)%\Teradici\PCoIP.exe instead of the intended pcoip_vchan_prin…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2019-20362
|
2024-11-21 13:38 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226157
|
9.8 |
CRITICAL
Network
|
icegram
|
email_subscribers_\&_newsletters
|
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerabi…
|
CWE-89
SQL Injection
|
CVE-2019-20361
|
2024-11-21 13:38 |
2020-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226158
|
7.5 |
HIGH
Network
|
givewp
|
givewp
|
A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresse…
|
CWE-287
Improper Authentication
|
CVE-2019-20360
|
2024-11-21 13:38 |
2020-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226159
|
6.8 |
MEDIUM
Physics
|
okerthai
|
g232v1_firmware
|
OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to interrupt the boot sequence in or…
|
CWE-78
OS Command
|
CVE-2019-20348
|
2024-11-21 13:38 |
2020-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226160
|
9.8 |
CRITICAL
Network
|
mojohaus
|
exec_maven
|
The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in an execut…
|
CWE-94
Code Injection
|
CVE-2019-20343
|
2024-11-21 13:38 |
2020-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
