|
226261
|
5.5 |
MEDIUM
Local
|
linux
netapp
|
linux_kernel
cloud_backup
steelstore_cloud_integrated_storage
data_availability_services
solidfire_\&_hci_management_node
active_iq_unified_manager
solidfire_baseboard_managemen…
|
In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-20054
|
2024-11-21 13:37 |
2019-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226262
|
9.8 |
CRITICAL
Network
|
al-enterprise
|
omnivista_4760
|
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal (which helps to bypass authentication) with an insecure file upload…
|
NVD-CWE-Other
|
CVE-2019-20049
|
2024-11-21 13:37 |
2019-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226263
|
7.2 |
HIGH
Network
|
al-enterprise
|
omnivista_8770
|
An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-20048
|
2024-11-21 13:37 |
2019-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226264
|
7.5 |
HIGH
Network
|
al-enterprise
|
omnivista_4760
omnivista_8770
|
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-20047
|
2024-11-21 13:37 |
2019-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226265
|
4.3 |
MEDIUM
Network
|
wordpress
debian
|
wordpress
debian_linux
|
In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or…
|
CWE-269
Improper Privilege Management
|
CVE-2019-20043
|
2024-11-21 13:37 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226266
|
6.1 |
MEDIUM
Network
|
wordpress
debian
|
wordpress
debian_linux
|
In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has b…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20042
|
2024-11-21 13:37 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226267
|
9.8 |
CRITICAL
Network
|
wordpress
debian
|
wordpress
debian_linux
|
wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript&colo…
|
CWE-20
Improper Input Validation
|
CVE-2019-20041
|
2024-11-21 13:37 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226268
|
5.5 |
MEDIUM
Local
|
upx_project
fedoraproject
|
upx
fedora
|
A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-20021
|
2024-11-21 13:37 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226269
|
6.5 |
MEDIUM
Network
|
matio_project
|
matio
|
A stack-based buffer over-read was discovered in ReadNextStructField in mat5.c in matio 1.5.17.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-20020
|
2024-11-21 13:37 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226270
|
6.5 |
MEDIUM
Network
|
matio_project
|
matio
|
An attempted excessive memory allocation was discovered in Mat_VarRead5 in mat5.c in matio 1.5.17.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-20019
|
2024-11-21 13:37 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
