|
226401
|
5.4 |
MEDIUM
Network
|
openwrt
|
openwrt
|
LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID.
|
CWE-79
Cross-site Scripting
|
CVE-2019-25015
|
2024-11-21 13:39 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226402
|
5.9 |
MEDIUM
Network
|
gnu
fedoraproject
netapp
broadcom
debian
|
glibc
fedora
ontap_select_deploy_administration_utility
service_processor
fabric_operating_system
a250_firmware
500f_firmware
debian_linux
|
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-25013
|
2024-11-21 13:39 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226403
|
7.5 |
HIGH
Network
|
webform_report_project
|
webform_report
|
The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-25012
|
2024-11-21 13:39 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226404
|
5.4 |
MEDIUM
Network
|
netbox
|
netbox
|
NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments.
|
CWE-79
Cross-site Scripting
|
CVE-2019-25011
|
2024-11-21 13:39 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226405
|
9.8 |
CRITICAL
Network
|
failure_project
|
failure
|
An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when __private_get_type_id__ is overridden.
|
CWE-843
Type Confusion
|
CVE-2019-25010
|
2024-11-21 13:39 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226406
|
9.8 |
CRITICAL
Network
|
hyper
|
http
|
An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness.
|
CWE-415
Double Free
|
CVE-2019-25009
|
2024-11-21 13:39 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226407
|
7.5 |
HIGH
Network
|
streebog_project
|
streebog
|
An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic.
|
NVD-CWE-noinfo
|
CVE-2019-25007
|
2024-11-21 13:39 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226408
|
7.5 |
HIGH
Network
|
streebog_project
|
streebog
|
An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2019-25006
|
2024-11-21 13:39 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226409
|
7.5 |
HIGH
Network
|
chacha20_project
|
chacha20
|
An issue was discovered in the chacha20 crate before 0.2.3 for Rust. A ChaCha20 counter overflow makes it easier for attackers to determine plaintext.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-25005
|
2024-11-21 13:39 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226410
|
9.8 |
CRITICAL
Network
|
google
|
flatbuffers
|
An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness.
|
NVD-CWE-noinfo
|
CVE-2019-25004
|
2024-11-21 13:39 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
