6046 matches found
CVE-2019-17056
llcpsockcreate in net/nfc/llcpsock.c in the AFNFC network module in the Linux kernel through 5.3.2 does not enforce CAPNETRAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176...
UBUNTU-CVE-2019-17052
ax25create in net/ax25/afax25.c in the AFAX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAPNETRAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768...
UBUNTU-CVE-2019-17054
atalkcreate in net/appletalk/ddp.c in the AFAPPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAPNETRAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c...
PT-2019-6419 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to errors in memory release in the dcn create resource pool function of the Linux kernel, which can lead to a memory leak. This can be exploited by a remote attack...
CVE-2019-16664
ThinkSAAS 2.91 is affected by CVE-2019-16664: an XSS via the parameter groupname in index.php?app=group&ac=create&ts=do. Root cause described across sources is insufficient sanitization of the groupname input, enabling cross-site scripting. Affected product/version: ThinkSAAS 2.91. The Red Hat ad...
CVE-2019-16293
The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field...
CVE-2019-16293
The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field...
CVE-2019-16293
Open-AudIT is affected by CVE-2019-16293 for versions prior to 3.2.0. The issue arises in the Create Discoveries feature, allowing an authenticated attacker to execute arbitrary OS commands by injecting a crafted value into a URL field. The Red Hat advisory confirms the same description. The avai...
CVE-2019-16293
The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field...
Node.js third-party modules: [create-git] RCE via insecure command formatting
The create-git NPM module was vulnerable against command injection which was possible since some user supplied inputs were concatenated without proper checks inside a exec call, which made possible executing arbitrary commands besides the git one which is used by the tool. The PoC resulted in: js...
PT-2019-6283 · Nlnet +5 · Unbound +5
Name of the Vulnerable Software and Affected Versions: Unbound versions prior to 1.9.5 Description: The issue is related to insufficient neutralization of special elements in a request, which can be exploited by a remote attacker to impact data integrity. This can occur upon a successful...
Cross site request forgery (csrf)
MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...
CVE-2019-15496
MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...
CVE-2019-15496
The CVE-2019-15496 entry concerns MyT Project Management 1.5.1, which reportedly lacks CSRF protection and enables a CSRF attack that could trick an administrator into executing arbitrary code via a crafted HTML page. The connected sources confirm the affected product/version and the underlying i...
Atlassian Jira Cross-Site Request Forgery Vulnerability (CNVD-2019-30064)
Jira is a tool developed by Australian company Atlassian for defect tracking, issue tracking and project management. A cross-site request forgery vulnerability exists in the AddResolution.jspa resource in Jira. A remote attacker could exploit the vulnerability to create new solutions...
Cross site scripting
An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known b...
CVE-2019-15316
Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation to NT AUTHORITY\SYSTEM via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition...
CVE-2019-15229
FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...
CVE-2019-15229
FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...
Design/Logic Flaw
FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors...