CVE-2019-9917
ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.
Source: CVE-2019-9917
[월:] 2019년 03월
CVE-2019-10125
CVE-2019-10125
An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.
Source: CVE-2019-10125
CVE-2019-10124
CVE-2019-10124
An issue was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel before 5.0.4. When soft_offline_in_use_page() runs on a thp tail page after pmd is split, an attacker can cause a denial of service (BUG).
Source: CVE-2019-10124
CVE-2019-10118
CVE-2019-10118
Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user’s last name in the API.
Source: CVE-2019-10118
CVE-2016-10744
CVE-2016-10744
In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.
Source: CVE-2016-10744
CVE-2019-7167
CVE-2019-7167
Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a consistency check, and consequently transform the proof of one statement into an ostensibly valid proof of a different statement, thereby breaking the soundness of the proof system. This misled the original Sprout zk-SNARK verifier into accepting the correctness of a transaction.
Source: CVE-2019-7167
CVE-2019-1571
CVE-2019-1571
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings.
Source: CVE-2019-1571
CVE-2019-1569
CVE-2019-1569
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user.
Source: CVE-2019-1569
CVE-2019-10105
CVE-2019-10105
CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager.
Source: CVE-2019-10105
CVE-2019-10107
CVE-2019-10107
CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section.
Source: CVE-2019-10107