CVE-2019-10239
Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently, which allows locally authenticated attackers (under the same user context) to obtain cleartext credentials of the stored account.
Source: CVE-2019-10239
[월:] 2019년 04월
CVE-2019-11032
CVE-2019-11032
In EasyToRecruit (E2R) before 2.11, the upload feature and the Candidate Profile Management feature are prone to Cross Site Scripting (XSS) injection in multiple locations.
Source: CVE-2019-11032
CVE-2019-11081
CVE-2019-11081
A default username and password in Dentsply Sirona Sidexis 4.2 and possibly others allows an attacker to gain administrative access to the application server.
Source: CVE-2019-11081
CVE-2019-9724
CVE-2019-9724
aquaverde Aquarius CMS through 4.3.5 allows Information Exposure through Log Files because of an error in the Log-File writer component.
Source: CVE-2019-9724
CVE-2019-11498
CVE-2019-11498
WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.
Source: CVE-2019-11498
CVE-2019-11490
CVE-2019-11490
An issue was discovered in Npcap 0.992. Sending a malformed .pcap file with the loopback adapter using either pcap_sendqueue_queue() or pcap_sendqueue_transmit() results in kernel pool corruption. This could lead to arbitrary code executing inside the Windows kernel and allow escalation of privileges.
Source: CVE-2019-11490
CVE-2019-11486
CVE-2019-11486
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
Source: CVE-2019-11486
CVE-2019-11487
CVE-2019-11487
The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.
Source: CVE-2019-11487
CVE-2019-10688
CVE-2019-10688
VVX products using UCS software version 5.8.0 and earlier with Better Together over Ethernet Connector (BToE) application version 3.8.0 and earlier uses hard-coded credentials to establish a connection between the host application and device.
Source: CVE-2019-10688
CVE-2018-7576
CVE-2018-7576
Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent.
Source: CVE-2018-7576