CVE-2019-15117
parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.
Source: CVE-2019-15117
[월:] 2019년 08월
CVE-2018-13884
CVE-2018-13884
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
Source: CVE-2018-13884
CVE-2017-18548
CVE-2017-18548
The note-press plugin before 0.1.2 for WordPress has SQL injection.
Source: CVE-2017-18548
CVE-2016-10904
CVE-2016-10904
The olimometer plugin before 2.57 for WordPress has SQL injection.
Source: CVE-2016-10904
CVE-2015-9325
CVE-2015-9325
The visitors-online plugin before 0.4 for WordPress has SQL injection.
Source: CVE-2015-9325
CVE-2019-15091
CVE-2019-15091
filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.
Source: CVE-2019-15091
CVE-2019-14923
CVE-2019-14923
EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field.
Source: CVE-2019-14923
CVE-2019-15108
CVE-2019-15108
An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.
Source: CVE-2019-15108
CVE-2018-20969
CVE-2018-20969
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
Source: CVE-2018-20969
CVE-2019-15106
CVE-2019-15106
An issue was discovered in Zoho ManageEngine OpManager through 12.4x. One can bypass the user password requirement and execute commands on the server. The "username+’@opm’ string is used for the password. For example, if the username is admin, the password is admin@opm.
Source: CVE-2019-15106