CVE-2019-16916

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue for the designated product. Notes: none.

Source: CVE-2019-16916

CVE-2019-17040

contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled.

Source: CVE-2019-17040

CVE-2019-16999

CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI.

Source: CVE-2019-16999

CVE-2019-16996

In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.

Source: CVE-2019-16996

CVE-2019-16997

In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.

Source: CVE-2019-16997

CVE-2019-16995

In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.

Source: CVE-2019-16995

CVE-2019-16994

In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.

Source: CVE-2019-16994

CVE-2019-16414

A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim’s cleartext credentials to an attacker via a login/?reason=failure&NTLM= URI.

Source: CVE-2019-16414

CVE-2019-14752

SuiteCRM 7.10.x and 7.11.x has XSS.

Source: CVE-2019-14752

CVE-2019-16744

eBrigade before 5.0 has evenements.php cid SQL Injection.

Source: CVE-2019-16744