CVE-2019-16236
Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala.
Source: CVE-2019-16236
[월:] 2019년 09월
CVE-2019-13473
CVE-2019-13473
TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have an undocumented TELNET service within the BusyBox subsystem, leading to root access.
Source: CVE-2019-13473
CVE-2019-16237
CVE-2019-16237
Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala.
Source: CVE-2019-16237
CVE-2019-14936
CVE-2019-14936
Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash).
Source: CVE-2019-14936
CVE-2019-16235
CVE-2019-16235
Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala.
Source: CVE-2019-16235
CVE-2019-9488
CVE-2019-9488
Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM).
Source: CVE-2019-9488
CVE-2019-11777
CVE-2019-11777
In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.
Source: CVE-2019-11777
CVE-2019-16098
CVE-2019-16098
The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.
Source: CVE-2019-16098
CVE-2019-16233
CVE-2019-16233
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
Source: CVE-2019-16233
CVE-2019-16230
CVE-2019-16230
drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
Source: CVE-2019-16230