|
222871
|
8.8 |
HIGH
Network
|
identicard
|
premisys_id
|
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-3906
|
2024-11-21 13:42 |
2019-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222872
|
9.8 |
CRITICAL
Network
|
facebook
|
hhvm
|
The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as stream_get_line…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-3557
|
2024-11-21 13:42 |
2019-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222873
|
5.9 |
MEDIUM
Network
|
facebook
|
wangle
|
Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections. This affects …
|
CWE-19
Data Processing Errors
|
CVE-2019-3554
|
2024-11-21 13:42 |
2019-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222874
|
5.2 |
MEDIUM
Adjacent
|
fedoraproject
debian
opensuse
redhat
|
sssd
debian_linux
fedora
leap
enterprise_linux
|
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could imp…
|
NVD-CWE-Other
|
CVE-2019-3811
|
2024-11-21 13:42 |
2019-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222875
|
7.5 |
HIGH
Network
|
pivotal_software
|
concourse
|
Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a user's browser history could obtain the access token…
|
CWE-200
Information Exposure
|
CVE-2019-3803
|
2024-11-21 13:42 |
2019-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222876
|
6.5 |
MEDIUM
Network
|
djangoproject
debian
canonical
fedoraproject
|
django
debian_linux
ubuntu_linux
fedora
|
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defa…
|
CWE-74
Injection
|
CVE-2019-3498
|
2024-11-21 13:42 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222877
|
7.5 |
HIGH
Network
|
mcafee
|
mcafee_web_gateway
|
Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter.
|
CWE-20
Improper Input Validation
|
CVE-2019-3581
|
2024-11-21 13:42 |
2019-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222878
|
10.0 |
CRITICAL
Network
|
zohocorp
|
manageengine_adselfservice_plus
|
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-3905
|
2024-11-21 13:42 |
2019-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222879
|
7.8 |
HIGH
Local
|
sqla_yaml_fixtures_project
|
sqla_yaml_fixtures
|
Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load.
|
CWE-94
Code Injection
|
CVE-2019-3575
|
2024-11-21 13:42 |
2019-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222880
|
4.4 |
MEDIUM
Local
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dl…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-3701
|
2024-11-21 13:42 |
2019-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
