|
221151
|
6.1 |
MEDIUM
Network
|
fortinet
|
fortiweb
|
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports g…
|
CWE-79
Cross-site Scripting
|
CVE-2019-5590
|
2024-11-21 13:45 |
2019-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221152
|
6.1 |
MEDIUM
Network
|
fortinet
|
fortinac
|
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a re…
|
CWE-79
Cross-site Scripting
|
CVE-2019-5594
|
2024-11-21 13:45 |
2019-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221153
|
5.9 |
MEDIUM
Network
|
fortinet
|
fortios_ips_engine
|
Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219,…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2019-5592
|
2024-11-21 13:45 |
2019-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221154
|
5.5 |
MEDIUM
Local
|
belwith-keeler
|
hickory_smart
|
An insecure storage of sensitive information vulnerability is present in Hickory Smart for iOS mobile devices from Belwith Products, LLC. The application's database was found to contain information t…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2019-5633
|
2024-11-21 13:45 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221155
|
7.5 |
HIGH
Network
|
belwith-keeler
|
hickory_smart_ethernet_bridge_firmware
|
A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data reveals that the Hickory Smart Ethernet Bridge de…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-5635
|
2024-11-21 13:45 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221156
|
4.3 |
MEDIUM
Physics
|
belwith-keeler
|
hickory_smart
|
An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and dir…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-5634
|
2024-11-21 13:45 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221157
|
5.5 |
MEDIUM
Local
|
belwith-keeler
|
hickory_smart
|
An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. The application's database was found to contain informati…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2019-5632
|
2024-11-21 13:45 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221158
|
8.8 |
HIGH
Network
|
rapid7
|
nexpose
|
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's p…
|
CWE-613
Insufficient Session Expiration
|
CVE-2019-5638
|
2024-11-21 13:45 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221159
|
7.8 |
HIGH
Local
|
rapid7
|
insightappsec
|
The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of the product. If exploited, a local user of the system (who must already be authenticated t…
|
CWE-426
Untrusted Search Path
|
CVE-2019-5631
|
2024-11-21 13:45 |
2019-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221160
|
9.8 |
CRITICAL
Network
|
nokogiri
canonical
debian
|
nokogiri
ubuntu_linux
debian_linux
|
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented met…
|
CWE-78
OS Command
|
CVE-2019-5477
|
2024-11-21 13:45 |
2019-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
