|
222421
|
9.8 |
CRITICAL
Network
|
zingbox
|
inspector
|
A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result…
|
CWE-346
Origin Validation Error
|
CVE-2019-15020
|
2024-11-21 13:27 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222422
|
9.8 |
CRITICAL
Network
|
zingbox
|
inspector
|
A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector.
|
CWE-20
Improper Input Validation
|
CVE-2019-15019
|
2024-11-21 13:27 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222423
|
7.5 |
HIGH
Network
|
zingbox
|
inspector
|
A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-15018
|
2024-11-21 13:27 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222424
|
8.4 |
HIGH
Local
|
zingbox
|
inspector
|
The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to t…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-15017
|
2024-11-21 13:27 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222425
|
8.8 |
HIGH
Network
|
zingbox
|
inspector
|
An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from…
|
CWE-89
SQL Injection
|
CVE-2019-15016
|
2024-11-21 13:27 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222426
|
8.4 |
HIGH
Local
|
zingbox
|
inspector
|
In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining acc…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-15015
|
2024-11-21 13:27 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222427
|
8.8 |
HIGH
Network
|
zingbox
|
inspector
|
A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI.
|
CWE-78
OS Command
|
CVE-2019-15014
|
2024-11-21 13:27 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222428
|
6.8 |
MEDIUM
Network
|
renpho
|
renpho
|
An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab (e.g., e…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-14808
|
2024-11-21 13:27 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222429
|
7.8 |
HIGH
Local
|
redhat
debian
opensuse
|
ansible_engine
debian_linux
leap
backports_sle
openstack
|
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin…
|
-
|
CVE-2019-14846
|
2024-11-21 13:27 |
2019-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222430
|
5.3 |
MEDIUM
Adjacent
|
redhat
|
openshift
|
A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this …
|
-
|
CVE-2019-14845
|
2024-11-21 13:27 |
2019-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
