|
223501
|
7.8 |
HIGH
Local
|
qemu
debian
opensuse
canonical
|
qemu
debian_linux
leap
ubuntu_linux
|
qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL …
|
NVD-CWE-noinfo
|
CVE-2019-13164
|
2024-11-21 13:24 |
2019-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223502
|
7.5 |
HIGH
Network
|
calamares
|
calamares
|
Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mode 0600 owned by root) to /boot within a globally readable initramfs image with insecure permissions…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-13179
|
2024-11-21 13:24 |
2019-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223503
|
8.1 |
HIGH
Network
|
calamares
|
calamares
|
modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set.
|
CWE-362
Race Condition
|
CVE-2019-13178
|
2024-11-21 13:24 |
2019-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223504
|
9.8 |
CRITICAL
Network
|
django-rest-registration_project
|
django-rest-registration
|
verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2019-13177
|
2024-11-21 13:24 |
2019-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223505
|
6.1 |
MEDIUM
Network
|
readthedocs
|
read_the_docs
|
Read the Docs before 3.5.1 has an Open Redirect if certain user-defined redirects are used. This affects private instances of Read the Docs (in addition to the public readthedocs.org web sites).
|
CWE-601
Open Redirect
|
CVE-2019-13175
|
2024-11-21 13:24 |
2019-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223506
|
7.5 |
HIGH
Network
|
fstream_project
|
fstream
|
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will over…
|
CWE-59
Link Following
|
CVE-2019-13173
|
2024-11-21 13:24 |
2019-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223507
|
8.8 |
HIGH
Network
|
cyberpanel
|
cyberpanel
|
An issue was discovered in CyberPanel through 1.8.4. On the user edit page, an attacker can edit the administrator's e-mail and password because of the lack of CSRF protection.
|
CWE-352
Origin Validation Error
|
CVE-2019-13056
|
2024-11-21 13:24 |
2019-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223508
|
8.8 |
HIGH
Network
|
trendnet
|
tew-827dru_firmware
|
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server.
|
CWE-78
OS Command
|
CVE-2019-13155
|
2024-11-21 13:24 |
2019-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223509
|
8.8 |
HIGH
Network
|
trendnet
|
tew-827dru_firmware
|
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule.
|
CWE-78
OS Command
|
CVE-2019-13154
|
2024-11-21 13:24 |
2019-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223510
|
8.8 |
HIGH
Network
|
trendnet
|
tew-827dru_firmware
|
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server.
|
CWE-78
OS Command
|
CVE-2019-13153
|
2024-11-21 13:24 |
2019-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
