|
224091
|
4.7 |
MEDIUM
Local
|
wolfssl
|
wolfssl
|
wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local att…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-13628
|
2024-11-21 13:25 |
2019-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224092
|
9.8 |
CRITICAL
Network
|
umbraco
|
umbraco
|
In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter.
|
CWE-89
SQL Injection
|
CVE-2019-13957
|
2024-11-21 13:25 |
2019-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224093
|
9.8 |
CRITICAL
Network
|
broadcom
|
network_flow_analysis
|
CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-13658
|
2024-11-21 13:25 |
2019-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224094
|
5.3 |
MEDIUM
Network
|
honeywell
|
hbd3pr2_firmware
h4d3prv3_firmware
hed3pr3_firmware
h4d3prv2_firmware
hbd3pr1_firmware
h4w8pr2_firmware
hbw8pr2_firmware
h2w2pc1m_firmware
h2w4per3_firmware
h2w2per3_firmwa…
|
In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-13523
|
2024-11-21 13:25 |
2019-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224095
|
6.3 |
MEDIUM
Local
|
canonical
opensuse
libgcrypt20_project
|
ubuntu_linux
leap
libgcrypt20
|
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-13627
|
2024-11-21 13:25 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224096
|
4.4 |
MEDIUM
Local
|
tridium
|
niagara_ax
niagara4
|
A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000), an…
|
NVD-CWE-noinfo
|
CVE-2019-13528
|
2024-11-21 13:25 |
2019-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224097
|
7.8 |
HIGH
Local
|
rockwellautomation
|
arena_simulation_software
|
In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that h…
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2019-13527
|
2024-11-21 13:25 |
2019-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224098
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess
|
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a syst…
|
CWE-94
Code Injection
|
CVE-2019-13558
|
2024-11-21 13:25 |
2019-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224099
|
8.8 |
HIGH
Network
|
advantech
|
webaccess
|
In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulner…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-13556
|
2024-11-21 13:25 |
2019-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224100
|
8.8 |
HIGH
Network
|
advantech
|
webaccess
|
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code…
|
CWE-77
Command Injection
|
CVE-2019-13552
|
2024-11-21 13:25 |
2019-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
