|
222231
|
8.1 |
HIGH
Network
|
skymee
petwant
|
petalk_ai_firmware
pf-103_firmware
|
Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user.
|
CWE-347
CWE-319
Improper Verification of Cryptographic Signature
Cleartext Transmission of Sensitive Information
|
CVE-2019-16732
|
2024-11-21 13:31 |
2019-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222232
|
7.5 |
HIGH
Network
|
skymee
petwant
|
petalk_ai_firmware
pf-103_firmware
|
The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-16731
|
2024-11-21 13:31 |
2019-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222233
|
9.8 |
CRITICAL
Network
|
skymee
petwant
|
petalk_ai_firmware
pf-103_firmware
|
processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
|
CWE-78
OS Command
|
CVE-2019-16730
|
2024-11-21 13:31 |
2019-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222234
|
7.5 |
HIGH
Network
|
egain
|
mail
|
The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d…
|
CWE-74
Injection
|
CVE-2019-17123
|
2024-11-21 13:31 |
2019-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222235
|
9.8 |
CRITICAL
Network
|
phpfastcache
|
phpfastcache
|
In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-16774
|
2024-11-21 13:31 |
2019-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222236
|
6.5 |
MEDIUM
Network
|
npmjs
opensuse
oracle
fedoraproject
redhat
|
npm
leap
graalvm
fedora
enterprise_linux
enterprise_linux_eus
|
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For e…
|
CWE-269
Improper Privilege Management
|
CVE-2019-16777
|
2024-11-21 13:31 |
2019-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222237
|
8.1 |
HIGH
Network
|
npmjs
opensuse
oracle
fedoraproject
redhat
|
npm
leap
graalvm
fedora
enterprise_linux
enterprise_linux_eus
|
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly …
|
CWE-22
Path Traversal
|
CVE-2019-16776
|
2024-11-21 13:31 |
2019-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222238
|
6.5 |
MEDIUM
Network
|
redhat
npmjs
opensuse
oracle
fedoraproject
|
enterprise_linux
enterprise_linux_eus
npm
leap
graalvm
fedora
|
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon…
|
-
|
CVE-2019-16775
|
2024-11-21 13:31 |
2019-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222239
|
7.5 |
HIGH
Network
|
microfocus
|
acutoweb
|
Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system runn…
|
NVD-CWE-noinfo
|
CVE-2019-17087
|
2024-11-21 13:31 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222240
|
6.1 |
MEDIUM
Network
|
serialize-to-js_project
|
serialize-to-js
|
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulne…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16772
|
2024-11-21 13:31 |
2019-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
