|
222941
|
8.1 |
HIGH
Network
|
bitdefender
|
box_2_firmware
|
An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks a…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2019-17102
|
2024-11-21 13:31 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222942
|
6.5 |
MEDIUM
Local
|
bitdefender
|
total_security_2020
|
An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Sec…
|
CWE-426
Untrusted Search Path
|
CVE-2019-17100
|
2024-11-21 13:31 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222943
|
7.8 |
HIGH
Local
|
fasttracksoftware
|
admin_by_request
|
FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access…
|
CWE-269
Improper Privilege Management
|
CVE-2019-17202
|
2024-11-21 13:31 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222944
|
7.8 |
HIGH
Local
|
fasttracksoftware
|
admin_by_request
|
FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using …
|
NVD-CWE-noinfo
|
CVE-2019-17201
|
2024-11-21 13:31 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222945
|
7.5 |
HIGH
Network
|
agendaless
oracle
debian
|
waitress
communications_cloud_native_core_network_function_cloud_native_environment
debian_linux
|
Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now c…
|
CWE-444
HTTP Request Smuggling
|
CVE-2019-16792
|
2024-11-21 13:31 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222946
|
5.9 |
MEDIUM
Network
|
postfix-mta-sts-resolver_project
|
postfix-mta-sts-resolver
|
In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.
|
NVD-CWE-Other
|
CVE-2019-16791
|
2024-11-21 13:31 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222947
|
6.1 |
MEDIUM
Network
|
solarwinds
|
orion_platform
|
A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and esca…
|
CWE-79
Cross-site Scripting
|
CVE-2019-17127
|
2024-11-21 13:31 |
2020-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222948
|
6.1 |
MEDIUM
Network
|
solarwinds
|
orion_platform
|
A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the An…
|
CWE-79
Cross-site Scripting
|
CVE-2019-17125
|
2024-11-21 13:31 |
2020-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222949
|
7.8 |
HIGH
Local
|
pyinstaller
|
pyinstaller
|
In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a p…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-16784
|
2024-11-21 13:31 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222950
|
8.8 |
HIGH
Network
|
mozilla
canonical
|
firefox
ubuntu_linux
|
Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-17025
|
2024-11-21 13:31 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
