|
219281
|
8.0 |
HIGH
Adjacent
|
redhat
|
satellite
|
A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule…
|
NVD-CWE-Other
|
CVE-2019-3845
|
2024-11-21 13:42 |
2019-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219282
|
6.1 |
MEDIUM
Local
|
linux
redhat
|
linux_kernel
enterprise_linux
|
It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same n…
|
CWE-362
CWE-401
Race Condition
Missing Release of Memory after Effective Lifetime
|
CVE-2019-3837
|
2024-11-21 13:42 |
2019-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219283
|
7.2 |
HIGH
Network
|
verizon
|
fios_quantum_gateway_g1100_firmware
|
Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device …
|
CWE-78
OS Command
|
CVE-2019-3914
|
2024-11-21 13:42 |
2019-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219284
|
8.1 |
HIGH
Network
|
mikrotik
|
routeros
|
MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbo…
|
CWE-22
Path Traversal
|
CVE-2019-3943
|
2024-11-21 13:42 |
2019-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219285
|
7.5 |
HIGH
Adjacent
|
verizon
|
fios_quantum_gateway_g1100_firmware
|
Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2019-3915
|
2024-11-21 13:42 |
2019-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219286
|
4.4 |
MEDIUM
Local
|
mcafee
|
data_exchange_layer
threat_intelligence_exchange
|
Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text …
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2019-3612
|
2024-11-21 13:42 |
2019-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219287
|
7.0 |
HIGH
Local
|
systemd_project
redhat
fedoraproject
debian
|
systemd
enterprise_linux
fedora
debian_linux
|
In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular config…
|
CWE-863
Incorrect Authorization
|
CVE-2019-3842
|
2024-11-21 13:42 |
2019-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219288
|
7.5 |
HIGH
Network
|
advantech
|
webaccess
|
Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-3941
|
2024-11-21 13:42 |
2019-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219289
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess
|
Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-3940
|
2024-11-21 13:42 |
2019-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219290
|
4.9 |
MEDIUM
Network
|
theforeman
redhat
|
foreman
satellite
|
In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resour…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-3893
|
2024-11-21 13:42 |
2019-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
