|
220141
|
9.8 |
CRITICAL
Network
|
vmware
oracle
|
spring_integration
retail_customer_management_and_segmentation_foundation
|
Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) …
|
CWE-611
XXE
|
CVE-2019-3772
|
2024-11-21 13:42 |
2019-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220142
|
9.1 |
CRITICAL
Network
|
crestron
|
airmedia_am-100_firmware
|
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrato…
|
NVD-CWE-noinfo
|
CVE-2019-3910
|
2024-11-21 13:42 |
2019-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220143
|
9.8 |
CRITICAL
Network
|
identicard
|
premisys_id
|
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2019-3909
|
2024-11-21 13:42 |
2019-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220144
|
7.5 |
HIGH
Network
|
identicard
|
premisys_id
|
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and o…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-3908
|
2024-11-21 13:42 |
2019-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220145
|
7.5 |
HIGH
Network
|
identicard
|
premisys_id
|
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2019-3907
|
2024-11-21 13:42 |
2019-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220146
|
8.8 |
HIGH
Network
|
identicard
|
premisys_id
|
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-3906
|
2024-11-21 13:42 |
2019-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220147
|
9.8 |
CRITICAL
Network
|
facebook
|
hhvm
|
The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as stream_get_line…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-3557
|
2024-11-21 13:42 |
2019-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220148
|
5.9 |
MEDIUM
Network
|
facebook
|
wangle
|
Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections. This affects …
|
CWE-19
Data Processing Errors
|
CVE-2019-3554
|
2024-11-21 13:42 |
2019-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220149
|
5.2 |
MEDIUM
Adjacent
|
fedoraproject
debian
opensuse
redhat
|
sssd
debian_linux
fedora
leap
enterprise_linux
|
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could imp…
|
NVD-CWE-Other
|
CVE-2019-3811
|
2024-11-21 13:42 |
2019-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220150
|
7.5 |
HIGH
Network
|
pivotal_software
|
concourse
|
Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login flow. A remote attacker who gains access to a user's browser history could obtain the access token…
|
CWE-200
Information Exposure
|
CVE-2019-3803
|
2024-11-21 13:42 |
2019-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
