|
219061
|
9.8 |
CRITICAL
Network
|
gliderlabs
opensuse
f5
|
docker-alpine
leap
big-ip_controller
|
Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 201…
|
NVD-CWE-Other
|
CVE-2019-5021
|
2024-11-21 13:44 |
2019-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219062
|
6.5 |
MEDIUM
Adjacent
|
wincofireworks
|
fw-1007_firmware
|
An exploitable improper access control vulnerability exists in the bluetooth low energy functionality of Winco Fireworks FireFly FW-1007 V2.0. An attacker can connect to the device to trigger this vu…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-5014
|
2024-11-21 13:44 |
2019-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219063
|
5.4 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) …
|
CWE-601
Open Redirect
|
CVE-2019-5433
|
2024-11-21 13:44 |
2019-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219064
|
7.5 |
HIGH
Network
|
mqtt-packet_project
|
mqtt-packet
|
A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-5432
|
2024-11-21 13:44 |
2019-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219065
|
8.8 |
HIGH
Network
|
ui
|
unifi_video
|
In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker t…
|
CWE-352
Origin Validation Error
|
CVE-2019-5430
|
2024-11-21 13:44 |
2019-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219066
|
9.8 |
CRITICAL
Network
|
revive-sas
|
revive_adserver
|
An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability c…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-5434
|
2024-11-21 13:44 |
2019-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219067
|
5.4 |
MEDIUM
Network
|
twitter
|
twitter_kit
|
This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions 3.0 to 3.4.0 is vulnerable to a callback verification flaw in the "Login with Twitter" component allo…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2019-5431
|
2024-11-21 13:44 |
2019-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219068
|
7.8 |
HIGH
Local
|
filezilla-project
debian
fedoraproject
|
filezilla_client
debian_linux
fedora
|
Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.
|
CWE-426
Untrusted Search Path
|
CVE-2019-5429
|
2024-11-21 13:44 |
2019-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219069
|
7.5 |
HIGH
Network
|
mchange
fedoraproject
oracle
|
c3p0
fedora
retail_xstore_point_of_service
flexcube_private_banking
webcenter_sites
communications_ip_service_activator
hyperion_infrastructure_technology
enterprise_manager_ops_…
|
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
|
CWE-776
XML Entity Expansion
|
CVE-2019-5427
|
2024-11-21 13:44 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219070
|
7.5 |
HIGH
Network
|
qemu
|
qemu
|
hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-5008
|
2024-11-21 13:44 |
2019-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
