|
219821
|
8.8 |
HIGH
Network
|
cloudfoundry
|
command_line_interface
|
Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to log…
|
CWE-200
Information Exposure
|
CVE-2019-3781
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219822
|
9.8 |
CRITICAL
Network
|
pivotal_software
|
application_service
|
Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL cert…
|
CWE-295
Improper Certificate Validation
|
CVE-2019-3777
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219823
|
6.5 |
MEDIUM
Network
|
pivotal_software
oracle
|
spring_security_oauth
banking_corporate_lending
|
Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector …
|
CWE-601
Open Redirect
|
CVE-2019-3778
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219824
|
5.4 |
MEDIUM
Network
|
pivotal_software
|
operations_manager
|
Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vu…
|
CWE-79
Cross-site Scripting
|
CVE-2019-3776
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219825
|
6.5 |
MEDIUM
Network
|
cloudfoundry
|
uaa_release
|
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a …
|
CWE-287
Improper Authentication
|
CVE-2019-3775
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219826
|
8.8 |
HIGH
Adjacent
|
dell
|
wyse_thinlinux_hagent
windows_embedded_standard_wyse_device_agent
|
Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. An unauthenticated attacker may potentiall…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-3712
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219827
|
6.5 |
MEDIUM
Network
|
samba
debian
canonical
|
samba
debian_linux
ubuntu_linux
|
A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the L…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-3824
|
2024-11-21 13:42 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219828
|
9.8 |
CRITICAL
Network
|
nokia
|
i-240w-q_gpon_ont_firmware
|
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponFo…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-3922
|
2024-11-21 13:42 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219829
|
8.8 |
HIGH
Network
|
nokia
|
i-240w-q_gpon_ont_firmware
|
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-3921
|
2024-11-21 13:42 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219830
|
8.8 |
HIGH
Network
|
nokia
|
i-240w-q_gpon_ont_firmware
|
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponF…
|
CWE-77
Command Injection
|
CVE-2019-3920
|
2024-11-21 13:42 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
