|
222821
|
6.5 |
MEDIUM
Network
|
pivotal_software
oracle
|
spring_security_oauth
banking_corporate_lending
|
Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector …
|
CWE-601
Open Redirect
|
CVE-2019-3778
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222822
|
5.4 |
MEDIUM
Network
|
pivotal_software
|
operations_manager
|
Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vu…
|
CWE-79
Cross-site Scripting
|
CVE-2019-3776
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222823
|
6.5 |
MEDIUM
Network
|
cloudfoundry
|
uaa_release
|
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a …
|
CWE-287
Improper Authentication
|
CVE-2019-3775
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222824
|
8.8 |
HIGH
Adjacent
|
dell
|
wyse_thinlinux_hagent
windows_embedded_standard_wyse_device_agent
|
Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. An unauthenticated attacker may potentiall…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-3712
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222825
|
6.5 |
MEDIUM
Network
|
samba
debian
canonical
|
samba
debian_linux
ubuntu_linux
|
A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the L…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-3824
|
2024-11-21 13:42 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222826
|
9.8 |
CRITICAL
Network
|
nokia
|
i-240w-q_gpon_ont_firmware
|
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponFo…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-3922
|
2024-11-21 13:42 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222827
|
8.8 |
HIGH
Network
|
nokia
|
i-240w-q_gpon_ont_firmware
|
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-3921
|
2024-11-21 13:42 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222828
|
8.8 |
HIGH
Network
|
nokia
|
i-240w-q_gpon_ont_firmware
|
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponF…
|
CWE-77
Command Injection
|
CVE-2019-3920
|
2024-11-21 13:42 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222829
|
8.8 |
HIGH
Network
|
nokia
|
i-240w-q_gpon_ont_firmware
|
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restor…
|
CWE-77
Command Injection
|
CVE-2019-3919
|
2024-11-21 13:42 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222830
|
9.8 |
CRITICAL
Network
|
nokia
|
i-240w-q_gpon_ont_firmware
|
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-3918
|
2024-11-21 13:42 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
