|
214271
|
6.5 |
MEDIUM
Network
|
axiosys
|
bento4
|
A heap-based buffer over-read occurs in AP4_BitStream::WriteBytes in Codecs/Ap4BitStream.cpp in Bento4 v1.5.1-627. Remote attackers could leverage this vulnerability to cause an exception via crafted…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-7699
|
2024-11-21 13:48 |
2019-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214272
|
6.5 |
MEDIUM
Network
|
axiosys
|
bento4
|
An issue was discovered in AP4_Array<AP4_CttsTableEntry>::EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-7698
|
2024-11-21 13:48 |
2019-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214273
|
6.5 |
MEDIUM
Network
|
axiosys
|
bento4
|
An issue was discovered in Bento4 v1.5.1-627. There is an assertion failure in AP4_AtomListWriter::Action in Core/Ap4Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42h…
|
CWE-617
Reachable Assertion
|
CVE-2019-7697
|
2024-11-21 13:48 |
2019-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214274
|
6.1 |
MEDIUM
Network
|
axiositalia
|
registro_elettronico
|
Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendo…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7693
|
2024-11-21 13:48 |
2019-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214275
|
9.8 |
CRITICAL
Network
|
cim_project
|
cim
|
install/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a crafted prefix value because of configuration file mishandling in the N=83 case, as demonstrated by a call…
|
CWE-94
Code Injection
|
CVE-2019-7692
|
2024-11-21 13:48 |
2019-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214276
|
9.8 |
CRITICAL
Network
|
inxedu
|
inxedu
|
inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. The vulnerable code location is com.inxedu.os.common.controller.VideoUploadController#gok4 (com/inxe…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-7684
|
2024-11-21 13:48 |
2019-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214277
|
9.8 |
CRITICAL
Network
|
enphase
|
envoy
|
A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888.
|
CWE-22
Path Traversal
|
CVE-2019-7678
|
2024-11-21 13:48 |
2019-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214278
|
6.1 |
MEDIUM
Network
|
enphase
|
envoy
|
XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7677
|
2024-11-21 13:48 |
2019-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214279
|
7.2 |
HIGH
Network
|
enphase
|
envoy
|
A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account.
|
CWE-521
Weak Password Requirements
|
CVE-2019-7676
|
2024-11-21 13:48 |
2019-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214280
|
7.5 |
HIGH
Network
|
mobotix
|
s14_firmware
|
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html UR…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-7675
|
2024-11-21 13:48 |
2019-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
