|
222141
|
9.8 |
CRITICAL
Network
|
netgear
|
wnr1000_firmware
|
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web management interface (setup.cgi) has an authentication bypass and other problems that ultimately allow an attacker to remotely c…
|
CWE-287
Improper Authentication
|
CVE-2019-20489
|
2024-11-21 13:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222142
|
9.8 |
CRITICAL
Network
|
netgear
|
wnr1000_firmware
|
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the web management interface (setup.cgi) are vulnerable to command injection, allowing remote attackers to execu…
|
CWE-78
OS Command
|
CVE-2019-20488
|
2024-11-21 13:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222143
|
8.8 |
HIGH
Network
|
netgear
|
wnr1000_firmware
|
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the WNR1000V4 web management console are vulnerable to an unauthenticated GET request (exploitable directly or t…
|
CWE-352
Origin Validation Error
|
CVE-2019-20487
|
2024-11-21 13:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222144
|
6.1 |
MEDIUM
Network
|
netgear
|
wnr1000_firmware
|
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple pages (setup.cgi and adv_index.htm) within the web management console are vulnerable to stored XSS, as demonstrated by the conf…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20486
|
2024-11-21 13:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222145
|
9.8 |
CRITICAL
Network
|
miele
|
xgw_3000_zigbee_gateway_firmware
|
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480.
|
CWE-287
Improper Authentication
|
CVE-2019-20481
|
2024-11-21 13:38 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222146
|
8.8 |
HIGH
Network
|
miele
|
xgw_3000_zigbee_gateway_firmware
|
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there i…
|
CWE-352
Origin Validation Error
|
CVE-2019-20480
|
2024-11-21 13:38 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222147
|
6.1 |
MEDIUM
Network
|
openidc
debian
fedoraproject
opensuse
|
mod_auth_openidc
debian_linux
fedora
leap
|
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
|
CWE-601
Open Redirect
|
CVE-2019-20479
|
2024-11-21 13:38 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222148
|
9.8 |
CRITICAL
Network
|
ruamel.yaml_project
|
ruamel.yaml
|
In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaw…
|
NVD-CWE-noinfo
|
CVE-2019-20478
|
2024-11-21 13:38 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222149
|
9.8 |
CRITICAL
Network
|
pyyaml
fedoraproject
|
pyyaml
fedora
|
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue e…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-20477
|
2024-11-21 13:38 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222150
|
4.3 |
MEDIUM
Network
|
zohocorp
|
manageengine_remote_access_plus
|
An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (re…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-20474
|
2024-11-21 13:38 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
