|
222881
|
6.5 |
MEDIUM
Network
|
jenkins
|
support_core
|
A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2019-16539
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222882
|
8.8 |
HIGH
Network
|
jenkins
|
script_security
|
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in s…
|
CWE-863
Incorrect Authorization
|
CVE-2019-16538
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222883
|
9.8 |
CRITICAL
Network
|
linksys
|
velop_whw0303_firmware
velop_whw0302_firmware
velop_whw0301_firmware
|
Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-16340
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222884
|
7.5 |
HIGH
Network
|
gnu
|
serveez
|
GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value …
|
CWE-681
Incorrect Conversion between Numeric Types
|
CVE-2019-16200
|
2024-11-21 13:30 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222885
|
8.1 |
HIGH
Network
|
blade-group
|
shadow
|
The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data…
|
NVD-CWE-noinfo
|
CVE-2019-16110
|
2024-11-21 13:30 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222886
|
5.5 |
MEDIUM
Local
|
broadcom
|
brocade_sannav
|
Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.
|
CWE-532
CWE-311
Inclusion of Sensitive Information in Log Files
Missing Encryption of Sensitive Data
|
CVE-2019-16210
|
2024-11-21 13:30 |
2019-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222887
|
7.4 |
HIGH
Network
|
broadcom
|
brocade_sannav
|
A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.
|
CWE-295
Improper Certificate Validation
|
CVE-2019-16209
|
2024-11-21 13:30 |
2019-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222888
|
7.5 |
HIGH
Network
|
broadcom
|
brocade_sannav
|
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several se…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2019-16208
|
2024-11-21 13:30 |
2019-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222889
|
7.8 |
HIGH
Local
|
broadcom
|
brocade_sannav
|
Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-16207
|
2024-11-21 13:30 |
2019-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222890
|
5.5 |
MEDIUM
Local
|
broadcom
|
brocade_sannav
|
The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker…
|
CWE-532
CWE-311
Inclusion of Sensitive Information in Log Files
Missing Encryption of Sensitive Data
|
CVE-2019-16206
|
2024-11-21 13:30 |
2019-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
