|
222751
|
9.8 |
CRITICAL
Network
|
powerschool
|
powerschool_mobile
|
In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-17396
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222752
|
9.8 |
CRITICAL
Network
|
seesaw
|
parent_and_family
|
In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-17394
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222753
|
6.5 |
MEDIUM
Adjacent
|
infinitestudio
|
infinite_design
|
The Infinite Design application 3.4.12 for Android sends a username and password via TCP without any encryption during login, as demonstrated by sniffing of a public Wi-Fi network.
|
CWE-319
CWE-522
Cleartext Transmission of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2019-17356
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222754
|
9.8 |
CRITICAL
Network
|
orbitz
|
orbitz
|
In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-17355
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222755
|
9.8 |
CRITICAL
Network
|
doordash
|
doordash
|
In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-17397
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222756
|
9.8 |
CRITICAL
Network
|
intelbras
|
iwr_1000n_firmware
|
Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled.
|
CWE-352
Origin Validation Error
|
CVE-2019-17600
|
2024-11-21 13:32 |
2019-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222757
|
5.4 |
MEDIUM
Network
|
gnu
opensuse
|
ncurses
leap
|
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-17595
|
2024-11-21 13:32 |
2019-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222758
|
5.3 |
MEDIUM
Local
|
gnu
opensuse
|
ncurses
leap
|
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-17594
|
2024-11-21 13:32 |
2019-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222759
|
8.8 |
HIGH
Network
|
jizhicms
|
jizhicms
|
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
|
CWE-352
Origin Validation Error
|
CVE-2019-17593
|
2024-11-21 13:32 |
2019-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222760
|
7.5 |
HIGH
Network
|
csv-parse_project
fedoraproject
|
csv-parse
fedora
|
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-17592
|
2024-11-21 13:32 |
2019-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
