|
222251
|
7.5 |
HIGH
Network
|
siemens
|
sppa-t3000_ms3000_migration_server
|
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending spe…
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2019-18299
|
2024-11-21 13:33 |
2019-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222252
|
7.3 |
HIGH
Network
|
symantec
|
messaging_gateway
|
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backe…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-18379
|
2024-11-21 13:33 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222253
|
4.8 |
MEDIUM
Network
|
symantec
|
messaging_gateway
|
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web page…
|
CWE-79
Cross-site Scripting
|
CVE-2019-18378
|
2024-11-21 13:33 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222254
|
7.2 |
HIGH
Network
|
symantec
|
messaging_gateway
|
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software applicatio…
|
NVD-CWE-noinfo
|
CVE-2019-18377
|
2024-11-21 13:33 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222255
|
9.8 |
CRITICAL
Network
|
amazon
|
firecracker
|
Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes.
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-18960
|
2024-11-21 13:33 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222256
|
9.8 |
CRITICAL
Network
|
telerik
|
ui_for_asp.net_ajax
|
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to th…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-18935
|
2024-11-21 13:33 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222257
|
6.5 |
MEDIUM
Adjacent
|
symantec
|
industrial_control_system_protection
|
Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application us…
|
CWE-287
Improper Authentication
|
CVE-2019-18380
|
2024-11-21 13:33 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222258
|
7.1 |
HIGH
Local
|
dell
|
command\|configure
|
Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a ta…
|
CWE-59
CWE-427
Link Following
Uncontrolled Search Path Element
|
CVE-2019-18575
|
2024-11-21 13:33 |
2019-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222259
|
7.5 |
HIGH
Network
|
shapeshift
|
keepkey_firmware
|
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. No…
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2019-18672
|
2024-11-21 13:33 |
2019-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222260
|
9.8 |
CRITICAL
Network
|
keepkey
|
keepkey_firmware
|
Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability c…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-18671
|
2024-11-21 13:33 |
2019-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
