|
222331
|
9.8 |
CRITICAL
Network
|
-
|
-
|
eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-18939
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222332
|
9.8 |
CRITICAL
Network
|
eq-3
hm_email_project
|
homematic_ccu2_firmware
hm_email
homematic_ccu3_firmware
|
eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-18938
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222333
|
9.8 |
CRITICAL
Network
|
-
|
-
|
eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-18937
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222334
|
4.8 |
MEDIUM
Network
|
untangle
|
ng_firewall
|
When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18649
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222335
|
4.8 |
MEDIUM
Network
|
untangle
|
ng_firewall
|
When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18648
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222336
|
7.2 |
HIGH
Network
|
untangle
|
ng_firewall
|
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user.
|
CWE-77
Command Injection
|
CVE-2019-18647
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222337
|
7.2 |
HIGH
Network
|
untangle
|
ng_firewall
|
The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user.
|
CWE-89
SQL Injection
|
CVE-2019-18646
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222338
|
6.1 |
MEDIUM
Network
|
microstrategy
|
microstrategy_library
|
Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18957
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222339
|
7.8 |
HIGH
Local
|
scanguard
|
scanguard_antivirus
|
Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-18895
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222340
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, ak…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-18885
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
