|
222571
|
9.8 |
CRITICAL
Network
|
eq-3
|
homematic_ccu2_firmware
homematic_ccu3_firmware
|
eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related t…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-16199
|
2024-11-21 13:30 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222572
|
9.8 |
CRITICAL
Network
|
trusteddomain
debian
fedoraproject
canonical
|
opendmarc
debian_linux
fedora
ubuntu_linux
|
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be rel…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2019-16378
|
2024-11-21 13:30 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222573
|
9.8 |
CRITICAL
Network
|
infradead
fedoraproject
debian
canonical
opensuse
|
openconnect
fedora
debian_linux
ubuntu_linux
leap
|
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-16239
|
2024-11-21 13:30 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222574
|
8.2 |
HIGH
Network
|
logmein
|
lastpass
|
LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because do_popupregister can be …
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2019-16371
|
2024-11-21 13:30 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222575
|
5.9 |
MEDIUM
Network
|
gradle
|
gradle
|
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related …
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2019-16370
|
2024-11-21 13:30 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222576
|
9.8 |
CRITICAL
Network
|
moddable
|
xs
moddable
|
In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-16366
|
2024-11-21 13:30 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222577
|
5.5 |
MEDIUM
Local
|
beego
|
beego
|
The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files.
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-16355
|
2024-11-21 13:30 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222578
|
4.7 |
MEDIUM
Local
|
beego
|
beego
|
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.
|
CWE-362
CWE-732
Race Condition
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-16354
|
2024-11-21 13:30 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222579
|
7.5 |
HIGH
Network
|
geautomation
|
proficy
|
Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device.
|
NVD-CWE-noinfo
|
CVE-2019-16353
|
2024-11-21 13:30 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222580
|
6.5 |
MEDIUM
Network
|
rockcarry
|
ffjpeg
|
ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-16352
|
2024-11-21 13:30 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
