|
212681
|
7.8 |
HIGH
Local
|
autodesk
|
advance_steel
autocad
autocad_architecture
autocad_electrical
autocad_lt
autocad_map_3d
autocad_mechanical
autocad_mep
autocad_plant_3d
civil_3d
autocad_p\&id
|
DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechan…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-7364
|
2024-11-21 13:48 |
2019-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212682
|
7.2 |
HIGH
Network
|
elastic
|
apm_agent
|
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an atta…
|
CWE-20
Improper Input Validation
|
CVE-2019-7617
|
2024-11-21 13:48 |
2019-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212683
|
9.1 |
CRITICAL
Network
|
johnsoncontrols
|
metasys_system
|
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP).
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-7594
|
2024-11-21 13:48 |
2019-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212684
|
9.1 |
CRITICAL
Network
|
johnsoncontrols
|
metasys_system
|
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP).
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-7593
|
2024-11-21 13:48 |
2019-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212685
|
7.8 |
HIGH
Local
|
adobe
|
premiere_pro_cc
|
Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-7931
|
2024-11-21 13:48 |
2019-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212686
|
7.8 |
HIGH
Local
|
adobe
|
character_animator
|
Adobe Character Animator versions 2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-7870
|
2024-11-21 13:48 |
2019-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212687
|
7.5 |
HIGH
Network
|
magento
|
magento
|
An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters re…
|
NVD-CWE-noinfo
|
CVE-2019-7951
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212688
|
7.5 |
HIGH
Network
|
magento
|
magento
|
An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API c…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-7950
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212689
|
6.5 |
MEDIUM
Network
|
magento
|
magento
|
A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18,…
|
CWE-352
Origin Validation Error
|
CVE-2019-7947
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212690
|
5.4 |
MEDIUM
Network
|
magento
|
magento
|
A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7945
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
