|
211271
|
8.8 |
HIGH
Network
|
phoenixcontact
|
fl_nat_smn_8tx-m-dmg_firmware
fl_nat_smn_8tx-m_firmware
fl_nat_smn_8tx_firmware
fl_nat_smcs_8tx_firmware
|
An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. There is unauthorized access to the WEB-UI by attackers arriving from t…
|
CWE-384
Session Fixation
|
CVE-2019-9744
|
2024-11-21 13:52 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211272
|
8.8 |
HIGH
Network
|
phoenixcontact
|
rad-80211-xd\/hp-bus_firmware
rad-80211-xd_firmware
|
An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component.
|
CWE-77
Command Injection
|
CVE-2019-9743
|
2024-11-21 13:52 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211273
|
6.1 |
MEDIUM
Network
|
wikindx_project
|
wikindx
|
A cross-site scripting (XSS) vulnerability in ressource view in core/modules/resource/RESOURCEVIEW.php in Wikindx prior to version 5.7.0 allows remote attackers to inject arbitrary web script or HTML…
|
CWE-79
Cross-site Scripting
|
CVE-2019-9961
|
2024-11-21 13:52 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211274
|
7.4 |
HIGH
Network
|
hashicorp
|
consul
|
HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is act…
|
CWE-346
Origin Validation Error
|
CVE-2019-9764
|
2024-11-21 13:52 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211275
|
6.1 |
MEDIUM
Network
|
warfareplugins
|
social_warfare
social_warfare_pro
|
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Soci…
|
CWE-79
Cross-site Scripting
|
CVE-2019-9978
|
2024-11-21 13:52 |
2019-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211276
|
8.8 |
HIGH
Network
|
tesla
|
model_3_firmware
|
The renderer process in the entertainment system on Tesla Model 3 vehicles mishandles JIT compilation, which allows attackers to trigger firmware code execution, and display a crafted message to vehi…
|
NVD-CWE-noinfo
|
CVE-2019-9977
|
2024-11-21 13:52 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211277
|
6.5 |
MEDIUM
Network
|
signal
|
signal-desktop
private_messenger
|
Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages cont…
|
NVD-CWE-noinfo
|
CVE-2019-9970
|
2024-11-21 13:52 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211278
|
7.8 |
HIGH
Local
|
xnview
|
xnview_classic
|
XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x385399.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-9969
|
2024-11-21 13:52 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211279
|
7.8 |
HIGH
Local
|
xnview
|
xnview_classic
|
XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlQueueWorkItem.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-9968
|
2024-11-21 13:52 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211280
|
7.8 |
HIGH
Local
|
xnview
|
xnview_classic
|
XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlPrefixUnicode…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-9967
|
2024-11-21 13:52 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
