|
212901
|
7.5 |
HIGH
Network
|
ghs
|
integrity_rtos
|
An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is use…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2019-7712
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212902
|
7.5 |
HIGH
Network
|
ghs
|
integrity_rtos
|
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command "prompt" sets the (user controlled) shell's prompt value, which i…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2019-7711
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212903
|
7.5 |
HIGH
Network
|
dlink
|
dir-817lw_firmware
dir-816l_firmware
dir-816_firmware
dir-850l_firmware
dir-868l_firmware
|
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-7642
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212904
|
7.5 |
HIGH
Network
|
elastic
|
winlogbeat
|
Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event.
|
NVD-CWE-Other
|
CVE-2019-7613
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212905
|
9.8 |
CRITICAL
Network
|
elastic
netapp
|
logstash
active_iq_performance_analytics_services
|
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credent…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-7612
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212906
|
9.0 |
CRITICAL
Network
|
elastic
|
kibana
|
Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could se…
|
CWE-77
Command Injection
|
CVE-2019-7610
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212907
|
10.0 |
CRITICAL
Network
|
elastic
redhat
|
kibana
openshift_container_platform
|
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt…
|
CWE-94
Code Injection
|
CVE-2019-7609
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212908
|
6.1 |
MEDIUM
Network
|
elastic
|
kibana
|
Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of ot…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7608
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212909
|
8.1 |
HIGH
Network
|
elastic
|
elasticsearch
|
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are us…
|
NVD-CWE-Other
|
CVE-2019-7611
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212910
|
8.8 |
HIGH
Network
|
ipycache_project
|
ipycache
|
A code injection issue was discovered in ipycache through 2016-05-31.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-7539
|
2024-11-21 13:48 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
