|
223471
|
8.8 |
HIGH
Network
|
minv
|
electronic_identification_cards_client
|
An incorrect implementation of a local web server in eID client (Windows version before 3.1.2, Linux version before 3.0.3) allows remote attackers to execute arbitrary code (.cgi, .pl, or .php) or de…
|
CWE-284
Improper Access Control
|
CVE-2019-13028
|
2024-11-21 13:24 |
2019-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223472
|
7.5 |
HIGH
Network
|
gnome
|
glib
|
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kf…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-13012
|
2024-11-21 13:24 |
2019-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223473
|
5.3 |
MEDIUM
Network
|
dropbear_ssh_project
|
dropbear_ssh
|
Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599.
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-12953
|
2024-11-21 13:23 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223474
|
9.8 |
CRITICAL
Network
|
dlink
|
dap-1650_firmware
|
An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-12768
|
2024-11-21 13:23 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223475
|
8.8 |
HIGH
Network
|
verint
|
impact_360
|
An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attacke…
|
CWE-352
Origin Validation Error
|
CVE-2019-12784
|
2024-11-21 13:23 |
2020-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223476
|
6.1 |
MEDIUM
Network
|
verint
|
impact_360
|
An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-1…
|
CWE-601
Open Redirect
|
CVE-2019-12783
|
2024-11-21 13:23 |
2020-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223477
|
6.1 |
MEDIUM
Network
|
verint
|
impact_360
|
An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjuncti…
|
CWE-79
Cross-site Scripting
|
CVE-2019-12773
|
2024-11-21 13:23 |
2020-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223478
|
5.5 |
MEDIUM
Local
|
solarwinds
|
netpath
orion_platform
network_performance_monitor
|
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathna…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2019-12864
|
2024-11-21 13:23 |
2020-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223479
|
7.5 |
HIGH
Network
|
squid-cache
canonical
debian
|
squid
ubuntu_linux
debian_linux
|
An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the…
|
CWE-20
Improper Input Validation
|
CVE-2019-12520
|
2024-11-21 13:23 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223480
|
9.8 |
CRITICAL
Network
|
squid-cache
debian
canonical
opensuse
|
squid
debian_linux
ubuntu_linux
leap
|
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression w…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-12519
|
2024-11-21 13:23 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
