|
223191
|
9.8 |
CRITICAL
Network
|
netgear
|
nighthawk_x10-r9000_firmware
|
In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at Advanced…
|
CWE-78
OS Command
|
CVE-2019-12511
|
2024-11-21 13:23 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223192
|
5.4 |
MEDIUM
Network
|
solarwinds
|
network_performance_monitor_orion_platform_2018_netpath
network_performance_monitor_orion_platform_2018_npm
|
SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT.
|
CWE-79
Cross-site Scripting
|
CVE-2019-12954
|
2024-11-21 13:23 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223193
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2019-12825
|
2024-11-21 13:23 |
2020-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223194
|
7.5 |
HIGH
Network
|
squid-cache
fedoraproject
debian
opensuse
canonical
|
squid
fedora
debian_linux
leap
ubuntu_linux
|
An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions…
|
NVD-CWE-noinfo
|
CVE-2019-12528
|
2024-11-21 13:23 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223195
|
7.5 |
HIGH
Network
|
acinq
|
eclair
|
Eclair through 0.3 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "it is beta-quality software and don't put too much money in it."
|
NVD-CWE-Other
|
CVE-2019-13000
|
2024-11-21 13:23 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223196
|
7.5 |
HIGH
Network
|
lightning
|
network_daemon
|
Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger loss of funds because of Incorrect Access Control.
|
NVD-CWE-Other
|
CVE-2019-12999
|
2024-11-21 13:23 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223197
|
7.5 |
HIGH
Network
|
elementsproject
|
c-lightning
|
c-lightning before 0.7.1 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "It can be used for testing, but it should not be used for real funds."
|
NVD-CWE-Other
|
CVE-2019-12998
|
2024-11-21 13:23 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223198
|
7.2 |
HIGH
Network
|
cisco
|
sd-wan_firmware
|
A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. Th…
|
CWE-78
OS Command
|
CVE-2019-12629
|
2024-11-21 13:23 |
2020-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223199
|
6.5 |
MEDIUM
Network
|
cisco
|
sd-wan_firmware
|
A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. …
|
CWE-89
SQL Injection
|
CVE-2019-12619
|
2024-11-21 13:23 |
2020-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223200
|
4.3 |
MEDIUM
Network
|
gencat
|
portal_d\'acces_a_la_universitat
|
The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints.
|
CWE-706
CWE-863
Use of Incorrectly-Resolved Name or Reference
Incorrect Authorization
|
CVE-2019-12837
|
2024-11-21 13:23 |
2020-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
