|
221881
|
4.9 |
MEDIUM
Network
|
f5
|
big-ip_access_policy_manager
|
On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached …
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-19150
|
2024-11-21 13:34 |
2019-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221882
|
6.5 |
MEDIUM
Network
|
redhat
|
ceph_storage
|
A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. An authenticated attacker can abuse this flaw by causing a remote denial of service by…
|
NVD-CWE-noinfo
|
CVE-2019-19337
|
2024-11-21 13:34 |
2019-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221883
|
7.8 |
HIGH
Local
|
broadcom
|
ca_client_automation
|
An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, 14.2, and 14.3 Agent for Windows that can allow a local attacker to gain escalated privileges.
|
NVD-CWE-Other
|
CVE-2019-19231
|
2024-11-21 13:34 |
2019-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221884
|
8.8 |
HIGH
Network
|
plex
|
media_server
|
The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This…
|
CWE-22
Path Traversal
|
CVE-2019-19141
|
2024-11-21 13:34 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221885
|
5.3 |
MEDIUM
Network
|
redhat
|
ansible_tower
|
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. This request would cause a socket erro…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2019-19342
|
2024-11-21 13:34 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221886
|
5.5 |
MEDIUM
Local
|
redhat
|
ansible_tower
|
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user w…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-19341
|
2024-11-21 13:34 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221887
|
8.2 |
HIGH
Network
|
redhat
|
ansible_tower
enterprise_linux
|
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ manage…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2019-19340
|
2024-11-21 13:34 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221888
|
7.5 |
HIGH
Network
|
sudo
|
sudo
|
In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to…
|
NVD-CWE-noinfo
|
CVE-2019-19234
|
2024-11-21 13:34 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221889
|
7.5 |
HIGH
Network
|
sudo
|
sudo
|
In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The so…
|
NVD-CWE-noinfo
|
CVE-2019-19232
|
2024-11-21 13:34 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221890
|
7.0 |
HIGH
Local
|
asus
|
atk_package
|
AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular pa…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-19235
|
2024-11-21 13:34 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
