|
223311
|
8.1 |
HIGH
Network
|
ttlock
|
ttlock
|
TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2019-12943
|
2024-11-21 13:23 |
2019-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223312
|
6.5 |
MEDIUM
Adjacent
|
ttlock
|
ttlock
|
TTLock devices do not properly block guest access in certain situations where the network connection to the cloud is unavailable.
|
CWE-862
Missing Authorization
|
CVE-2019-12942
|
2024-11-21 13:23 |
2019-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223313
|
5.3 |
MEDIUM
Network
|
mendix
|
mendix
|
In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-12996
|
2024-11-21 13:23 |
2019-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223314
|
7.8 |
HIGH
Local
|
cisco
|
jabber
|
A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code o…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-12645
|
2024-11-21 13:23 |
2019-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223315
|
6.1 |
MEDIUM
Network
|
cisco
|
identity_services_engine
|
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack a…
|
CWE-79
Cross-site Scripting
|
CVE-2019-12644
|
2024-11-21 13:23 |
2019-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223316
|
4.3 |
MEDIUM
Network
|
cisco
|
content_security_management_appliance
|
A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulne…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-12635
|
2024-11-21 13:23 |
2019-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223317
|
7.5 |
HIGH
Network
|
cisco
|
unified_contact_center_express
|
A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-12633
|
2024-11-21 13:23 |
2019-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223318
|
7.5 |
HIGH
Network
|
cisco
|
finesse
|
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. The vulnerabi…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-12632
|
2024-11-21 13:23 |
2019-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223319
|
6.5 |
MEDIUM
Adjacent
|
espressif
|
esp-idf
arduino-esp32
esp8266_nonos_sdk
|
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows…
|
NVD-CWE-noinfo
|
CVE-2019-12586
|
2024-11-21 13:23 |
2019-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223320
|
6.5 |
MEDIUM
Adjacent
|
espressif
|
esp8266_nonos_sdk
arduino_esp8266
|
The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association…
|
CWE-20
Improper Input Validation
|
CVE-2019-12588
|
2024-11-21 13:23 |
2019-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
