|
223111
|
8.1 |
HIGH
Network
|
calamares
|
calamares
|
modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set.
|
CWE-362
Race Condition
|
CVE-2019-13178
|
2024-11-21 13:24 |
2019-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223112
|
9.8 |
CRITICAL
Network
|
django-rest-registration_project
|
django-rest-registration
|
verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2019-13177
|
2024-11-21 13:24 |
2019-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223113
|
6.1 |
MEDIUM
Network
|
readthedocs
|
read_the_docs
|
Read the Docs before 3.5.1 has an Open Redirect if certain user-defined redirects are used. This affects private instances of Read the Docs (in addition to the public readthedocs.org web sites).
|
CWE-601
Open Redirect
|
CVE-2019-13175
|
2024-11-21 13:24 |
2019-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223114
|
7.5 |
HIGH
Network
|
fstream_project
|
fstream
|
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will over…
|
CWE-59
Link Following
|
CVE-2019-13173
|
2024-11-21 13:24 |
2019-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223115
|
8.8 |
HIGH
Network
|
cyberpanel
|
cyberpanel
|
An issue was discovered in CyberPanel through 1.8.4. On the user edit page, an attacker can edit the administrator's e-mail and password because of the lack of CSRF protection.
|
CWE-352
Origin Validation Error
|
CVE-2019-13056
|
2024-11-21 13:24 |
2019-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223116
|
8.8 |
HIGH
Network
|
trendnet
|
tew-827dru_firmware
|
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server.
|
CWE-78
OS Command
|
CVE-2019-13155
|
2024-11-21 13:24 |
2019-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223117
|
8.8 |
HIGH
Network
|
trendnet
|
tew-827dru_firmware
|
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule.
|
CWE-78
OS Command
|
CVE-2019-13154
|
2024-11-21 13:24 |
2019-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223118
|
8.8 |
HIGH
Network
|
trendnet
|
tew-827dru_firmware
|
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server.
|
CWE-78
OS Command
|
CVE-2019-13153
|
2024-11-21 13:24 |
2019-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223119
|
8.8 |
HIGH
Network
|
trendnet
|
tew-827dru_firmware
|
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Gaming Rule.
|
CWE-77
Command Injection
|
CVE-2019-13152
|
2024-11-21 13:24 |
2019-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223120
|
8.8 |
HIGH
Network
|
trendnet
|
tew-827dru_firmware
|
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key …
|
CWE-78
OS Command
|
CVE-2019-13151
|
2024-11-21 13:24 |
2019-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
