|
223211
|
2.3 |
LOW
Local
|
symantec
|
endpoint_protection
|
Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individ…
|
NVD-CWE-noinfo
|
CVE-2019-12756
|
2024-11-21 13:23 |
2019-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223212
|
7.5 |
HIGH
Network
|
auo
|
sunveillance_monitoring_system_\&_data_recorder
|
AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the atta…
|
CWE-89
SQL Injection
|
CVE-2019-12720
|
2024-11-21 13:23 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223213
|
9.8 |
CRITICAL
Network
|
auo
|
sunveillance_monitoring_system_\&_data_recorder
|
An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. There is an incorrect access control vulnerability that can allow an unauthenticated user to u…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-12719
|
2024-11-21 13:23 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223214
|
9.8 |
CRITICAL
Network
|
quest
|
kace_systems_management_appliance
|
Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is software_library.php and affected parameters are order[0][column] and order[…
|
CWE-89
SQL Injection
|
CVE-2019-12918
|
2024-11-21 13:23 |
2019-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223215
|
6.1 |
MEDIUM
Network
|
quest
|
kace_systems_management_appliance
|
A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via the PATH_INFO.
|
CWE-79
Cross-site Scripting
|
CVE-2019-12917
|
2024-11-21 13:23 |
2019-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223216
|
7.5 |
HIGH
Network
|
clamav
|
clamav
|
ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected syste…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2019-12625
|
2024-11-21 13:23 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223217
|
6.1 |
MEDIUM
Adjacent
|
symantec
|
sonar
|
The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in…
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-12752
|
2024-11-21 13:23 |
2019-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223218
|
7.8 |
HIGH
Local
|
bitdefender
|
box_firmware
|
An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerab…
|
NVD-CWE-noinfo
|
CVE-2019-12612
|
2024-11-21 13:23 |
2019-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223219
|
6.5 |
MEDIUM
Network
|
themooltipass
|
moolticute
|
Stephan Mooltipass Moolticute through 0.42.1 (and possibly earlier versions) has Incorrect Access Control.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-12967
|
2024-11-21 13:23 |
2019-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223220
|
4.4 |
MEDIUM
Local
|
bitdefender
|
box_firmware
|
An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-12611
|
2024-11-21 13:23 |
2019-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
