|
222571
|
7.5 |
HIGH
Network
|
ricoh
|
sp_c250sf_firmware
sp_c252sf_firmware
sp_c250dn_firmware
sp_c252dn_firmware
m_c250fw_firmware
m_c250fwb_firmware
p_c300w_firmware
p_c301w_firmware
sp_330sn_firmware
sp_330s…
|
Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2).
|
CWE-200
Information Exposure
|
CVE-2019-14301
|
2024-11-21 13:26 |
2020-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222572
|
6.5 |
MEDIUM
Network
|
gosa_project
debian
|
gosa
debian_linux
|
The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user ac…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-14466
|
2024-11-21 13:26 |
2020-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222573
|
7.8 |
HIGH
Local
|
intel
|
rapid_storage_technology
|
Improper permissions in the executable for Intel(R) RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-14568
|
2024-11-21 13:26 |
2019-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222574
|
6.1 |
MEDIUM
Network
|
vocabularyserver
|
tematres
|
TemaTres 3.0 has reflected XSS via the replace_string or search_string parameter to the vocab/admin.php?doAdmin=bulkReplace URI.
|
CWE-79
Cross-site Scripting
|
CVE-2019-14344
|
2024-11-21 13:26 |
2019-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222575
|
5.3 |
MEDIUM
Network
|
wolfssl
|
wolfssl
|
wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures v…
|
CWE-331
Insufficient Entropy
|
CVE-2019-14317
|
2024-11-21 13:26 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222576
|
7.5 |
HIGH
Network
|
temenos
|
t24
|
An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can le…
|
CWE-22
Path Traversal
|
CVE-2019-14251
|
2024-11-21 13:26 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222577
|
5.4 |
MEDIUM
Network
|
cloudera
|
cloudera_manager
|
An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting (XSS) when viewed within this pr…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14449
|
2024-11-21 13:26 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222578
|
7.8 |
HIGH
Local
|
infoway
|
social_photo_gallery
|
The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not chec…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-14467
|
2024-11-21 13:26 |
2019-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222579
|
9.8 |
CRITICAL
Network
|
vocabularyserver
|
tematres
|
TemaTres 3.0 allows remote unprivileged users to create an administrator account
|
NVD-CWE-noinfo
|
CVE-2019-14345
|
2024-11-21 13:26 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222580
|
5.4 |
MEDIUM
Network
|
vocabularyserver
|
tematres
|
TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI.
|
CWE-79
Cross-site Scripting
|
CVE-2019-14343
|
2024-11-21 13:26 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
