|
223521
|
6.6 |
MEDIUM
Network
|
misp
|
misp
|
An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's …
|
CWE-269
Improper Privilege Management
|
CVE-2019-12794
|
2024-11-21 13:23 |
2019-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223522
|
7.1 |
HIGH
Local
|
freedesktop
canonical
|
dbus
ubuntu_linux
|
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofi…
|
CWE-59
Link Following
|
CVE-2019-12749
|
2024-11-21 13:23 |
2019-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223523
|
7.8 |
HIGH
Local
|
radare
|
radare2
|
In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c. This allows remote attackers to cause a denial of service (application crash) or p…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-12790
|
2024-11-21 13:23 |
2019-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223524
|
7.8 |
HIGH
Local
|
photodex
|
proshow_producer
|
An issue was discovered in Photodex ProShow Producer v9.0.3797 (an application that runs with Administrator privileges). It is possible to perform a buffer overflow via a crafted file.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-12788
|
2024-11-21 13:23 |
2019-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223525
|
8.8 |
HIGH
Network
|
dlink
|
dir-818lw_firmware
|
An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the Gateway key.
|
CWE-78
OS Command
|
CVE-2019-12787
|
2024-11-21 13:23 |
2019-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223526
|
8.8 |
HIGH
Network
|
dlink
|
dir-818lw_firmware
|
An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the IPAddress key.
|
CWE-77
Command Injection
|
CVE-2019-12786
|
2024-11-21 13:23 |
2019-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223527
|
9.8 |
CRITICAL
Network
|
belkin
|
crock-pot_smart_slow_cooker_with_wemo_firmware
|
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allo…
|
CWE-78
OS Command
|
CVE-2019-12780
|
2024-11-21 13:23 |
2019-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223528
|
7.1 |
HIGH
Local
|
clusterlabs
|
libqb
|
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.
|
CWE-59
Link Following
|
CVE-2019-12779
|
2024-11-21 13:23 |
2019-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223529
|
9.8 |
CRITICAL
Network
|
salesagility
|
suitecrm
|
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of 3).
|
CWE-89
SQL Injection
|
CVE-2019-12601
|
2024-11-21 13:23 |
2019-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223530
|
9.8 |
CRITICAL
Network
|
salesagility
|
suitecrm
|
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3).
|
CWE-89
SQL Injection
|
CVE-2019-12600
|
2024-11-21 13:23 |
2019-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
