|
220801
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (cons…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7326
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220802
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtrat…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7325
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220803
|
6.1 |
MEDIUM
Network
|
kanboard
|
kanboard
|
app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7324
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220804
|
7.5 |
HIGH
Network
|
logmx
|
logmx
|
GUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan hor…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2019-7323
|
2024-11-21 13:48 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220805
|
5.3 |
MEDIUM
Network
|
libpng
debian
canonical
oracle
hpe
hp
mozilla
opensuse
netapp
redhat
|
libpng
debian_linux
ubuntu_linux
jdk
java_se
mysql
hyperion_infrastructure_technology
xp7_command_view_advanced_edition_suite
xp7_command_view
firefox
thunderbird
lea…
|
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
|
CWE-416
Use After Free
|
CVE-2019-7317
|
2024-11-21 13:48 |
2019-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220806
|
7.8 |
HIGH
Local
|
schneider-electric
|
software_update
|
A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user t…
|
-
|
CVE-2019-6834
|
2024-11-21 13:47 |
2022-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220807
|
9.8 |
CRITICAL
Network
|
qnap
|
quts_hero
qts
|
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS …
|
CWE-77
Command Injection
|
CVE-2019-7198
|
2024-11-21 13:47 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220808
|
6.5 |
MEDIUM
Network
|
apple
|
airport_base_station_firmware
|
A denial of service issue was addressed with improved memory handling. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. An attacker in a …
|
NVD-CWE-noinfo
|
CVE-2019-7291
|
2024-11-21 13:47 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220809
|
9.8 |
CRITICAL
Network
|
apple
|
mac_os_x
iphone_os
|
The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update, iOS 12.1.4. A thorough security audit of the FaceTime service…
|
NVD-CWE-noinfo
|
CVE-2019-7288
|
2024-11-21 13:47 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220810
|
7.2 |
HIGH
Network
|
pexip
|
pexip_infinity
|
Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup.
|
CWE-20
Improper Input Validation
|
CVE-2019-7178
|
2024-11-21 13:47 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
