|
219951
|
6.5 |
MEDIUM
Local
|
mcafee
|
total_protection
|
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised fo…
|
CWE-426
Untrusted Search Path
|
CVE-2019-3587
|
2024-11-21 13:42 |
2019-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219952
|
6.0 |
MEDIUM
Local
|
mcafee
|
mvision_endpoint
|
Exploitation of Authentication vulnerability in MVision Endpoint in McAfee MVision Endpoint Prior to 1811 Update 1 (18.11.31.62) allows authenticated administrator users --> administrators to Remove …
|
CWE-287
Improper Authentication
|
CVE-2019-3584
|
2024-11-21 13:42 |
2019-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219953
|
9.8 |
CRITICAL
Network
|
pivotal_software
|
spring_batch
|
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
|
CWE-611
XXE
|
CVE-2019-3774
|
2024-11-21 13:42 |
2019-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219954
|
9.8 |
CRITICAL
Network
|
pivotal_software
oracle
|
spring_web_services
flexcube_private_banking
financial_services_analytical_applications_infrastructure
|
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted source…
|
CWE-611
XXE
|
CVE-2019-3773
|
2024-11-21 13:42 |
2019-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219955
|
9.8 |
CRITICAL
Network
|
vmware
oracle
|
spring_integration
retail_customer_management_and_segmentation_foundation
|
Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) …
|
CWE-611
XXE
|
CVE-2019-3772
|
2024-11-21 13:42 |
2019-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219956
|
9.1 |
CRITICAL
Network
|
crestron
|
airmedia_am-100_firmware
|
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrato…
|
NVD-CWE-noinfo
|
CVE-2019-3910
|
2024-11-21 13:42 |
2019-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219957
|
9.8 |
CRITICAL
Network
|
identicard
|
premisys_id
|
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2019-3909
|
2024-11-21 13:42 |
2019-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219958
|
7.5 |
HIGH
Network
|
identicard
|
premisys_id
|
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and o…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-3908
|
2024-11-21 13:42 |
2019-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219959
|
7.5 |
HIGH
Network
|
identicard
|
premisys_id
|
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2019-3907
|
2024-11-21 13:42 |
2019-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219960
|
8.8 |
HIGH
Network
|
identicard
|
premisys_id
|
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-3906
|
2024-11-21 13:42 |
2019-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
