|
222051
|
9.8 |
CRITICAL
Network
|
bitdefender
|
box_2_firmware
|
A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the producti…
|
CWE-78
OS Command
|
CVE-2019-17095
|
2024-11-21 13:31 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222052
|
7.8 |
HIGH
Local
|
belkin
|
wemo_insight_switch_firmware
|
A Stack-based Buffer Overflow vulnerability in libbelkin_api.so component of Belkin WeMo Insight Switch firmware allows a local attacker to obtain code execution on the device. This issue affects: Be…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-17094
|
2024-11-21 13:31 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222053
|
9.8 |
CRITICAL
Network
|
bitdefender
|
box_2_firmware
central
|
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.
|
CWE-78
OS Command
|
CVE-2019-17096
|
2024-11-21 13:31 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222054
|
7.8 |
HIGH
Local
|
avast
|
secure_browser
|
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORIT…
|
CWE-863
Incorrect Authorization
|
CVE-2019-17190
|
2024-11-21 13:31 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222055
|
5.5 |
MEDIUM
Local
|
bitdefender
|
antivirus
|
An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdef…
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-17103
|
2024-11-21 13:31 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222056
|
8.1 |
HIGH
Network
|
bitdefender
|
box_2_firmware
|
An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks a…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2019-17102
|
2024-11-21 13:31 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222057
|
6.5 |
MEDIUM
Local
|
bitdefender
|
total_security_2020
|
An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Sec…
|
CWE-426
Untrusted Search Path
|
CVE-2019-17100
|
2024-11-21 13:31 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222058
|
7.8 |
HIGH
Local
|
fasttracksoftware
|
admin_by_request
|
FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access…
|
CWE-269
Improper Privilege Management
|
CVE-2019-17202
|
2024-11-21 13:31 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222059
|
7.8 |
HIGH
Local
|
fasttracksoftware
|
admin_by_request
|
FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using …
|
NVD-CWE-noinfo
|
CVE-2019-17201
|
2024-11-21 13:31 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222060
|
7.5 |
HIGH
Network
|
agendaless
oracle
debian
|
waitress
communications_cloud_native_core_network_function_cloud_native_environment
debian_linux
|
Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now c…
|
CWE-444
HTTP Request Smuggling
|
CVE-2019-16792
|
2024-11-21 13:31 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
