|
221921
|
9.8 |
CRITICAL
Network
|
advantech
|
spectre_rt_ert351_firmware
|
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force pa…
|
-
|
CVE-2019-18235
|
2024-11-21 13:32 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221922
|
6.1 |
MEDIUM
Network
|
advantech
|
spectre_rt_ert351_firmware
|
In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and prior, the affected product does not neutralize special characters in the error response, allowing attackers to use a reflected XSS attack.
|
-
|
CVE-2019-18233
|
2024-11-21 13:32 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221923
|
7.5 |
HIGH
Network
|
advantech
|
spectre_rt_ert351_firmware
|
Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwords are transmitted in clear text form, which may allow an attacker to intercept the request.
|
-
|
CVE-2019-18231
|
2024-11-21 13:32 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221924
|
5.5 |
MEDIUM
Local
|
ge
|
ifix
|
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-18243
|
2024-11-21 13:32 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221925
|
5.5 |
MEDIUM
Local
|
ge
|
ifix
|
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-18255
|
2024-11-21 13:32 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221926
|
9.8 |
CRITICAL
Network
|
libzip
|
libzip
|
A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer s…
|
CWE-416
Use After Free
|
CVE-2019-17582
|
2024-11-21 13:32 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221927
|
7.5 |
HIGH
Network
|
apache
oracle
|
batik
api_gateway
hyperion_financial_reporting
enterprise_repository
business_intelligence
retail_order_broker
hospitality_opera_5
communications_application_session_controller
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vu…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-17566
|
2024-11-21 13:32 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
221928
|
9.8 |
CRITICAL
Network
|
eclipse
|
vert.x
|
In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correct…
|
CWE-22
Path Traversal
|
CVE-2019-17640
|
2024-11-21 13:32 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221929
|
9.8 |
CRITICAL
Network
|
jfrog
|
artifactory
|
Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely …
|
CWE-521
Weak Password Requirements
|
CVE-2019-17444
|
2024-11-21 13:32 |
2020-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221930
|
8.1 |
HIGH
Network
|
tibco
|
silver_fabric
|
The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically so…
|
NVD-CWE-noinfo
|
CVE-2019-17339
|
2024-11-21 13:32 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
