|
224691
|
5.5 |
MEDIUM
Local
|
redhat
|
ansible_engine
ansible_tower
|
A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name t…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-14858
|
2024-11-21 13:27 |
2019-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224692
|
8.8 |
HIGH
Network
|
softing
|
uagate_si_firmware
uagate_mb_firmware
uagate_840d_firmware
|
An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter.
|
CWE-77
Command Injection
|
CVE-2019-15051
|
2024-11-21 13:27 |
2019-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224693
|
5.9 |
MEDIUM
Network
|
arista
|
extensible_operating_system
|
A vulnerability has been found in the implementation of the Label Distribution Protocol (LDP) protocol in EOS. Under race conditions, the LDP agent can establish an LDP session with a malicious peer …
|
CWE-362
Race Condition
|
CVE-2019-14810
|
2024-11-21 13:27 |
2019-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224694
|
7.5 |
HIGH
Network
|
zingbox
|
inspector
|
A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2019-15023
|
2024-11-21 13:27 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224695
|
7.5 |
HIGH
Network
|
zingbox
|
inspector
|
A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing.
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2019-15022
|
2024-11-21 13:27 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224696
|
5.3 |
MEDIUM
Network
|
zingbox
|
inspector
|
A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-15021
|
2024-11-21 13:27 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224697
|
9.8 |
CRITICAL
Network
|
zingbox
|
inspector
|
A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result…
|
CWE-346
Origin Validation Error
|
CVE-2019-15020
|
2024-11-21 13:27 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224698
|
9.8 |
CRITICAL
Network
|
zingbox
|
inspector
|
A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector.
|
CWE-20
Improper Input Validation
|
CVE-2019-15019
|
2024-11-21 13:27 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224699
|
7.5 |
HIGH
Network
|
zingbox
|
inspector
|
A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-15018
|
2024-11-21 13:27 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224700
|
8.4 |
HIGH
Local
|
zingbox
|
inspector
|
The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to t…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-15017
|
2024-11-21 13:27 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
