|
222171
|
9.8 |
CRITICAL
Network
|
tightvnc
|
tightvnc
|
TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-15678
|
2024-11-21 13:29 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222172
|
9.8 |
CRITICAL
Network
|
craftcms
|
craft_cms
|
In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2019-15929
|
2024-11-21 13:29 |
2019-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222173
|
7.5 |
HIGH
Network
|
fortinet
|
fortios
|
An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to t…
|
CWE-331
Insufficient Entropy
|
CVE-2019-15703
|
2024-11-21 13:29 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222174
|
5.4 |
MEDIUM
Network
|
loofah_project
fedoraproject
canonical
debian
|
loofah
fedora
ubuntu_linux
debian_linux
|
In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15587
|
2024-11-21 13:29 |
2019-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222175
|
8.8 |
HIGH
Network
|
doas_project
|
doas
|
An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext(3) call with flags to change the UID, primary GID, and secondary GIDs was replaced (on ce…
|
CWE-269
Improper Privilege Management
|
CVE-2019-15901
|
2024-11-21 13:29 |
2019-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222176
|
9.8 |
CRITICAL
Network
|
doas_project
|
doas
|
An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitial…
|
CWE-754
CWE-252
CWE-863
CWE-908
Improper Check for Unusual or Exceptional Conditions
Unchecked Return Value
Incorrect Authorization
Use of Uninitialized Resource
|
CVE-2019-15900
|
2024-11-21 13:29 |
2019-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222177
|
7.1 |
HIGH
Local
|
trendmicro
|
deep_security
|
Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note …
|
CWE-59
Link Following
|
CVE-2019-15627
|
2024-11-21 13:29 |
2019-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222178
|
7.5 |
HIGH
Network
|
trendmicro
|
deep_security
|
The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impac…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-15626
|
2024-11-21 13:29 |
2019-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222179
|
8.8 |
HIGH
Network
|
eq-3
|
homematic_ccu3_firmware
|
eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execution in the ReGa.runScript method. An authenticated attacker can easily execute code and compromise the system.
|
CWE-862
Missing Authorization
|
CVE-2019-15850
|
2024-11-21 13:29 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222180
|
7.3 |
HIGH
Network
|
eq-3
|
homematic_ccu3_firmware
|
eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs and send them to the victim. After the victim logs in to the session, the attacker can use that sessio…
|
CWE-384
Session Fixation
|
CVE-2019-15849
|
2024-11-21 13:29 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
