|
222941
|
9.8 |
CRITICAL
Network
|
mitsubishielectric
inea
|
smartrtu_firmware
me-rtu_firmware
|
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtai…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-14929
|
2024-11-21 13:27 |
2019-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222942
|
5.4 |
MEDIUM
Network
|
mitsubishielectric
inea
|
smartrtu_firmware
me-rtu_firmware
|
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacke…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14928
|
2024-11-21 13:27 |
2019-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222943
|
7.5 |
HIGH
Network
|
mitsubishielectric
inea
|
smartrtu_firmware
me-rtu_firmware
|
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an at…
|
CWE-306
CWE-425
Missing Authentication for Critical Function
Direct Request ('Forced Browsing')
|
CVE-2019-14927
|
2024-11-21 13:27 |
2019-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222944
|
6.5 |
MEDIUM
Network
|
mitsubishielectric
inea
|
smartrtu_firmware
me-rtu_firmware
|
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the …
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-14925
|
2024-11-21 13:27 |
2019-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222945
|
9.8 |
CRITICAL
Network
|
mitsubishielectric
inea
|
smartrtu_firmware
me-rtu_firmware
|
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclo…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-14926
|
2024-11-21 13:27 |
2019-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222946
|
9.8 |
CRITICAL
Network
|
hinet
|
gpon_firmware
|
An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: …
|
NVD-CWE-noinfo
|
CVE-2019-15066
|
2024-11-21 13:27 |
2019-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222947
|
7.5 |
HIGH
Network
|
hinet
|
gpon_firmware
|
A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0…
|
NVD-CWE-noinfo
|
CVE-2019-15065
|
2024-11-21 13:27 |
2019-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222948
|
9.8 |
CRITICAL
Network
|
hinet
|
gpon_firmware
|
HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-15064
|
2024-11-21 13:27 |
2019-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222949
|
7.5 |
HIGH
Network
|
redhat
|
keycloak
|
A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could …
|
CWE-863
Incorrect Authorization
|
CVE-2019-14832
|
2024-11-21 13:27 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222950
|
7.8 |
HIGH
Local
|
ubisoft
|
uplay
|
Ubisoft Uplay 92.0.0.6280 has Insecure Permissions.
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-14737
|
2024-11-21 13:27 |
2019-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
