|
223301
|
5.3 |
MEDIUM
Network
|
silverstripe
|
silverstripe
|
In SilverStripe assets 4.0, there is broken access control on files.
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2019-14273
|
2024-11-21 13:26 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223302
|
5.4 |
MEDIUM
Network
|
silverstripe
|
silverstripe
|
In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-14272
|
2024-11-21 13:26 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223303
|
6.5 |
MEDIUM
Local
|
bluestacks
|
bluestacks
|
An issue was discovered in BlueStacks 4.110 and below on macOS and on 4.120 and below on Windows. BlueStacks employs Android running in a virtual machine (VM) to enable Android apps to run on Windows…
|
CWE-269
Improper Privilege Management
|
CVE-2019-14220
|
2024-11-21 13:26 |
2019-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223304
|
6.6 |
MEDIUM
Physics
|
nxp
|
kinetis_kv1x_firmware
kinetis_kv3x_firmware
kinetis_k8x_firmware
|
On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by leveraging a load instruction insi…
|
CWE-287
Improper Authentication
|
CVE-2019-14239
|
2024-11-21 13:26 |
2019-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223305
|
6.6 |
MEDIUM
Physics
|
st
|
stm32l0_firmware
stm32l1_firmware
stm32f4_firmware
stm32l4_firmware
stm32f7_firmware
stm32h7_firmware
|
On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (IT…
|
CWE-287
Improper Authentication
|
CVE-2019-14238
|
2024-11-21 13:26 |
2019-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223306
|
7.5 |
HIGH
Network
|
vivotek
|
camera
|
VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header.
|
NVD-CWE-noinfo
|
CVE-2019-14458
|
2024-11-21 13:26 |
2019-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223307
|
9.8 |
CRITICAL
Network
|
publisure
|
publisure
|
An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attack…
|
CWE-89
SQL Injection
|
CVE-2019-14254
|
2024-11-21 13:26 |
2019-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223308
|
6.5 |
MEDIUM
Network
|
publisure
|
publisure
|
An issue was discovered in servletcontroller in the secure portal in Publisure 2.1.2. One can bypass authentication and perform a query on PHP forms within the /AdminDir folder that should be restric…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-14253
|
2024-11-21 13:26 |
2019-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223309
|
7.2 |
HIGH
Network
|
publisure
|
publisure
|
An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The cod…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-14252
|
2024-11-21 13:26 |
2019-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223310
|
9.8 |
CRITICAL
Network
|
fasterxml
netapp
fedoraproject
debian
redhat
oracle
|
jackson-databind
steelstore_cloud_integrated_storage
oncommand_workflow_automation
oncommand_api_services
fedora
debian_linux
jboss_enterprise_application_platform
retail_xstore_…
|
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-14540
|
2024-11-21 13:26 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
