|
223351
|
2.4 |
LOW
Physics
|
ledger
|
nano_s_firmware
nano_x_firmware
|
On Ledger Nano S and Nano X devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowi…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-14354
|
2024-11-21 13:26 |
2019-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223352
|
6.5 |
MEDIUM
Network
|
openstack
canonical
redhat
debian
|
nova
ubuntu_linux
openstack
debian_linux
|
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external excepti…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2019-14433
|
2024-11-21 13:26 |
2019-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223353
|
6.5 |
MEDIUM
Network
|
aptana
|
jaxer
|
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via …
|
CWE-22
Path Traversal
|
CVE-2019-14312
|
2024-11-21 13:26 |
2019-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223354
|
9.8 |
CRITICAL
Network
|
djangoproject
fedoraproject
debian
|
django
fedora
debian_linux
|
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.…
|
CWE-89
SQL Injection
|
CVE-2019-14234
|
2024-11-21 13:26 |
2019-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223355
|
4.2 |
MEDIUM
Physics
|
trezor
|
one_firmware
|
On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowin…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-14353
|
2024-11-21 13:26 |
2019-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223356
|
5.5 |
MEDIUM
Local
|
dlink
|
6600-ap_firmware
dwl-3600ap_firmware
|
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated denial of service leading to the reboot of the AP via the admin.cgi?action=%s URI.
|
NVD-CWE-noinfo
|
CVE-2019-14335
|
2024-11-21 13:26 |
2019-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223357
|
9.8 |
CRITICAL
Network
|
go-camo_project
|
go-camo
|
A Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote attacker to perform HTTP requests to internal endpoints.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-14255
|
2024-11-21 13:26 |
2019-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223358
|
5.4 |
MEDIUM
Network
|
1crm
|
1crm_on-premise
|
1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation.
|
CWE-79
Cross-site Scripting
|
CVE-2019-14221
|
2024-11-21 13:26 |
2019-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223359
|
7.5 |
HIGH
Network
|
eq-3
|
ccu3_firmware
|
eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in function 'Call()' of ReGa core logic process, resulting in the ability to start a Denial of Service. Due to Improper Authorizati…
|
CWE-20
Improper Input Validation
|
CVE-2019-14474
|
2024-11-21 13:26 |
2019-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223360
|
9.8 |
CRITICAL
Network
|
yourls
|
yourls
|
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.
|
CWE-843
Type Confusion
|
CVE-2019-14537
|
2024-11-21 13:26 |
2019-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
