|
219771
|
7.5 |
HIGH
Network
|
scytl
|
secure_vote
|
An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password canno…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-25021
|
2024-11-21 13:39 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219772
|
7.5 |
HIGH
Network
|
scytl
|
secure_vote
|
An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sd…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-25020
|
2024-11-21 13:39 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219773
|
9.8 |
CRITICAL
Network
|
alleghenycreative
|
openrepeater
|
OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter.
|
CWE-78
OS Command
|
CVE-2019-25024
|
2024-11-21 13:39 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219774
|
9.8 |
CRITICAL
Network
|
limesurvey
|
limesurvey
|
LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.
|
CWE-89
SQL Injection
|
CVE-2019-25019
|
2024-11-21 13:39 |
2021-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219775
|
7.5 |
HIGH
Network
|
mit
|
krb5-appl
|
In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. …
|
NVD-CWE-noinfo
|
CVE-2019-25018
|
2024-11-21 13:39 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219776
|
5.9 |
MEDIUM
Network
|
mit
|
krb5-appl
|
An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, t…
|
CWE-863
Incorrect Authorization
|
CVE-2019-25017
|
2024-11-21 13:39 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219777
|
6.5 |
MEDIUM
Network
|
istio
redhat
|
istio
openshift_service_mesh
|
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is p…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-25014
|
2024-11-21 13:39 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219778
|
8.8 |
HIGH
Network
|
opendoas_project
|
opendoas
|
In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed t…
|
CWE-459
CWE-909
Incomplete Cleanup
Missing Initialization of Resource
|
CVE-2019-25016
|
2024-11-21 13:39 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219779
|
5.4 |
MEDIUM
Network
|
openwrt
|
openwrt
|
LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID.
|
CWE-79
Cross-site Scripting
|
CVE-2019-25015
|
2024-11-21 13:39 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219780
|
5.9 |
MEDIUM
Network
|
gnu
fedoraproject
netapp
broadcom
debian
|
glibc
fedora
ontap_select_deploy_administration_utility
service_processor
fabric_operating_system
a250_firmware
500f_firmware
debian_linux
|
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-25013
|
2024-11-21 13:39 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
