|
218751
|
6.7 |
MEDIUM
Local
|
polkit_project
debian
redhat
canonical
|
polkit
debian_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_server_tus
enterprise_linux_server_eus
enterprise_linux_server_…
|
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to la…
|
CWE-362
Race Condition
|
CVE-2019-6133
|
2024-11-21 13:46 |
2019-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218752
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
CWE-415
Double Free
|
CVE-2019-5797
|
2024-11-21 13:45 |
2022-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218753
|
5.3 |
MEDIUM
Network
|
rapid7
|
insightvm
|
Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login p…
|
CWE-613
Insufficient Session Expiration
|
CVE-2019-5641
|
2024-11-21 13:45 |
2022-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218754
|
5.3 |
MEDIUM
Network
|
rapid7
|
nexpose
|
Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser featur…
|
CWE-200
Information Exposure
|
CVE-2019-5640
|
2024-11-21 13:45 |
2021-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218755
|
7.5 |
HIGH
Network
|
rapid7
|
metasploit
|
By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can eit…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-5645
|
2024-11-21 13:45 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218756
|
6.5 |
MEDIUM
Adjacent
|
fortinet
|
fortios
|
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-5591
|
2024-11-21 13:45 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218757
|
6.1 |
MEDIUM
Network
|
graphpaperpress
|
sell_media
|
A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parame…
|
CWE-79
Cross-site Scripting
|
CVE-2019-6112
|
2024-11-21 13:45 |
2020-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218758
|
9.8 |
CRITICAL
Network
|
panasonic
|
video_insight_vms
|
Video Insight VMS versions prior to 7.6.1 allow remote attackers to conduct code injection attacks via unspecified vectors.
|
CWE-94
Code Injection
|
CVE-2019-5997
|
2024-11-21 13:45 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218759
|
7.5 |
HIGH
Network
|
netapp
|
fas26x0_firmware
fas27x0_firmware
fas8200_firmware
aff_c190_firmware
aff_a200_firmware
aff_a220_firmware
aff_a300_firmware
|
Certain versions of the NetApp Service Processor and Baseboard Management Controller firmware allow a remote unauthenticated attacker to cause a Denial of Service (DoS).
|
NVD-CWE-noinfo
|
CVE-2019-5500
|
2024-11-21 13:45 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218760
|
9.8 |
CRITICAL
Network
|
accellion
|
file_transfer_appliance
|
Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection').
|
CWE-78
OS Command
|
CVE-2019-5623
|
2024-11-21 13:45 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
