|
220271
|
8.8 |
HIGH
Network
|
xmlseclibs_project
debian
simplesamlphp
|
xmlseclibs
debian_linux
simplesamlphp
|
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated atta…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2019-3465
|
2024-11-21 13:42 |
2019-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220272
|
6.2 |
MEDIUM
Local
|
zte
|
mf910s_firmware
|
The Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Through the analysis of related product team, the information disclosure …
|
CWE-200
Information Exposure
|
CVE-2019-3422
|
2024-11-21 13:42 |
2019-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220273
|
4.3 |
MEDIUM
Network
|
dell
|
idrac8_firmware
idrac9_firmware
idrac7_firmware
|
Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malic…
|
NVD-CWE-Other
|
CVE-2019-3764
|
2024-11-21 13:42 |
2019-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220274
|
7.7 |
HIGH
Network
|
opensuse
|
open_build_service
|
Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary
|
CWE-295
Improper Certificate Validation
|
CVE-2019-3685
|
2024-11-21 13:42 |
2019-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220275
|
8.0 |
HIGH
Adjacent
|
ztw
|
zx297520v3_firmware
|
The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a Command Injection vulnerability. Unauthorized users can exploit this vulnerability to control the …
|
CWE-77
Command Injection
|
CVE-2019-3421
|
2024-11-21 13:42 |
2019-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220276
|
5.7 |
MEDIUM
Adjacent
|
zte
|
zxmp_m721_dx_firmware
|
A security vulnerability exists in a management port in the version of ZTE's ZXMP M721V3.10P01B10_M2NCP. An attacker could exploit this vulnerability to build a link to the device and send specific p…
|
NVD-CWE-noinfo
|
CVE-2019-3419
|
2024-11-21 13:42 |
2019-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220277
|
7.5 |
HIGH
Network
|
mikrotik
|
routeros
|
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the d…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2019-3979
|
2024-11-21 13:42 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220278
|
7.5 |
HIGH
Network
|
mikrotik
|
routeros
|
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attac…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-3978
|
2024-11-21 13:42 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220279
|
7.5 |
HIGH
Network
|
mikrotik
|
routeros
|
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can tric…
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2019-3977
|
2024-11-21 13:42 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220280
|
8.8 |
HIGH
Network
|
mikrotik
|
routeros
|
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a …
|
CWE-22
Path Traversal
|
CVE-2019-3976
|
2024-11-21 13:42 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
