|
222121
|
7.5 |
HIGH
Network
|
blaauwproducts
|
remote_kiln_control
|
Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /…
|
CWE-200
Information Exposure
|
CVE-2019-18867
|
2024-11-21 13:33 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222122
|
5.3 |
MEDIUM
Network
|
blaauwproducts
|
remote_kiln_control
|
Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2019-18865
|
2024-11-21 13:33 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222123
|
9.8 |
CRITICAL
Network
|
wisc
fedoraproject
debian
|
htcondor
fedora
debian_linux
|
HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administra…
|
CWE-287
Improper Authentication
|
CVE-2019-18823
|
2024-11-21 13:33 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222124
|
7.5 |
HIGH
Network
|
arista
|
eos
|
An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Arista’s EOS VxLAN code, which can allow attackers to cras…
|
NVD-CWE-noinfo
|
CVE-2019-18948
|
2024-11-21 13:33 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222125
|
8.8 |
HIGH
Network
|
eleveo
|
call_recording
|
A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allows its user account (i.e., the account under which the program runs - by default, the callrec account) to elevate privileges to r…
|
CWE-269
Improper Privilege Management
|
CVE-2019-18822
|
2024-11-21 13:33 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222126
|
5.9 |
MEDIUM
Network
|
symantec
|
management_center
|
A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to M…
|
CWE-352
Origin Validation Error
|
CVE-2019-18376
|
2024-11-21 13:33 |
2020-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222127
|
6.5 |
MEDIUM
Network
|
broadcom
|
advanced_secure_gateway
symantec_proxysg
|
The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a current…
|
NVD-CWE-noinfo
|
CVE-2019-18375
|
2024-11-21 13:33 |
2020-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222128
|
5.9 |
MEDIUM
Network
|
opensuse
|
autoyast2
|
A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprec…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2019-18905
|
2024-11-21 13:33 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222129
|
7.5 |
HIGH
Network
|
opensuse
|
rmt-server
|
A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-18904
|
2024-11-21 13:33 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222130
|
6.1 |
MEDIUM
Network
|
hitachienergy
|
esoms
|
For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19003
|
2024-11-21 13:33 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
