|
223161
|
3.3 |
LOW
Local
|
liblnk_project
|
liblnk
|
In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain off…
|
CWE-125
CWE-682
Out-of-bounds Read
Incorrect Calculation
|
CVE-2019-17264
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223162
|
3.3 |
LOW
Local
|
libfwsi_project
|
libfwsi
|
In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-17263
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223163
|
9.8 |
CRITICAL
Network
|
bludit
|
bludit
|
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2019-17240
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223164
|
4.8 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17226
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223165
|
5.4 |
MEDIUM
Network
|
intelliants
|
subrion
|
Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17225
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223166
|
8.8 |
HIGH
Adjacent
|
vzug
|
combi-stream_mslq_firmware
|
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able to use the …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-17219
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223167
|
9.1 |
CRITICAL
Network
|
vzug
|
combi-stream_mslq_firmware
|
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to int…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-17218
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223168
|
8.8 |
HIGH
Network
|
vzug
|
combi-stream_mslq_firmware
|
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no CSRF protection established on the web service.
|
CWE-352
Origin Validation Error
|
CVE-2019-17217
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223169
|
9.8 |
CRITICAL
Network
|
vzug
|
combi-stream_mslq_firmware
|
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort.
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2019-17216
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223170
|
9.8 |
CRITICAL
Network
|
vzug
|
combi-stream_mslq_firmware
|
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection (e.g., lockout) established. An attacker might be able to brutefor…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2019-17215
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
