|
219001
|
7.5 |
HIGH
Network
|
parrot
|
anafi_firmware
|
Web server running on Parrot ANAFI can be crashed due to the SDK command "Common_CurrentDateTime" being sent to control service with larger than expected date length.
|
NVD-CWE-Other
|
CVE-2019-3945
|
2024-11-21 13:42 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219002
|
7.5 |
HIGH
Network
|
parrot
|
anafi_firmware
|
Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack, allowing remote and unauthenticated attackers to disconnect drone from controller during mid-flight.
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-3944
|
2024-11-21 13:42 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219003
|
7.5 |
HIGH
Network
|
advantech
|
webaccess
|
Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-3942
|
2024-11-21 13:42 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219004
|
7.5 |
HIGH
Network
|
dell
|
emc_integrated_data_protection_appliance
emc_data_protection_central
|
Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulne…
|
CWE-295
Improper Certificate Validation
|
CVE-2019-3762
|
2024-11-21 13:42 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219005
|
6.4 |
MEDIUM
Network
|
dell
|
wyse_management_suite
|
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exp…
|
CWE-79
Cross-site Scripting
|
CVE-2019-3770
|
2024-11-21 13:42 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219006
|
6.4 |
MEDIUM
Network
|
dell
|
wyse_management_suite
|
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to s…
|
CWE-79
Cross-site Scripting
|
CVE-2019-3769
|
2024-11-21 13:42 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219007
|
7.5 |
HIGH
Network
|
facebook
|
thrift
|
C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-3553
|
2024-11-21 13:42 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219008
|
7.5 |
HIGH
Network
|
360
|
p0_router_firmware
f5c_router_firmware
|
By adding some special fields to the uri ofrouter app function, the user could abuse background app cgi functions withoutauthentication. This affects 360 router P0 and F5C.
|
NVD-CWE-noinfo
|
CVE-2019-3404
|
2024-11-21 13:42 |
2020-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219009
|
7.3 |
HIGH
Local
|
opensuse
|
pcp
|
A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performanc…
|
CWE-22
Path Traversal
|
CVE-2019-3696
|
2024-11-21 13:42 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219010
|
7.8 |
HIGH
Local
|
opensuse
|
pcp
|
A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, …
|
CWE-94
Code Injection
|
CVE-2019-3695
|
2024-11-21 13:42 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
