|
219021
|
8.8 |
HIGH
Network
|
redhat
|
quay
|
A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed…
|
CWE-352
Origin Validation Error
|
CVE-2019-3864
|
2024-11-21 13:42 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219022
|
6.1 |
MEDIUM
Network
|
suse
|
openqa
|
openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security
|
CWE-79
Cross-site Scripting
|
CVE-2019-3686
|
2024-11-21 13:42 |
2020-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219023
|
8.8 |
HIGH
Network
|
suse
hp
|
openstack_cloud
keystone-json-assignment
helion_openstack
|
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "m…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-3683
|
2024-11-21 13:42 |
2020-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219024
|
7.8 |
HIGH
Local
|
suse
|
caas_platform
|
The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2019-3682
|
2024-11-21 13:42 |
2020-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219025
|
3.7 |
LOW
Network
|
mikrotik
|
winbox
routeros
|
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed passwo…
|
NVD-CWE-Other
|
CVE-2019-3981
|
2024-11-21 13:42 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219026
|
6.5 |
MEDIUM
Network
|
emc
|
rsa_authentication_manager
|
RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause informat…
|
CWE-611
XXE
|
CVE-2019-3768
|
2024-11-21 13:42 |
2020-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219027
|
7.8 |
HIGH
Local
|
debian
skolelinux
canonical
|
debian-lan-config
debian-edu-config
debian_linux
ubuntu_linux
|
Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed p…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-3467
|
2024-11-21 13:42 |
2019-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219028
|
9.8 |
CRITICAL
Network
|
zte
|
zxcloud_goldendata_vap
|
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end s…
|
CWE-311
CWE-522
Missing Encryption of Sensitive Data
Insufficiently Protected Credentials
|
CVE-2019-3431
|
2024-11-21 13:42 |
2019-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219029
|
4.9 |
MEDIUM
Network
|
zte
|
zxcloud_goldendata_vap
|
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability. Attackers could use this vulnerability to collect data information and damage the sy…
|
NVD-CWE-noinfo
|
CVE-2019-3430
|
2024-11-21 13:42 |
2019-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219030
|
5.3 |
MEDIUM
Network
|
zte
|
zxcloud_goldendata_vap
|
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of se…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-3429
|
2024-11-21 13:42 |
2019-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
