|
223161
|
5.5 |
MEDIUM
Local
|
ge
|
ifix
|
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-18243
|
2024-11-21 13:32 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223162
|
5.5 |
MEDIUM
Local
|
ge
|
ifix
|
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-18255
|
2024-11-21 13:32 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223163
|
9.8 |
CRITICAL
Network
|
libzip
|
libzip
|
A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer s…
|
CWE-416
Use After Free
|
CVE-2019-17582
|
2024-11-21 13:32 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223164
|
7.5 |
HIGH
Network
|
apache
oracle
|
batik
api_gateway
hyperion_financial_reporting
enterprise_repository
business_intelligence
retail_order_broker
hospitality_opera_5
communications_application_session_controller
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vu…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-17566
|
2024-11-21 13:32 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
223165
|
9.8 |
CRITICAL
Network
|
eclipse
|
vert.x
|
In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correct…
|
CWE-22
Path Traversal
|
CVE-2019-17640
|
2024-11-21 13:32 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223166
|
9.8 |
CRITICAL
Network
|
jfrog
|
artifactory
|
Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely …
|
CWE-521
Weak Password Requirements
|
CVE-2019-17444
|
2024-11-21 13:32 |
2020-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223167
|
8.1 |
HIGH
Network
|
tibco
|
silver_fabric
|
The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically so…
|
NVD-CWE-noinfo
|
CVE-2019-17339
|
2024-11-21 13:32 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223168
|
5.3 |
MEDIUM
Network
|
eclipse
|
openj9
|
In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially craft…
|
CWE-843
Type Confusion
|
CVE-2019-17639
|
2024-11-21 13:32 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223169
|
7.1 |
HIGH
Local
|
eclipse
debian
|
web_tools_platform
debian_linux
|
In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote serve…
|
CWE-611
XXE
|
CVE-2019-17637
|
2024-11-21 13:32 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223170
|
9.4 |
CRITICAL
Network
|
eclipse
|
jetty
|
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer conta…
|
CWE-672
Operation on a Resource after Expiration or Release
|
CVE-2019-17638
|
2024-11-21 13:32 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
