|
223821
|
7.8 |
HIGH
Local
|
gemalto
|
sentinel_ldk_license_manager
|
SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. This vulnerability may allow an attacker wi…
|
CWE-59
Link Following
|
CVE-2019-18232
|
2024-11-21 13:32 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223822
|
9.8 |
CRITICAL
Network
|
yachtcontrol
|
yachtcontrol
|
Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMM…
|
CWE-78
OS Command
|
CVE-2019-17270
|
2024-11-21 13:32 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223823
|
9.8 |
CRITICAL
Network
|
trendmicro
|
antivirus\+_security_2020
internet_security_2020
maximum_security_2020
premium_security_2020
|
Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsig…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-18190
|
2024-11-21 13:32 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223824
|
7.8 |
HIGH
Local
|
aviatrix
|
vpn_client
|
Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges thr…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-17388
|
2024-11-21 13:32 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223825
|
7.8 |
HIGH
Local
|
aviatrix
|
vpn_client
|
An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client through 2.2.10 allows an attacker to gain elevated privileges through arbitrary code execution on Windows, Linux, and macOS.
|
NVD-CWE-noinfo
|
CVE-2019-17387
|
2024-11-21 13:32 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223826
|
7.5 |
HIGH
Network
|
otrs
|
otrs
|
Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote at…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-18180
|
2024-11-21 13:32 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223827
|
7.8 |
HIGH
Local
|
paloaltonetworks
|
pan-os
|
An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects P…
|
CWE-287
Improper Authentication
|
CVE-2019-17437
|
2024-11-21 13:32 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223828
|
7.5 |
HIGH
Network
|
apache
|
olingo
|
The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0 reads the Retry-After header and passes it to the Thread.sleep() method without any check. If a malicious server returns a …
|
CWE-20
Improper Input Validation
|
CVE-2019-17555
|
2024-11-21 13:32 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223829
|
9.8 |
CRITICAL
Network
|
apache
|
olingo
|
Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious me…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-17556
|
2024-11-21 13:32 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223830
|
5.5 |
MEDIUM
Local
|
apache
|
olingo
|
The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which tri…
|
CWE-611
XXE
|
CVE-2019-17554
|
2024-11-21 13:32 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
