|
223011
|
5.3 |
MEDIUM
Network
|
redhat
|
ansible_tower
|
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. This request would cause a socket erro…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2019-19342
|
2024-11-21 13:34 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223012
|
5.5 |
MEDIUM
Local
|
redhat
|
ansible_tower
|
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user w…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-19341
|
2024-11-21 13:34 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223013
|
8.2 |
HIGH
Network
|
redhat
|
ansible_tower
enterprise_linux
|
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ manage…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2019-19340
|
2024-11-21 13:34 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223014
|
7.5 |
HIGH
Network
|
sudo
|
sudo
|
In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to…
|
NVD-CWE-noinfo
|
CVE-2019-19234
|
2024-11-21 13:34 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223015
|
7.5 |
HIGH
Network
|
sudo
|
sudo
|
In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The so…
|
NVD-CWE-noinfo
|
CVE-2019-19232
|
2024-11-21 13:34 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223016
|
7.0 |
HIGH
Local
|
asus
|
atk_package
|
AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular pa…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-19235
|
2024-11-21 13:34 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223017
|
5.4 |
MEDIUM
Network
|
altn
|
mdaemon_email_server
|
MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19497
|
2024-11-21 13:34 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223018
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and n…
|
NVD-CWE-noinfo
|
CVE-2019-19241
|
2024-11-21 13:34 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223019
|
7.1 |
HIGH
Local
|
nalpeiron
|
licensing_service
|
NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitro PDF and other products, allows Elevation of Privilege via the \\.\mailslot\nlsX86ccMailslot mailslot.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-19315
|
2024-11-21 13:34 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223020
|
7.5 |
HIGH
Network
|
simplifile
|
recordfusion
|
In Simplifile RecordFusion through 2019-11-25, the logs and hist parameters allow remote attackers to access local files via a logger/logs?/../ or logger/hist?/../ URI.
|
CWE-22
Path Traversal
|
CVE-2019-19264
|
2024-11-21 13:34 |
2019-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
