|
224531
|
7.8 |
HIGH
Local
|
fasttracksoftware
|
admin_by_request
|
FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using …
|
NVD-CWE-noinfo
|
CVE-2019-17201
|
2024-11-21 13:31 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224532
|
7.5 |
HIGH
Network
|
agendaless
oracle
debian
|
waitress
communications_cloud_native_core_network_function_cloud_native_environment
debian_linux
|
Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now c…
|
CWE-444
HTTP Request Smuggling
|
CVE-2019-16792
|
2024-11-21 13:31 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224533
|
5.9 |
MEDIUM
Network
|
postfix-mta-sts-resolver_project
|
postfix-mta-sts-resolver
|
In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.
|
NVD-CWE-Other
|
CVE-2019-16791
|
2024-11-21 13:31 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224534
|
6.1 |
MEDIUM
Network
|
solarwinds
|
orion_platform
|
A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and esca…
|
CWE-79
Cross-site Scripting
|
CVE-2019-17127
|
2024-11-21 13:31 |
2020-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224535
|
6.1 |
MEDIUM
Network
|
solarwinds
|
orion_platform
|
A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the An…
|
CWE-79
Cross-site Scripting
|
CVE-2019-17125
|
2024-11-21 13:31 |
2020-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224536
|
7.8 |
HIGH
Local
|
pyinstaller
|
pyinstaller
|
In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a p…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-16784
|
2024-11-21 13:31 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224537
|
8.8 |
HIGH
Network
|
mozilla
canonical
|
firefox
ubuntu_linux
|
Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-17025
|
2024-11-21 13:31 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224538
|
6.5 |
MEDIUM
Network
|
mozilla
canonical
debian
|
firefox
ubuntu_linux
debian_linux
|
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state,…
|
CWE-287
Improper Authentication
|
CVE-2019-17023
|
2024-11-21 13:31 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224539
|
5.3 |
MEDIUM
Network
|
mozilla
opensuse
|
firefox
firefox_esr
leap
|
During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windo…
|
CWE-362
Race Condition
|
CVE-2019-17021
|
2024-11-21 13:31 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224540
|
6.5 |
MEDIUM
Network
|
mozilla
canonical
|
firefox
ubuntu_linux
|
If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL …
|
CWE-611
XXE
|
CVE-2019-17020
|
2024-11-21 13:31 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
