|
218971
|
5.3 |
MEDIUM
Network
|
harpjs
|
harp
|
Path traversal using symlink in npm harp module versions <= 0.29.0.
|
CWE-59
Link Following
|
CVE-2019-5438
|
2024-11-21 13:44 |
2019-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218972
|
5.3 |
MEDIUM
Network
|
harpjs
|
harp
|
Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and…
|
CWE-200
Information Exposure
|
CVE-2019-5437
|
2024-11-21 13:44 |
2019-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218973
|
8.1 |
HIGH
Network
|
sqlite
canonical
|
sqlite
ubuntu_linux
|
An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially result…
|
CWE-416
Use After Free
|
CVE-2019-5018
|
2024-11-21 13:44 |
2019-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218974
|
9.8 |
CRITICAL
Network
|
gliderlabs
opensuse
f5
|
docker-alpine
leap
big-ip_controller
|
Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 201…
|
NVD-CWE-Other
|
CVE-2019-5021
|
2024-11-21 13:44 |
2019-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218975
|
6.5 |
MEDIUM
Adjacent
|
wincofireworks
|
fw-1007_firmware
|
An exploitable improper access control vulnerability exists in the bluetooth low energy functionality of Winco Fireworks FireFly FW-1007 V2.0. An attacker can connect to the device to trigger this vu…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-5014
|
2024-11-21 13:44 |
2019-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218976
|
5.4 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) …
|
CWE-601
Open Redirect
|
CVE-2019-5433
|
2024-11-21 13:44 |
2019-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218977
|
7.5 |
HIGH
Network
|
mqtt-packet_project
|
mqtt-packet
|
A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-5432
|
2024-11-21 13:44 |
2019-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218978
|
8.8 |
HIGH
Network
|
ui
|
unifi_video
|
In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker t…
|
CWE-352
Origin Validation Error
|
CVE-2019-5430
|
2024-11-21 13:44 |
2019-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218979
|
9.8 |
CRITICAL
Network
|
revive-sas
|
revive_adserver
|
An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability c…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-5434
|
2024-11-21 13:44 |
2019-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218980
|
5.4 |
MEDIUM
Network
|
twitter
|
twitter_kit
|
This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions 3.0 to 3.4.0 is vulnerable to a callback verification flaw in the "Login with Twitter" component allo…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2019-5431
|
2024-11-21 13:44 |
2019-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
