|
218981
|
7.8 |
HIGH
Local
|
filezilla-project
debian
fedoraproject
|
filezilla_client
debian_linux
fedora
|
Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.
|
CWE-426
Untrusted Search Path
|
CVE-2019-5429
|
2024-11-21 13:44 |
2019-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218982
|
7.5 |
HIGH
Network
|
mchange
fedoraproject
oracle
|
c3p0
fedora
retail_xstore_point_of_service
flexcube_private_banking
webcenter_sites
communications_ip_service_activator
hyperion_infrastructure_technology
enterprise_manager_ops_…
|
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
|
CWE-776
XML Entity Expansion
|
CVE-2019-5427
|
2024-11-21 13:44 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218983
|
7.5 |
HIGH
Network
|
qemu
|
qemu
|
hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-5008
|
2024-11-21 13:44 |
2019-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218984
|
7.6 |
HIGH
Physics
|
capsuletech
|
smartlinx_neuron_2_firmware
|
A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A …
|
NVD-CWE-noinfo
|
CVE-2019-5024
|
2024-11-21 13:44 |
2019-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218985
|
4.8 |
MEDIUM
Network
|
ui
|
edgeswitch_x
|
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without c…
|
CWE-287
Improper Authentication
|
CVE-2019-5426
|
2024-11-21 13:44 |
2019-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218986
|
8.8 |
HIGH
Network
|
ui
|
edgeswitch_x
|
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privile…
|
CWE-78
OS Command
|
CVE-2019-5425
|
2024-11-21 13:44 |
2019-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218987
|
8.8 |
HIGH
Network
|
ui
|
edgeswitch_x
|
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user.
|
CWE-78
OS Command
|
CVE-2019-5424
|
2024-11-21 13:44 |
2019-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218988
|
7.5 |
HIGH
Network
|
http-live-simulator_project
|
http-live-simulator
|
Path traversal vulnerability in http-live-simulator npm package version 1.0.5 allows arbitrary path to be accessed on the file system by a remote attacker.
|
CWE-22
Path Traversal
|
CVE-2019-5423
|
2024-11-21 13:44 |
2019-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218989
|
6.1 |
MEDIUM
Network
|
buttle_project
|
buttle
|
XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server.
|
CWE-79
Cross-site Scripting
|
CVE-2019-5422
|
2024-11-21 13:44 |
2019-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218990
|
9.8 |
CRITICAL
Network
|
plataformatec
|
devise
|
Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempt…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2019-5421
|
2024-11-21 13:44 |
2019-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
