|
222831
|
4.6 |
MEDIUM
Physics
|
harman
|
hermes
|
An authentication bypass in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with physical access to device hardware to obtain system information.
|
NVD-CWE-noinfo
|
CVE-2019-19556
|
2024-11-21 13:34 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222832
|
9.8 |
CRITICAL
Network
|
un4seen
|
bassmidi
|
The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. An attacker may exploit this to execute code on the target machine. A failure …
|
CWE-787
Out-of-bounds Write
|
CVE-2019-19513
|
2024-11-21 13:34 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222833
|
7.8 |
HIGH
Local
|
nahimic
|
apo_software_component
|
An escalation of privilege vulnerability in Nahimic APO Software Component Driver 1.4.2, 1.5.0, 1.5.1, 1.6.1 and 1.6.2 allows an attacker to execute code with SYSTEM privileges.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-19115
|
2024-11-21 13:34 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222834
|
8.8 |
HIGH
Network
|
reddoxx
|
maildepot
|
REDDOXX MailDepot 2032 2.2.1242 allows authenticated users to access the mailboxes of other users.
|
CWE-863
Incorrect Authorization
|
CVE-2019-19200
|
2024-11-21 13:34 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222835
|
7.4 |
HIGH
Network
|
reddoxx
|
maildepot
|
REDDOXX MailDepot 2032 SP2 2.2.1242 has Insufficient Session Expiration because tokens are not invalidated upon a logout.
|
CWE-613
Insufficient Session Expiration
|
CVE-2019-19199
|
2024-11-21 13:34 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222836
|
6.1 |
MEDIUM
Network
|
rittal
|
cmc_pu_iii_7030.000_firmware
|
The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to V3.15.70_4 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19393
|
2024-11-21 13:34 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222837
|
6.5 |
MEDIUM
Network
|
grafana
|
grafana
|
Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.
|
CWE-89
SQL Injection
|
CVE-2019-19499
|
2024-11-21 13:34 |
2020-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222838
|
7.8 |
HIGH
Local
|
wowza
|
streaming_engine
|
Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in the Linux version of …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-19455
|
2024-11-21 13:34 |
2020-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222839
|
5.4 |
MEDIUM
Network
|
wowza
|
streaming_engine
|
Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). An authenticated user, with access to the proxy license editing is able to insert a malicious payload that will be triggered in the main…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19453
|
2024-11-21 13:34 |
2020-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222840
|
5.9 |
MEDIUM
Network
|
silverstripe
|
silverstripe
|
Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Origi…
|
CWE-444
HTTP Request Smuggling
|
CVE-2019-19326
|
2024-11-21 13:34 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
