|
223081
|
4.6 |
MEDIUM
Physics
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.
|
CWE-416
Use After Free
|
CVE-2019-19524
|
2024-11-21 13:34 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223082
|
4.6 |
MEDIUM
Physics
|
linux
debian
opensuse
|
linux_kernel
debian_linux
leap
|
In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.
|
CWE-416
Use After Free
|
CVE-2019-19523
|
2024-11-21 13:34 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223083
|
6.5 |
MEDIUM
Network
|
intelbras
|
wrn_150_firmware
|
Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password.
|
CWE-352
Origin Validation Error
|
CVE-2019-19516
|
2024-11-21 13:34 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223084
|
7.5 |
HIGH
Network
|
hashicorp
|
terraform
|
When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-19316
|
2024-11-21 13:34 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223085
|
5.3 |
MEDIUM
Network
|
json_pattern_validator_project
|
json_pattern_validator
|
In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'na…
|
CWE-287
Improper Authentication
|
CVE-2019-19507
|
2024-11-21 13:34 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223086
|
9.8 |
CRITICAL
Network
|
titanhq
|
webtitan
|
An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can l…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-19021
|
2024-11-21 13:34 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223087
|
7.2 |
HIGH
Network
|
titanhq
|
webtitan
|
An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary code by overw…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-19020
|
2024-11-21 13:34 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223088
|
7.5 |
HIGH
Network
|
titanhq
|
webtitan
|
An issue was discovered in TitanHQ WebTitan before 5.18. It contains a Remote Code Execution issue through which an attacker can execute arbitrary code as root. The issue stems from the hotfix downlo…
|
CWE-346
Origin Validation Error
|
CVE-2019-19019
|
2024-11-21 13:34 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223089
|
2.7 |
LOW
Network
|
titanhq
|
webtitan
|
An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web appl…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2019-19018
|
2024-11-21 13:34 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223090
|
8.1 |
HIGH
Network
|
titanhq
|
webtitan
|
An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system.
|
CWE-362
CWE-798
Race Condition
Use of Hard-coded Credentials
|
CVE-2019-19017
|
2024-11-21 13:34 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
