|
223741
|
7.5 |
HIGH
Network
|
apache
|
olingo
|
The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0 reads the Retry-After header and passes it to the Thread.sleep() method without any check. If a malicious server returns a …
|
CWE-20
Improper Input Validation
|
CVE-2019-17555
|
2024-11-21 13:32 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223742
|
9.8 |
CRITICAL
Network
|
apache
|
olingo
|
Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious me…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-17556
|
2024-11-21 13:32 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223743
|
5.5 |
MEDIUM
Local
|
apache
|
olingo
|
The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which tri…
|
CWE-611
XXE
|
CVE-2019-17554
|
2024-11-21 13:32 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223744
|
7.8 |
HIGH
Local
|
gnu
netapp
oracle
|
bash
solidfire
hci_management_node
oncommand_unified_manager
communications_cloud_native_core_policy
|
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setti…
|
CWE-273
Improper Check for Dropped Privileges
|
CVE-2019-18276
|
2024-11-21 13:32 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223745
|
10.0 |
CRITICAL
Network
|
hitachienergy
|
relion_670_firmware
|
An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside th…
|
CWE-22
Path Traversal
|
CVE-2019-18253
|
2024-11-21 13:32 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223746
|
7.5 |
HIGH
Network
|
hitachienergy
|
relion_650_firmware
relion_670_firmware
|
An attacker may use a specially crafted message to force Relion 650 series (versions 1.3.0.5 and prior) or Relion 670 series (versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior) to reboot, which could ca…
|
CWE-20
Improper Input Validation
|
CVE-2019-18247
|
2024-11-21 13:32 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223747
|
9.8 |
CRITICAL
Network
|
crestron
|
dmc-stro_firmware
|
Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function.
|
CWE-78
OS Command
|
CVE-2019-18184
|
2024-11-21 13:32 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223748
|
8.8 |
HIGH
Network
|
csrf_magic_project
|
csrf_magic
|
The csrf_callback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. A remote attacker can exploit th…
|
CWE-352
Origin Validation Error
|
CVE-2019-17590
|
2024-11-21 13:32 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223749
|
9.8 |
CRITICAL
Network
|
progress
|
sitefinity
|
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2019-17392
|
2024-11-21 13:32 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223750
|
8.8 |
HIGH
Network
|
-
|
-
|
In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requ…
|
NVD-CWE-noinfo
|
CVE-2019-18251
|
2024-11-21 13:32 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
