|
224881
|
7.5 |
HIGH
Network
|
comba
|
ap2600-i_-_a02_-_0202n00pd2_firmware
|
Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining th…
|
CWE-327
CWE-311
CWE-522
Use of a Broken or Risky Cryptographic Algorithm
Missing Encryption of Sensitive Data
Insufficiently Protected Credentials
|
CVE-2019-15653
|
2024-11-21 13:29 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224882
|
8.1 |
HIGH
Network
|
cisco
|
sd-wan_firmware
|
A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists …
|
CWE-89
SQL Injection
|
CVE-2019-16012
|
2024-11-21 13:29 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224883
|
4.8 |
MEDIUM
Network
|
cisco
|
sd-wan_firmware
|
A vulnerability in the web UI of the Cisco SD-WAN vManage software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based managem…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16010
|
2024-11-21 13:29 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224884
|
6.7 |
MEDIUM
Local
|
fortinet
|
fortiap-w2
fortiap-s
fortiap-u
fortiap
|
A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administra…
|
CWE-78
OS Command
|
CVE-2019-15708
|
2024-11-21 13:29 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224885
|
5.9 |
MEDIUM
Network
|
yarnpkg
|
yarn
|
The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. Th…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2019-15608
|
2024-11-21 13:29 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224886
|
9.8 |
CRITICAL
Network
|
kill-port-process_project
|
kill-port-process
|
The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability.
|
CWE-78
OS Command
|
CVE-2019-15609
|
2024-11-21 13:29 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224887
|
3.3 |
LOW
Local
|
freebsd
|
freebsd
|
In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r354735, and 11.3-RELEASE before 11.3-RELEASE-p6, due to incorrect…
|
CWE-665
Improper Initialization
|
CVE-2019-15875
|
2024-11-21 13:29 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224888
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint.
|
NVD-CWE-noinfo
|
CVE-2019-15594
|
2024-11-21 13:29 |
2020-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224889
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline.
|
NVD-CWE-noinfo
|
CVE-2019-15592
|
2024-11-21 13:29 |
2020-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224890
|
9.8 |
CRITICAL
Network
|
nodejs
oracle
debian
redhat
opensuse
|
node.js
graalvm
communications_cloud_native_core_network_function_cloud_native_environment
debian_linux
enterprise_linux
enterprise_linux_eus
leap
|
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
|
NVD-CWE-Other
|
CVE-2019-15606
|
2024-11-21 13:29 |
2020-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
