|
223371
|
7.5 |
HIGH
Network
|
sylabs
|
singularity
|
Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of o…
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-19724
|
2024-11-21 13:35 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223372
|
9.8 |
CRITICAL
Network
|
trendmicro
|
mobile_security
|
Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature.
|
CWE-521
Weak Password Requirements
|
CVE-2019-19690
|
2024-11-21 13:35 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223373
|
7.8 |
HIGH
Local
|
trendmicro
|
housecall_for_home_networks
|
Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-19689
|
2024-11-21 13:35 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223374
|
7.8 |
HIGH
Local
|
trendmicro
|
housecall_for_home_networks
|
A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application …
|
NVD-CWE-noinfo
|
CVE-2019-19688
|
2024-11-21 13:35 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223375
|
7.5 |
HIGH
Network
|
humaxdigital
|
hgb10r-02_firmware
|
An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. Admin credentials are sent over cleartext HTTP.
|
CWE-319
CWE-522
Cleartext Transmission of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2019-19890
|
2024-11-21 13:35 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223376
|
7.5 |
HIGH
Network
|
humaxdigital
|
hgb10r-02_firmware
|
An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. The attacker can discover admin credentials in the backup file, aka backupsettings.conf.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-19889
|
2024-11-21 13:35 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223377
|
6.5 |
MEDIUM
Network
|
rockcarry
|
ffjpeg
|
jfif_decode in jfif.c in ffjpeg through 2019-08-21 has a divide-by-zero error.
|
CWE-369
Divide By Zero
|
CVE-2019-19888
|
2024-11-21 13:35 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223378
|
6.5 |
MEDIUM
Network
|
rockcarry
|
ffjpeg
|
bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a NULL pointer dereference related to jfif_encode.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19887
|
2024-11-21 13:35 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223379
|
9.8 |
CRITICAL
Network
|
djangoproject
canonical
|
django
ubuntu_linux
|
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2019-19844
|
2024-11-21 13:35 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223380
|
6.5 |
MEDIUM
Network
|
tautulli
|
tautulli
|
In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications that do not have a user login area).
|
CWE-352
Origin Validation Error
|
CVE-2019-19833
|
2024-11-21 13:35 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
