|
224811
|
5.5 |
MEDIUM
Local
|
bitdefender
|
antivirus
|
An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdef…
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-17103
|
2024-11-21 13:31 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224812
|
8.1 |
HIGH
Network
|
bitdefender
|
box_2_firmware
|
An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks a…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2019-17102
|
2024-11-21 13:31 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224813
|
6.5 |
MEDIUM
Local
|
bitdefender
|
total_security_2020
|
An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Sec…
|
CWE-426
Untrusted Search Path
|
CVE-2019-17100
|
2024-11-21 13:31 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224814
|
7.8 |
HIGH
Local
|
fasttracksoftware
|
admin_by_request
|
FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access…
|
CWE-269
Improper Privilege Management
|
CVE-2019-17202
|
2024-11-21 13:31 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224815
|
7.8 |
HIGH
Local
|
fasttracksoftware
|
admin_by_request
|
FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using …
|
NVD-CWE-noinfo
|
CVE-2019-17201
|
2024-11-21 13:31 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224816
|
7.5 |
HIGH
Network
|
agendaless
oracle
debian
|
waitress
communications_cloud_native_core_network_function_cloud_native_environment
debian_linux
|
Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now c…
|
CWE-444
HTTP Request Smuggling
|
CVE-2019-16792
|
2024-11-21 13:31 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224817
|
5.9 |
MEDIUM
Network
|
postfix-mta-sts-resolver_project
|
postfix-mta-sts-resolver
|
In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.
|
NVD-CWE-Other
|
CVE-2019-16791
|
2024-11-21 13:31 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224818
|
6.1 |
MEDIUM
Network
|
solarwinds
|
orion_platform
|
A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and esca…
|
CWE-79
Cross-site Scripting
|
CVE-2019-17127
|
2024-11-21 13:31 |
2020-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224819
|
6.1 |
MEDIUM
Network
|
solarwinds
|
orion_platform
|
A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the An…
|
CWE-79
Cross-site Scripting
|
CVE-2019-17125
|
2024-11-21 13:31 |
2020-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224820
|
7.8 |
HIGH
Local
|
pyinstaller
|
pyinstaller
|
In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a p…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-16784
|
2024-11-21 13:31 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
