|
224141
|
7.1 |
HIGH
Local
|
dell
|
command\|configure
|
Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a ta…
|
CWE-59
CWE-427
Link Following
Uncontrolled Search Path Element
|
CVE-2019-18575
|
2024-11-21 13:33 |
2019-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224142
|
7.5 |
HIGH
Network
|
shapeshift
|
keepkey_firmware
|
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. No…
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2019-18672
|
2024-11-21 13:33 |
2019-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224143
|
9.8 |
CRITICAL
Network
|
keepkey
|
keepkey_firmware
|
Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability c…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-18671
|
2024-11-21 13:33 |
2019-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224144
|
6.3 |
MEDIUM
Network
|
norton
|
password_manager
|
Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be re…
|
CWE-346
Origin Validation Error
|
CVE-2019-18381
|
2024-11-21 13:33 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224145
|
7.2 |
HIGH
Network
|
intelbras
|
iwr_3000n_firmware
|
Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled, a related issue to CVE-2019-17600.
|
CWE-200
Information Exposure
|
CVE-2019-19007
|
2024-11-21 13:33 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224146
|
5.4 |
MEDIUM
Network
|
davical
|
davical
|
A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in…
|
CWE-79
Cross-site Scripting
|
CVE-2019-18347
|
2024-11-21 13:33 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224147
|
8.8 |
HIGH
Network
|
davical
|
davical
|
A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the applicati…
|
CWE-352
Origin Validation Error
|
CVE-2019-18346
|
2024-11-21 13:33 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224148
|
7.5 |
HIGH
Network
|
trustedsec
|
trevorc2
|
TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and in…
|
CWE-330
CWE-203
Use of Insufficiently Random Values
Information Exposure Through Discrepancy
|
CVE-2019-18850
|
2024-11-21 13:33 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224149
|
4.8 |
MEDIUM
Network
|
rsa
emc
|
authentication_manager
rsa_authentication_manager
|
RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this…
|
CWE-79
Cross-site Scripting
|
CVE-2019-18574
|
2024-11-21 13:33 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224150
|
5.4 |
MEDIUM
Network
|
openwrt
|
openwrt
|
OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device).
|
CWE-79
Cross-site Scripting
|
CVE-2019-18993
|
2024-11-21 13:33 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
