|
224661
|
- |
|
-
|
-
|
RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow.
|
-
|
CVE-2019-6268
|
2024-11-21 13:46 |
2024-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224662
|
9.8 |
CRITICAL
Network
|
edge-core
|
ecs2020_firmware
|
Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCU_SHELL URI.
|
CWE-77
Command Injection
|
CVE-2019-6288
|
2024-11-21 13:46 |
2021-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224663
|
7.8 |
HIGH
Local
|
apple
|
mac_os_x
|
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierr…
|
CWE-20
Improper Input Validation
|
CVE-2019-6238
|
2024-11-21 13:46 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224664
|
9.8 |
CRITICAL
Network
|
d-link
|
dir-822_firmware
|
D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP protocol message, which is mishandled in /usr/sbin/udh…
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-6258
|
2024-11-21 13:46 |
2020-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224665
|
7.3 |
HIGH
Local
|
lenovo
|
installation_package
|
A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation.
|
CWE-426
Untrusted Search Path
|
CVE-2019-6196
|
2024-11-21 13:46 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224666
|
6.5 |
MEDIUM
Local
|
lenovo
|
installation_package
|
A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileg…
|
CWE-426
Untrusted Search Path
|
CVE-2019-6173
|
2024-11-21 13:46 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224667
|
9.8 |
CRITICAL
Network
|
drupal
|
drupal
|
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release oth…
|
NVD-CWE-noinfo
|
CVE-2019-6342
|
2024-11-21 13:46 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224668
|
9.8 |
CRITICAL
Network
|
apple
|
mac_os_x
iphone_os
tvos
|
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept net…
|
NVD-CWE-noinfo
|
CVE-2019-6203
|
2024-11-21 13:46 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224669
|
7.5 |
HIGH
Network
|
auto-maskin
|
rp_210e_firmware
dcu_210e_firmware
marine_pro_observer
|
In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords wi…
|
CWE-521
Weak Password Requirements
|
CVE-2019-6558
|
2024-11-21 13:46 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224670
|
9.1 |
CRITICAL
Network
|
auto-maskin
|
rp210e_firmware
dcu_210_firmware
marine_pro_observer
|
In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords wi…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2019-6560
|
2024-11-21 13:46 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
