|
220241
|
9.8 |
CRITICAL
Network
|
zte
|
zxcloud_goldendata_vap
|
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end s…
|
CWE-311
CWE-522
Missing Encryption of Sensitive Data
Insufficiently Protected Credentials
|
CVE-2019-3431
|
2024-11-21 13:42 |
2019-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220242
|
4.9 |
MEDIUM
Network
|
zte
|
zxcloud_goldendata_vap
|
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability. Attackers could use this vulnerability to collect data information and damage the sy…
|
NVD-CWE-noinfo
|
CVE-2019-3430
|
2024-11-21 13:42 |
2019-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220243
|
5.3 |
MEDIUM
Network
|
zte
|
zxcloud_goldendata_vap
|
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of se…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-3429
|
2024-11-21 13:42 |
2019-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220244
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess
|
Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling …
|
CWE-787
Out-of-bounds Write
|
CVE-2019-3951
|
2024-11-21 13:42 |
2019-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220245
|
7.8 |
HIGH
Local
|
mcafee
|
techcheck
|
DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-3667
|
2024-11-21 13:42 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220246
|
7.8 |
HIGH
Local
|
opensuse
|
leap
|
The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local a…
|
-
|
CVE-2019-3690
|
2024-11-21 13:42 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220247
|
5.5 |
MEDIUM
Local
|
dell
|
command_update
|
Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to de…
|
CWE-59
Link Following
|
CVE-2019-3750
|
2024-11-21 13:42 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220248
|
5.5 |
MEDIUM
Local
|
dell
|
command_update
|
Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to de…
|
CWE-59
Link Following
|
CVE-2019-3749
|
2024-11-21 13:42 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220249
|
6.5 |
MEDIUM
Network
|
mcafee
|
webadvisor
|
API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a c…
|
NVD-CWE-Other
|
CVE-2019-3666
|
2024-11-21 13:42 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220250
|
6.5 |
MEDIUM
Network
|
mcafee
|
webadvisor
|
Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would …
|
CWE-94
Code Injection
|
CVE-2019-3665
|
2024-11-21 13:42 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
