|
223171
|
- |
|
-
|
-
|
nvOC through 3.2 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as …
|
-
|
CVE-2019-19752
|
2024-11-21 13:35 |
2024-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223172
|
- |
|
-
|
-
|
easyMINE before 2019-12-05 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io.
|
-
|
CVE-2019-19751
|
2024-11-21 13:35 |
2024-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223173
|
9.8 |
CRITICAL
Network
|
lemonldap-ng
|
lemonldap\
|
In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints (when some LemonLDAP::NG setup options are used…
|
NVD-CWE-noinfo
|
CVE-2019-19791
|
2024-11-21 13:35 |
2023-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223174
|
7.8 |
HIGH
Local
|
lenovo
|
ideacentre_510-15ikl_firmware
ideacentre_510s-08ikl_firmware
ideacentre_300s-11ish_firmware
ideacentre_310-15asr_firmware
ideacentre_310-15iap_firmware
ideacentre_310a-15iap_firmware
Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo p…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2019-19705
|
2024-11-21 13:35 |
2022-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
223175
|
10.0 |
CRITICAL
Network
|
eleveo
|
call_recording
|
Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending craf…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-19810
|
2024-11-21 13:35 |
2021-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223176
|
7.5 |
HIGH
Network
|
br-automation
|
industrial_automation_aprol
|
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to historical data from AprolSqlServer by bypassing authentication, a different vulnerability …
|
NVD-CWE-noinfo
|
CVE-2019-19878
|
2024-11-21 13:35 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223177
|
5.3 |
MEDIUM
Network
|
br-automation
|
industrial_automation_aprol
|
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against…
|
CWE-22
Path Traversal
|
CVE-2019-19877
|
2024-11-21 13:35 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223178
|
9.8 |
CRITICAL
Network
|
br-automation
|
industrial_automation_aprol
|
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006.
|
CWE-89
SQL Injection
|
CVE-2019-19876
|
2024-11-21 13:35 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223179
|
9.8 |
CRITICAL
Network
|
br-automation
|
industrial_automation_aprol
|
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus…
|
CWE-77
Command Injection
|
CVE-2019-19875
|
2024-11-21 13:35 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223180
|
9.8 |
CRITICAL
Network
|
br-automation
|
industrial_automation_aprol
|
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and execution of arbitrary unintended commands on the web server,…
|
CWE-77
Command Injection
|
CVE-2019-19874
|
2024-11-21 13:35 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
