|
220411
|
6.5 |
MEDIUM
Network
|
elastic
|
kibana
|
A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local fil…
|
CWE-22
Path Traversal
|
CVE-2019-7618
|
2024-11-21 13:48 |
2019-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220412
|
7.8 |
HIGH
Local
|
autodesk
|
design_review
|
Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a use-after-free vulnerabi…
|
CWE-416
Use After Free
|
CVE-2019-7363
|
2024-11-21 13:48 |
2019-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220413
|
7.8 |
HIGH
Local
|
autodesk
|
design_review
|
DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL preloading vulnerabi…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-7362
|
2024-11-21 13:48 |
2019-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220414
|
7.8 |
HIGH
Local
|
autodesk
|
advance_steel
autocad
autocad_architecture
autocad_electrical
autocad_lt
autocad_map_3d
autocad_mechanical
autocad_mep
autocad_plant_3d
civil_3d
autocad_p\&id
|
DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechan…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-7364
|
2024-11-21 13:48 |
2019-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220415
|
7.2 |
HIGH
Network
|
elastic
|
apm_agent
|
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an atta…
|
CWE-20
Improper Input Validation
|
CVE-2019-7617
|
2024-11-21 13:48 |
2019-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220416
|
9.1 |
CRITICAL
Network
|
johnsoncontrols
|
metasys_system
|
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP).
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-7594
|
2024-11-21 13:48 |
2019-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220417
|
9.1 |
CRITICAL
Network
|
johnsoncontrols
|
metasys_system
|
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP).
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-7593
|
2024-11-21 13:48 |
2019-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220418
|
7.8 |
HIGH
Local
|
adobe
|
premiere_pro_cc
|
Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-7931
|
2024-11-21 13:48 |
2019-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220419
|
7.8 |
HIGH
Local
|
adobe
|
character_animator
|
Adobe Character Animator versions 2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-7870
|
2024-11-21 13:48 |
2019-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220420
|
7.5 |
HIGH
Network
|
magento
|
magento
|
An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters re…
|
NVD-CWE-noinfo
|
CVE-2019-7951
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
