|
219381
|
9.8 |
CRITICAL
Network
|
pyyaml
fedoraproject
|
pyyaml
fedora
|
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue e…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-20477
|
2024-11-21 13:38 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219382
|
4.3 |
MEDIUM
Network
|
zohocorp
|
manageengine_remote_access_plus
|
An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (re…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-20474
|
2024-11-21 13:38 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219383
|
7.8 |
HIGH
Local
|
goverlan
|
client_agent
reach_console
reach_server
|
Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escal…
|
CWE-426
Untrusted Search Path
|
CVE-2019-20456
|
2024-11-21 13:38 |
2020-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219384
|
5.9 |
MEDIUM
Network
|
globalpayments
|
php_sdk
|
Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations.
|
CWE-295
Improper Certificate Validation
|
CVE-2019-20455
|
2024-11-21 13:38 |
2020-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219385
|
7.5 |
HIGH
Network
|
pcre
fedoraproject
splunk
|
pcre2
fedora
universal_forwarder
|
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrust…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-20454
|
2024-11-21 13:38 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219386
|
4.7 |
MEDIUM
Network
|
atlassian
|
jira
jira_server
jira_data_center
|
The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12,…
|
CWE-352
Origin Validation Error
|
CVE-2019-20100
|
2024-11-21 13:38 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219387
|
4.3 |
MEDIUM
Network
|
atlassian
|
jira_server
jira_data_center
|
The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tr…
|
CWE-352
Origin Validation Error
|
CVE-2019-20099
|
2024-11-21 13:38 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219388
|
4.3 |
MEDIUM
Network
|
atlassian
|
jira_server
jira_data_center
|
The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by t…
|
CWE-352
Origin Validation Error
|
CVE-2019-20098
|
2024-11-21 13:38 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219389
|
9.8 |
CRITICAL
Network
|
samsung
|
prismview_player_11
prismview_system_9
|
The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. (Authenticati…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-20451
|
2024-11-21 13:38 |
2020-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219390
|
7.8 |
HIGH
Local
|
atlassian
|
confluence
confluence_server
|
The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to writ…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-20406
|
2024-11-21 13:38 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
