|
212561
|
7.5 |
HIGH
Network
|
magento
|
magento
|
A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Mag…
|
CWE-384
Session Fixation
|
CVE-2019-7849
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212562
|
4.9 |
MEDIUM
Network
|
elastic
|
kibana
|
Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set t…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-7616
|
2024-11-21 13:48 |
2019-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212563
|
7.4 |
HIGH
Network
|
elastic
|
apm-agent-ruby
|
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would…
|
CWE-295
Improper Certificate Validation
|
CVE-2019-7615
|
2024-11-21 13:48 |
2019-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212564
|
5.9 |
MEDIUM
Network
|
elastic
|
elasticsearch
|
A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible f…
|
CWE-362
Race Condition
|
CVE-2019-7614
|
2024-11-21 13:48 |
2019-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212565
|
7.8 |
HIGH
Local
|
johnsoncontrols
|
exacqvision_server
|
ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it pote…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2019-7590
|
2024-11-21 13:48 |
2019-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212566
|
7.5 |
HIGH
Network
|
adobe
|
campaign
|
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Successful exploitation could lead to Information Disclosure in t…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2019-7941
|
2024-11-21 13:48 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212567
|
9.8 |
CRITICAL
Network
|
adobe
|
campaign
|
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current u…
|
CWE-77
Command Injection
|
CVE-2019-7850
|
2024-11-21 13:48 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212568
|
7.5 |
HIGH
Network
|
adobe
|
campaign
|
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Inadequate access control vulnerability. Successful exploitation could lead to Information Disclosure in the context of the cu…
|
NVD-CWE-noinfo
|
CVE-2019-7848
|
2024-11-21 13:48 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212569
|
7.5 |
HIGH
Network
|
adobe
|
campaign
|
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. Successful exploitation could lead to Arbitrary r…
|
CWE-611
XXE
|
CVE-2019-7847
|
2024-11-21 13:48 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212570
|
7.5 |
HIGH
Network
|
adobe
|
campaign
|
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper error handling vulnerability. Successful exploitation could lead to Information Disclosure in the context of the curr…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2019-7846
|
2024-11-21 13:48 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
