|
222751
|
7.5 |
HIGH
Network
|
microfocus
|
content_manager
|
An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. Th…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-3489
|
2024-11-21 13:42 |
2019-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222752
|
6.3 |
MEDIUM
Network
|
redhat
|
openshift_container_platform
|
A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherw…
|
-
|
CVE-2019-3876
|
2024-11-21 13:42 |
2019-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222753
|
7.5 |
HIGH
Network
|
gnu
fedoraproject
opensuse
|
gnutls
fedora
leap
|
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2019-3836
|
2024-11-21 13:42 |
2019-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222754
|
8.1 |
HIGH
Network
|
dell
|
emc_networking_os10
|
Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauth…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-3710
|
2024-11-21 13:42 |
2019-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222755
|
7.2 |
HIGH
Network
|
redhat
|
ansible_tower
|
When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks co…
|
CWE-200
Information Exposure
|
CVE-2019-3869
|
2024-11-21 13:42 |
2019-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222756
|
7.5 |
HIGH
Network
|
gnu
fedoraproject
|
gnutls
fedora
|
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifi…
|
CWE-415
CWE-416
Double Free
Use After Free
|
CVE-2019-3829
|
2024-11-21 13:42 |
2019-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222757
|
6.1 |
MEDIUM
Network
|
mod_auth_mellon_project
fedoraproject
redhat
canonical
|
mod_auth_mellon
fedora
enterprise_linux
ubuntu_linux
|
A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the brows…
|
CWE-601
Open Redirect
|
CVE-2019-3877
|
2024-11-21 13:42 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222758
|
4.8 |
MEDIUM
Network
|
moodle
|
moodle
|
A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboar…
|
CWE-79
Cross-site Scripting
|
CVE-2019-3847
|
2024-11-21 13:42 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222759
|
6.3 |
MEDIUM
Network
|
redhat
opensuse
|
libvirt
leap
|
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash li…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-3840
|
2024-11-21 13:42 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222760
|
4.2 |
MEDIUM
Local
|
redhat
|
ansible
|
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible cont…
|
CWE-22
Path Traversal
|
CVE-2019-3828
|
2024-11-21 13:42 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
