|
221941
|
5.3 |
MEDIUM
Network
|
apache
|
rocketmq
|
In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a to…
|
CWE-22
Path Traversal
|
CVE-2019-17572
|
2024-11-21 13:32 |
2020-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221942
|
9.8 |
CRITICAL
Network
|
apache
|
cloudstack
|
A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-17562
|
2024-11-21 13:32 |
2020-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221943
|
5.4 |
MEDIUM
Network
|
apache
|
syncope
|
It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code…
|
CWE-79
Cross-site Scripting
|
CVE-2019-17557
|
2024-11-21 13:32 |
2020-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221944
|
5.4 |
MEDIUM
Network
|
eleveo
|
call_recording
|
ZOOM International Call Recording 6.3.1 suffers from multiple authenticated stored XSS vulnerabilities via the phoneNumber field in the (1) User Edit or (2) User Add form, (3) name field in the Role …
|
CWE-79
Cross-site Scripting
|
CVE-2019-18223
|
2024-11-21 13:32 |
2020-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221945
|
8.8 |
HIGH
Network
|
dlink
|
dir-615_firmware
|
The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2019-17525
|
2024-11-21 13:32 |
2020-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221946
|
7.5 |
HIGH
Network
|
fortinet
|
fortiap-w2
fortiap-s
fortiswitch
fortianalyzer
fortimanager
|
An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-17657
|
2024-11-21 13:32 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221947
|
9.8 |
CRITICAL
Network
|
apache
|
dubbo
|
Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance o…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-17564
|
2024-11-21 13:32 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221948
|
7.5 |
HIGH
Network
|
apache
oracle
|
netbeans
graalvm
|
The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and includin…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2019-17561
|
2024-11-21 13:32 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221949
|
9.1 |
CRITICAL
Network
|
apache
oracle
|
netbeans
graalvm
|
The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the downlo…
|
CWE-295
Improper Certificate Validation
|
CVE-2019-17560
|
2024-11-21 13:32 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221950
|
5.4 |
MEDIUM
Network
|
netapp
|
oncommand_system_manager
|
OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scr…
|
CWE-79
Cross-site Scripting
|
CVE-2019-17276
|
2024-11-21 13:32 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
