|
211161
|
9.8 |
CRITICAL
Network
|
sonatype
|
nexus_repository_manager
|
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
|
CWE-287
Improper Authentication
|
CVE-2019-9629
|
2024-11-21 13:52 |
2019-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211162
|
9.8 |
CRITICAL
Network
|
hawt
|
hawtio
|
Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-9827
|
2024-11-21 13:52 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211163
|
9.8 |
CRITICAL
Network
|
jetbrains
|
intellij_idea
|
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. …
|
CWE-312
CWE-522
Cleartext Storage of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2019-9873
|
2024-11-21 13:52 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211164
|
9.8 |
CRITICAL
Network
|
jetbrains
|
intellij_idea
|
In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration fil…
|
CWE-312
CWE-522
Cleartext Storage of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2019-9823
|
2024-11-21 13:52 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211165
|
8.1 |
HIGH
Network
|
jetbrains
|
intellij_idea
|
In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE …
|
CWE-312
CWE-522
Cleartext Storage of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2019-9872
|
2024-11-21 13:52 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211166
|
7.8 |
HIGH
Local
|
symantec
|
endpoint_encryption
|
Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that ar…
|
NVD-CWE-noinfo
|
CVE-2019-9703
|
2024-11-21 13:52 |
2019-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211167
|
7.8 |
HIGH
Local
|
symantec
|
endpoint_encryption
|
Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that ar…
|
NVD-CWE-noinfo
|
CVE-2019-9702
|
2024-11-21 13:52 |
2019-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211168
|
7.5 |
HIGH
Network
|
diffplug
|
gradle
maven
|
In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and before 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolve…
|
CWE-611
XXE
|
CVE-2019-9843
|
2024-11-21 13:52 |
2019-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211169
|
8.8 |
HIGH
Network
|
rockoa
|
rockoa
|
RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idf…
|
CWE-89
SQL Injection
|
CVE-2019-9846
|
2024-11-21 13:52 |
2019-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211170
|
5.3 |
MEDIUM
Network
|
amd
opensuse
|
secure_encrypted_virtualization_firmware
leap
|
Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic imp…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2019-9836
|
2024-11-21 13:52 |
2019-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
