|
221461
|
9.8 |
CRITICAL
Network
|
tk-star
|
q90_junior_gps_horloge_firmware
|
An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS.
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-20468
|
2024-11-21 13:38 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221462
|
8.1 |
HIGH
Network
|
vikisolutions
|
vera
|
An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-20484
|
2024-11-21 13:38 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221463
|
5.4 |
MEDIUM
Network
|
vikisolutions
|
vera
|
An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a user's last name to an XSS Payload, and read another user's cookie and use that to login to the application.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20483
|
2024-11-21 13:38 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221464
|
6.1 |
MEDIUM
Network
|
treasuryxpress
|
treasuryxpress
|
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious paylo…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20152
|
2024-11-21 13:38 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221465
|
6.1 |
MEDIUM
Network
|
treasuryxpress
|
treasuryxpress
|
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrator(s). A mali…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20151
|
2024-11-21 13:38 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221466
|
6.5 |
MEDIUM
Network
|
treasuryxpress
|
treasuryxpress
|
In TreasuryXpress 19191105, a logged-in user can discover saved credentials, even though the UI hides them. Using functionality within the application and a malicious host, it is possible to force th…
|
NVD-CWE-noinfo
|
CVE-2019-20150
|
2024-11-21 13:38 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221467
|
7.8 |
HIGH
Local
|
abbyy
|
finereader
|
ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links.
|
CWE-59
Link Following
|
CVE-2019-20383
|
2024-11-21 13:38 |
2020-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221468
|
7.8 |
HIGH
Local
|
atlassian
|
jira_server
jira_data_center
|
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-20419
|
2024-11-21 13:38 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221469
|
6.5 |
MEDIUM
Network
|
atlassian
|
jira_software_data_center
jira
|
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wik…
|
NVD-CWE-noinfo
|
CVE-2019-20418
|
2024-11-21 13:38 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221470
|
5.3 |
MEDIUM
Network
|
atlassian
|
jira
|
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vul…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-20408
|
2024-11-21 13:38 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
