|
219731
|
6.5 |
MEDIUM
Network
|
gemalto
|
sentinel_ldk
|
Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. This allows malicious javascript to steal it.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-8283
|
2024-11-21 13:49 |
2019-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219732
|
5.3 |
MEDIUM
Network
|
gemalto
|
sentinel_ldk
|
Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle (MITM) at…
|
CWE-346
Origin Validation Error
|
CVE-2019-8282
|
2024-11-21 13:49 |
2019-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219733
|
7.4 |
HIGH
Network
|
rubygems
|
rubygems
|
A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would del…
|
CWE-22
Path Traversal
|
CVE-2019-8320
|
2024-11-21 13:49 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219734
|
9.8 |
CRITICAL
Network
|
thomsonreuters
|
firm_central_desktop
concourse_matter_room
|
An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and Th…
|
CWE-22
Path Traversal
|
CVE-2019-8385
|
2024-11-21 13:49 |
2019-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219735
|
9.8 |
CRITICAL
Network
|
sqlite
canonical
opensuse
fedoraproject
|
sqlite
ubuntu_linux
leap
fedora
|
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-8457
|
2024-11-21 13:49 |
2019-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219736
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_adselfservice_plus
|
In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting t…
|
CWE-79
Cross-site Scripting
|
CVE-2019-8346
|
2024-11-21 13:49 |
2019-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219737
|
8.1 |
HIGH
Network
|
atlassian
|
jira
jira_server
|
The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to admin…
|
CWE-287
Improper Authentication
|
CVE-2019-8443
|
2024-11-21 13:49 |
2019-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219738
|
7.5 |
HIGH
Network
|
atlassian
|
jira
jira_server
|
The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access …
|
NVD-CWE-noinfo
|
CVE-2019-8442
|
2024-11-21 13:49 |
2019-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219739
|
9.8 |
CRITICAL
Network
|
bmc
|
patrol_agent
|
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able t…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-8352
|
2024-11-21 13:49 |
2019-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219740
|
5.5 |
MEDIUM
Local
|
falco
|
falco
|
An issue was discovered in Falco through 0.14.0. A missing indicator for insufficient resources allows local users to bypass the detection engine.
|
CWE-416
Use After Free
|
CVE-2019-8339
|
2024-11-21 13:49 |
2019-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
