|
222461
|
6.1 |
MEDIUM
Network
|
prise
|
adas
|
An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate.
|
CWE-79
Cross-site Scripting
|
CVE-2019-14915
|
2024-11-21 13:27 |
2019-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222462
|
9.1 |
CRITICAL
Network
|
prise
|
adas
|
An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal.
|
CWE-22
Path Traversal
|
CVE-2019-14914
|
2024-11-21 13:27 |
2019-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222463
|
5.4 |
MEDIUM
Network
|
prise
|
adas
|
An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel.
|
CWE-79
Cross-site Scripting
|
CVE-2019-14913
|
2024-11-21 13:27 |
2019-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222464
|
6.1 |
MEDIUM
Network
|
prise
|
adas
|
An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie.
|
CWE-601
Open Redirect
|
CVE-2019-14912
|
2024-11-21 13:27 |
2019-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222465
|
6.1 |
MEDIUM
Network
|
prise
|
adas
|
An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-14911
|
2024-11-21 13:27 |
2019-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222466
|
8.8 |
HIGH
Local
|
linux
redhat
canonical
opensuse
fedoraproject
debian
netapp
oracle
|
linux_kernel
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_for_real_time
enterprise_linux_eus
enterprise_linux_server_tus
enterpr…
|
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO r…
|
-
|
CVE-2019-14821
|
2024-11-21 13:27 |
2019-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222467
|
7.7 |
HIGH
Network
|
pydio
|
pydio
|
Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-15033
|
2024-11-21 13:27 |
2019-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222468
|
5.3 |
MEDIUM
Network
|
pydio
|
pydio
|
Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive inform…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2019-15032
|
2024-11-21 13:27 |
2019-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222469
|
7.2 |
HIGH
Network
|
atlassian
|
jira_server
jira_data_center
|
The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before…
|
CWE-94
Code Injection
|
CVE-2019-15001
|
2024-11-21 13:27 |
2019-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222470
|
9.8 |
CRITICAL
Network
|
atlassian
|
bitbucket
|
The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the …
|
CWE-78
OS Command
|
CVE-2019-15000
|
2024-11-21 13:27 |
2019-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
