|
214051
|
5.3 |
MEDIUM
Network
|
magento
|
magento
|
A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL …
|
CWE-200
Information Exposure
|
CVE-2019-7852
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214052
|
6.5 |
MEDIUM
Network
|
magento
|
magento
|
A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages.
|
CWE-352
Origin Validation Error
|
CVE-2019-7851
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214053
|
7.5 |
HIGH
Network
|
magento
|
magento
|
A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Mag…
|
CWE-384
Session Fixation
|
CVE-2019-7849
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214054
|
4.9 |
MEDIUM
Network
|
elastic
|
kibana
|
Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set t…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-7616
|
2024-11-21 13:48 |
2019-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214055
|
7.4 |
HIGH
Network
|
elastic
|
apm-agent-ruby
|
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would…
|
CWE-295
Improper Certificate Validation
|
CVE-2019-7615
|
2024-11-21 13:48 |
2019-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214056
|
5.9 |
MEDIUM
Network
|
elastic
|
elasticsearch
|
A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible f…
|
CWE-362
Race Condition
|
CVE-2019-7614
|
2024-11-21 13:48 |
2019-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214057
|
7.8 |
HIGH
Local
|
johnsoncontrols
|
exacqvision_server
|
ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it pote…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2019-7590
|
2024-11-21 13:48 |
2019-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214058
|
7.5 |
HIGH
Network
|
adobe
|
campaign
|
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Successful exploitation could lead to Information Disclosure in t…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2019-7941
|
2024-11-21 13:48 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214059
|
9.8 |
CRITICAL
Network
|
adobe
|
campaign
|
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current u…
|
CWE-77
Command Injection
|
CVE-2019-7850
|
2024-11-21 13:48 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214060
|
7.5 |
HIGH
Network
|
adobe
|
campaign
|
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Inadequate access control vulnerability. Successful exploitation could lead to Information Disclosure in the context of the cu…
|
NVD-CWE-noinfo
|
CVE-2019-7848
|
2024-11-21 13:48 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
