|
222791
|
5.3 |
MEDIUM
Network
|
hashicorp
|
nomad
|
HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/al…
|
NVD-CWE-noinfo
|
CVE-2019-14802
|
2024-11-21 13:27 |
2022-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222792
|
8.8 |
HIGH
Network
|
redhat
|
decision_manager
process_automation
|
A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Cons…
|
CWE-281
Improper Preservation of Permissions
|
CVE-2019-14841
|
2024-11-21 13:27 |
2022-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222793
|
7.5 |
HIGH
Network
|
redhat
|
decision_manager
|
A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials.
|
-
|
CVE-2019-14840
|
2024-11-21 13:27 |
2022-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222794
|
7.5 |
HIGH
Network
|
redhat
|
process_automation
descision_manager
business-central
|
It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc.
|
CWE-200
Information Exposure
|
CVE-2019-14839
|
2024-11-21 13:27 |
2022-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222795
|
8.8 |
HIGH
Network
|
redhat
|
3scale
|
A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct furthe…
|
CWE-352
Origin Validation Error
|
CVE-2019-14836
|
2024-11-21 13:27 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222796
|
6.1 |
MEDIUM
Network
|
moodle
|
moodle
|
A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template conte…
|
-
|
CVE-2019-14827
|
2024-11-21 13:27 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222797
|
7.5 |
HIGH
Network
|
lispbx_project
|
lispbx
|
In Liberty lisPBX 2.0-4, configuration backup files can be retrieved remotely from /backup/lispbx-CONF-YYYY-MM-DD.tar or /backup/lispbx-CDR-YYYY-MM-DD.tar without authentication or authorization. The…
|
CWE-863
Incorrect Authorization
|
CVE-2019-15059
|
2024-11-21 13:27 |
2021-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222798
|
6.1 |
MEDIUM
Network
|
moodle
|
moodle
|
A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was en…
|
-
|
CVE-2019-14831
|
2024-11-21 13:27 |
2021-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222799
|
6.1 |
MEDIUM
Network
|
moodle
|
moodle
|
A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which…
|
-
|
CVE-2019-14830
|
2024-11-21 13:27 |
2021-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222800
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selectin…
|
-
|
CVE-2019-14829
|
2024-11-21 13:27 |
2021-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
