|
223011
|
4.4 |
MEDIUM
Local
|
freeipa
redhat
|
freeipa
enterprise_linux
|
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and ca…
|
CWE-613
Insufficient Session Expiration
|
CVE-2019-14826
|
2024-11-21 13:27 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223012
|
4.4 |
MEDIUM
Local
|
linux
redhat
canonical
opensuse
|
linux_kernel
enterprise_linux
ubuntu_linux
leap
|
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a trans…
|
CWE-662
Improper Synchronization
|
CVE-2019-15031
|
2024-11-21 13:27 |
2019-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223013
|
4.4 |
MEDIUM
Local
|
linux
redhat
canonical
opensuse
|
linux_kernel
enterprise_linux
ubuntu_linux
leap
|
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local…
|
CWE-862
Missing Authorization
|
CVE-2019-15030
|
2024-11-21 13:27 |
2019-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223014
|
5.3 |
MEDIUM
Network
|
easyappointments
|
easy\!appointments
|
Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash).
|
NVD-CWE-noinfo
|
CVE-2019-14936
|
2024-11-21 13:27 |
2019-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223015
|
6.5 |
MEDIUM
Network
|
atlassian
|
jira_server
|
The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a …
|
CWE-352
Origin Validation Error
|
CVE-2019-14998
|
2024-11-21 13:27 |
2019-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223016
|
4.3 |
MEDIUM
Network
|
atlassian
|
jira_server
|
The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulner…
|
NVD-CWE-Other
|
CVE-2019-14997
|
2024-11-21 13:27 |
2019-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223017
|
6.1 |
MEDIUM
Network
|
atlassian
|
jira_server
|
The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scriptin…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14996
|
2024-11-21 13:27 |
2019-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223018
|
5.3 |
MEDIUM
Network
|
atlassian
|
jira_server
|
The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing p…
|
CWE-862
Missing Authorization
|
CVE-2019-14995
|
2024-11-21 13:27 |
2019-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223019
|
4.3 |
MEDIUM
Network
|
control-webpanel
|
webpanel
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-14725
|
2024-11-21 13:27 |
2019-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223020
|
7.5 |
HIGH
Network
|
control-webpanel
|
webpanel
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-14724
|
2024-11-21 13:27 |
2019-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
