|
224051
|
6.1 |
MEDIUM
Network
|
alkacon
|
opencms
|
In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface.
|
CWE-79
Cross-site Scripting
|
CVE-2019-13236
|
2024-11-21 13:24 |
2019-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224052
|
6.1 |
MEDIUM
Network
|
alkacon
|
opencms_apollo_template
|
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form.
|
CWE-79
Cross-site Scripting
|
CVE-2019-13235
|
2024-11-21 13:24 |
2019-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224053
|
6.1 |
MEDIUM
Network
|
alkacon
|
opencms_apollo_template
|
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine.
|
CWE-79
Cross-site Scripting
|
CVE-2019-13234
|
2024-11-21 13:24 |
2019-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224054
|
10.0 |
CRITICAL
Network
|
trms
|
tightrope_media_carousel
|
The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-13020
|
2024-11-21 13:24 |
2019-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224055
|
5.5 |
MEDIUM
Local
|
obdev
|
little_snitch
|
Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately…
|
CWE-459
Incomplete Cleanup
|
CVE-2019-13014
|
2024-11-21 13:24 |
2019-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224056
|
5.5 |
MEDIUM
Local
|
obdev
|
little_snitch
|
Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any…
|
CWE-862
Missing Authorization
|
CVE-2019-13013
|
2024-11-21 13:24 |
2019-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224057
|
8.8 |
HIGH
Network
|
search-guard
|
search_guard
|
Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all …
|
NVD-CWE-noinfo
|
CVE-2019-13423
|
2024-11-21 13:24 |
2019-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224058
|
6.1 |
MEDIUM
Network
|
search-guard
|
search_guard
|
Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login.
|
CWE-601
Open Redirect
|
CVE-2019-13422
|
2024-11-21 13:24 |
2019-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224059
|
4.9 |
MEDIUM
Network
|
search-guard
|
search_guard
|
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.
|
CWE-200
Information Exposure
|
CVE-2019-13421
|
2024-11-21 13:24 |
2019-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224060
|
8.4 |
HIGH
Local
|
docker
|
docker
|
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "do…
|
CWE-78
OS Command
|
CVE-2019-13139
|
2024-11-21 13:24 |
2019-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
