|
219701
|
7.8 |
HIGH
Local
|
goverlan
|
client_agent
reach_console
reach_server
|
Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escal…
|
CWE-426
Untrusted Search Path
|
CVE-2019-20456
|
2024-11-21 13:38 |
2020-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219702
|
5.9 |
MEDIUM
Network
|
globalpayments
|
php_sdk
|
Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations.
|
CWE-295
Improper Certificate Validation
|
CVE-2019-20455
|
2024-11-21 13:38 |
2020-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219703
|
7.5 |
HIGH
Network
|
pcre
fedoraproject
splunk
|
pcre2
fedora
universal_forwarder
|
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrust…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-20454
|
2024-11-21 13:38 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219704
|
4.7 |
MEDIUM
Network
|
atlassian
|
jira
jira_server
jira_data_center
|
The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12,…
|
CWE-352
Origin Validation Error
|
CVE-2019-20100
|
2024-11-21 13:38 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219705
|
4.3 |
MEDIUM
Network
|
atlassian
|
jira_server
jira_data_center
|
The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tr…
|
CWE-352
Origin Validation Error
|
CVE-2019-20099
|
2024-11-21 13:38 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219706
|
4.3 |
MEDIUM
Network
|
atlassian
|
jira_server
jira_data_center
|
The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by t…
|
CWE-352
Origin Validation Error
|
CVE-2019-20098
|
2024-11-21 13:38 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219707
|
9.8 |
CRITICAL
Network
|
samsung
|
prismview_player_11
prismview_system_9
|
The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. (Authenticati…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-20451
|
2024-11-21 13:38 |
2020-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219708
|
7.8 |
HIGH
Local
|
atlassian
|
confluence
confluence_server
|
The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to writ…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-20406
|
2024-11-21 13:38 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219709
|
4.3 |
MEDIUM
Network
|
atlassian
|
jira_server
jira_data_center
|
The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnera…
|
CWE-352
Origin Validation Error
|
CVE-2019-20405
|
2024-11-21 13:38 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219710
|
4.3 |
MEDIUM
Network
|
atlassian
|
jira_server
jira_data_center
|
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulner…
|
NVD-CWE-noinfo
|
CVE-2019-20404
|
2024-11-21 13:38 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
