|
214031
|
8.1 |
HIGH
Network
|
jetbrains
|
intellij_idea
|
In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE …
|
CWE-312
CWE-522
Cleartext Storage of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2019-9872
|
2024-11-21 13:52 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214032
|
7.8 |
HIGH
Local
|
symantec
|
endpoint_encryption
|
Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that ar…
|
NVD-CWE-noinfo
|
CVE-2019-9703
|
2024-11-21 13:52 |
2019-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214033
|
7.8 |
HIGH
Local
|
symantec
|
endpoint_encryption
|
Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that ar…
|
NVD-CWE-noinfo
|
CVE-2019-9702
|
2024-11-21 13:52 |
2019-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214034
|
7.5 |
HIGH
Network
|
diffplug
|
gradle
maven
|
In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and before 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolve…
|
CWE-611
XXE
|
CVE-2019-9843
|
2024-11-21 13:52 |
2019-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214035
|
8.8 |
HIGH
Network
|
rockoa
|
rockoa
|
RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idf…
|
CWE-89
SQL Injection
|
CVE-2019-9846
|
2024-11-21 13:52 |
2019-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214036
|
5.3 |
MEDIUM
Network
|
amd
opensuse
|
secure_encrypted_virtualization_firmware
leap
|
Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic imp…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2019-9836
|
2024-11-21 13:52 |
2019-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214037
|
8.8 |
HIGH
Network
|
quadbase
|
espressreport_enterprise_server
|
CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues…
|
CWE-352
Origin Validation Error
|
CVE-2019-9958
|
2024-11-21 13:52 |
2019-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214038
|
5.4 |
MEDIUM
Network
|
quadbase
|
espressreport_es
|
Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is sto…
|
CWE-79
Cross-site Scripting
|
CVE-2019-9957
|
2024-11-21 13:52 |
2019-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214039
|
6.1 |
MEDIUM
Network
|
openfind
|
mail2000
|
An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an '<object data="data:text/html' substring in an e-mail message (The vendor subsequently patched this).
|
CWE-79
Cross-site Scripting
|
CVE-2019-9763
|
2024-11-21 13:52 |
2019-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214040
|
4.8 |
MEDIUM
Network
|
symantec
|
data_loss_prevention
|
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by …
|
CWE-79
Cross-site Scripting
|
CVE-2019-9701
|
2024-11-21 13:52 |
2019-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
