|
220411
|
7.5 |
HIGH
Network
|
dell
|
emc_openmanage_server_administrator
|
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could po…
|
CWE-611
XXE
|
CVE-2019-3722
|
2024-11-21 13:42 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220412
|
5.3 |
MEDIUM
Network
|
mybb
|
mybb
|
MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.
|
CWE-200
Information Exposure
|
CVE-2019-3579
|
2024-11-21 13:42 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220413
|
6.1 |
MEDIUM
Network
|
mybb
|
mybb
|
MyBB 1.8.19 has XSS in the resetpassword function.
|
CWE-79
Cross-site Scripting
|
CVE-2019-3578
|
2024-11-21 13:42 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220414
|
8.0 |
HIGH
Network
|
openstack
redhat
|
octavia
openstack
|
An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitr…
|
NVD-CWE-Other
|
CVE-2019-3895
|
2024-11-21 13:42 |
2019-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220415
|
8.8 |
HIGH
Adjacent
|
linux
redhat
canonical
netapp
fedoraproject
debian
opensuse
|
linux_kernel
enterprise_linux
ubuntu_linux
a700s_firmware
cn1610_firmware
h610s_firmware
solidfire
hci_management_node
active_iq_unified_manager_for_vmware_vsphere
fedora
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
|
-
|
CVE-2019-3846
|
2024-11-21 13:42 |
2019-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
220416
|
8.1 |
HIGH
Network
|
linuxfoundation
|
osquery
|
In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permiss…
|
CWE-59
Link Following
|
CVE-2019-3567
|
2024-11-21 13:42 |
2019-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220417
|
5.3 |
MEDIUM
Network
|
pivotal_software
|
spring_data_java_persistance_api
|
This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatch…
|
NVD-CWE-Other
|
CVE-2019-3802
|
2024-11-21 13:42 |
2019-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220418
|
9.1 |
CRITICAL
Network
|
atlassian
|
bitbucket
|
Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before …
|
CWE-22
Path Traversal
|
CVE-2019-3397
|
2024-11-21 13:42 |
2019-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220419
|
5.3 |
MEDIUM
Network
|
atlassian
|
jira
jira_server
|
The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate user…
|
CWE-863
Incorrect Authorization
|
CVE-2019-3403
|
2024-11-21 13:42 |
2019-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220420
|
6.1 |
MEDIUM
Network
|
atlassian
|
jira
jira_server
|
The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site script…
|
CWE-79
Cross-site Scripting
|
CVE-2019-3402
|
2024-11-21 13:42 |
2019-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
