|
224751
|
4.4 |
MEDIUM
Local
|
linux
redhat
canonical
opensuse
|
linux_kernel
enterprise_linux
ubuntu_linux
leap
|
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local…
|
CWE-862
Missing Authorization
|
CVE-2019-15030
|
2024-11-21 13:27 |
2019-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224752
|
5.3 |
MEDIUM
Network
|
easyappointments
|
easy\!appointments
|
Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash).
|
NVD-CWE-noinfo
|
CVE-2019-14936
|
2024-11-21 13:27 |
2019-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224753
|
6.5 |
MEDIUM
Network
|
atlassian
|
jira_server
|
The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a …
|
CWE-352
Origin Validation Error
|
CVE-2019-14998
|
2024-11-21 13:27 |
2019-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224754
|
4.3 |
MEDIUM
Network
|
atlassian
|
jira_server
|
The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulner…
|
NVD-CWE-Other
|
CVE-2019-14997
|
2024-11-21 13:27 |
2019-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224755
|
6.1 |
MEDIUM
Network
|
atlassian
|
jira_server
|
The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scriptin…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14996
|
2024-11-21 13:27 |
2019-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224756
|
5.3 |
MEDIUM
Network
|
atlassian
|
jira_server
|
The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing p…
|
CWE-862
Missing Authorization
|
CVE-2019-14995
|
2024-11-21 13:27 |
2019-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224757
|
4.3 |
MEDIUM
Network
|
control-webpanel
|
webpanel
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-14725
|
2024-11-21 13:27 |
2019-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224758
|
7.5 |
HIGH
Network
|
control-webpanel
|
webpanel
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-14724
|
2024-11-21 13:27 |
2019-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224759
|
4.3 |
MEDIUM
Network
|
control-webpanel
|
webpanel
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account.
|
NVD-CWE-noinfo
|
CVE-2019-14730
|
2024-11-21 13:27 |
2019-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224760
|
4.3 |
MEDIUM
Network
|
control-webpanel
|
webpanel
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account.
|
NVD-CWE-noinfo
|
CVE-2019-14729
|
2024-11-21 13:27 |
2019-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
