|
219391
|
5.4 |
MEDIUM
Network
|
ibm
|
cognos_analytics
|
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot…
|
CWE-79
Cross-site Scripting
|
CVE-2019-4623
|
2024-11-21 13:43 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219392
|
6.5 |
MEDIUM
Network
|
ibm
netapp
|
cognos_analytics
oncommand_insight
|
IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability t…
|
CWE-863
Incorrect Authorization
|
CVE-2019-4343
|
2024-11-21 13:43 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219393
|
5.5 |
MEDIUM
Local
|
ibm
|
watson_studio_local
|
IBM Watson Studio Local 1.2.3 stores key files in the user's home directory which could be obtained by another local user. IBM X-Force ID: 161413.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-4335
|
2024-11-21 13:43 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219394
|
5.4 |
MEDIUM
Network
|
ibm
|
cognos_analytics
|
IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot…
|
CWE-79
Cross-site Scripting
|
CVE-2019-4555
|
2024-11-21 13:43 |
2019-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219395
|
4.3 |
MEDIUM
Network
|
ibm
netapp
|
cognos_analytics
oncommand_insight
|
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website tru…
|
CWE-352
Origin Validation Error
|
CVE-2019-4231
|
2024-11-21 13:43 |
2019-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219396
|
7.5 |
HIGH
Network
|
ibm
|
api_connect
|
IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 168510.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2019-4609
|
2024-11-21 13:43 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219397
|
4.8 |
MEDIUM
Network
|
hcltech
|
appscan_source
|
HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in the Web UI.
|
CWE-79
Cross-site Scripting
|
CVE-2019-4388
|
2024-11-21 13:43 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219398
|
6.5 |
MEDIUM
Network
|
elog_project
fedoraproject
|
elog
fedora
|
ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests.
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2019-3996
|
2024-11-21 13:43 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219399
|
7.5 |
HIGH
Network
|
elog_project
fedoraproject
|
elog
fedora
|
ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. A remote unauthenticated attacker can crash the ELOG server by sending a crafted HTTP …
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-3995
|
2024-11-21 13:43 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219400
|
7.5 |
HIGH
Network
|
elog_project
fedoraproject
|
elog
fedora
|
ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST reques…
|
CWE-416
Use After Free
|
CVE-2019-3994
|
2024-11-21 13:43 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
