|
221681
|
4.3 |
MEDIUM
Network
|
atlassian
|
jira
jira_software_data_center
jira_server
jira_data_center
|
Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticke…
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-20106
|
2024-11-21 13:38 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221682
|
7.5 |
HIGH
Network
|
atlassian
|
crowd
|
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vu…
|
CWE-776
XML Entity Expansion
|
CVE-2019-20104
|
2024-11-21 13:38 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221683
|
9.8 |
CRITICAL
Network
|
jobberbase
|
jobberbase
|
Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endpoint.
|
CWE-89
SQL Injection
|
CVE-2019-20447
|
2024-11-21 13:38 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221684
|
6.1 |
MEDIUM
Network
|
auth0
|
login_by_auth0
|
The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20173
|
2024-11-21 13:38 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221685
|
6.1 |
MEDIUM
Network
|
auth0
|
lock
|
Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20174
|
2024-11-21 13:38 |
2020-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221686
|
6.5 |
MEDIUM
Network
|
gnome
opensuse
fedoraproject
debian
canonical
netapp
|
librsvg
leap
fedora
debian_linux
ubuntu_linux
active_iq_unified_manager
|
In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so th…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-20446
|
2024-11-21 13:38 |
2020-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221687
|
7.8 |
HIGH
Local
|
trendmicro
|
anti-threat_toolkit
|
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary …
|
CWE-427
CWE-426
CWE-732
Uncontrolled Search Path Element
Untrusted Search Path
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-20358
|
2024-11-21 13:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221688
|
9.1 |
CRITICAL
Network
|
netty
debian
fedoraproject
canonical
redhat
apache
|
netty
debian_linux
fedora
ubuntu_linux
jboss_amq_clients
jboss_enterprise_application_platform
spark
|
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
|
CWE-444
HTTP Request Smuggling
|
CVE-2019-20445
|
2024-11-21 13:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221689
|
9.1 |
CRITICAL
Network
|
netty
debian
fedoraproject
canonical
redhat
|
netty
debian_linux
fedora
ubuntu_linux
jboss_amq_clients
jboss_enterprise_application_platform
|
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invali…
|
CWE-444
HTTP Request Smuggling
|
CVE-2019-20444
|
2024-11-21 13:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221690
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-859_firmware
|
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishand…
|
CWE-78
OS Command
|
CVE-2019-20217
|
2024-11-21 13:38 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
