|
221661
|
9.8 |
CRITICAL
Network
|
miele
|
xgw_3000_zigbee_gateway_firmware
|
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480.
|
CWE-287
Improper Authentication
|
CVE-2019-20481
|
2024-11-21 13:38 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221662
|
8.8 |
HIGH
Network
|
miele
|
xgw_3000_zigbee_gateway_firmware
|
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there i…
|
CWE-352
Origin Validation Error
|
CVE-2019-20480
|
2024-11-21 13:38 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221663
|
6.1 |
MEDIUM
Network
|
openidc
debian
fedoraproject
opensuse
|
mod_auth_openidc
debian_linux
fedora
leap
|
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
|
CWE-601
Open Redirect
|
CVE-2019-20479
|
2024-11-21 13:38 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221664
|
9.8 |
CRITICAL
Network
|
ruamel.yaml_project
|
ruamel.yaml
|
In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaw…
|
NVD-CWE-noinfo
|
CVE-2019-20478
|
2024-11-21 13:38 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221665
|
9.8 |
CRITICAL
Network
|
pyyaml
fedoraproject
|
pyyaml
fedora
|
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue e…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-20477
|
2024-11-21 13:38 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221666
|
4.3 |
MEDIUM
Network
|
zohocorp
|
manageengine_remote_access_plus
|
An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (re…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-20474
|
2024-11-21 13:38 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221667
|
7.8 |
HIGH
Local
|
goverlan
|
client_agent
reach_console
reach_server
|
Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escal…
|
CWE-426
Untrusted Search Path
|
CVE-2019-20456
|
2024-11-21 13:38 |
2020-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221668
|
5.9 |
MEDIUM
Network
|
globalpayments
|
php_sdk
|
Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations.
|
CWE-295
Improper Certificate Validation
|
CVE-2019-20455
|
2024-11-21 13:38 |
2020-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221669
|
7.5 |
HIGH
Network
|
pcre
fedoraproject
splunk
|
pcre2
fedora
universal_forwarder
|
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrust…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-20454
|
2024-11-21 13:38 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221670
|
4.7 |
MEDIUM
Network
|
atlassian
|
jira
jira_server
jira_data_center
|
The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12,…
|
CWE-352
Origin Validation Error
|
CVE-2019-20100
|
2024-11-21 13:38 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
